Routing Traffic Within VPCs

Scenario

If you have deployed ECSs and other cloud services within VPCs, you can configure private domain names for the ECSs so that they can communicate with each other or access the cloud services over a private network.

You can create any private zones that are unique within VPCs. You do not need to register the domain names.

Prerequisites

You have created an ECS and obtained its VPC name and private IP address.

Process Flow

Figure 1 shows the process of configuring a private zone for routing traffic within VPCs.

Figure 1 Configuring a private zone for routing traffic within VPCs

To ensure that the private domain name can be resolved in the associated VPC, verify that the DNS server addresses for the VPC subnet are those provided by the DNS service. If the DNS server addresses are not those provided by the DNS service, change them.

You can also change the DNS server addresses of the VPC subnet where the domain name is used.

Creating a Private Zone

Create a private zone.
Create a private zone to allow access to your ECS using a private domain name example.com.
1. Log in to the management console.
2. In the service list, choose Network > Domain Name Service.
  The DNS console is displayed.
3. In the navigation pane on the left, choose Private Zones.
  The Private Zones page is displayed.
4. Click in the upper left corner and select the desired region and project.
5. Click Create Private Zone.
6. Set Domain Name to example.com and select the VPC where the ECS resides.
  For details about more parameters, see Creating a Private Zone.
7. Click OK.
8. Switch back to the Private Zones page.
  You can view the created private zone in the list.
  Click the domain name to view SOA and NS record sets automatically generated for the zone.
  
  The SOA record set identifies the primary authoritative server for the domain name.
  
  The NS record set defines the authoritative DNS servers for the domain name.
Add an A record set to the domain name.
To access the ECS using example.com, add an A record set.
1. On the Private Zones page, click the domain name of the private zone you created.
  The Record Sets page is displayed.
2. Click Add Record Set.
3. Configure the parameters as follows:
  - Name: Leave this parameter blank. The DNS service automatically considers example.com as the name, and requests are routed to example.com.
  - Type: Retain the default setting A – Map domains to IPv4 addresses.
  - Value: Enter the private IP address of the ECS.
  Configure other parameters by referring to Adding an A Record Set.
4. Click OK.
5. Switch back to the Record Sets tab.
  You can view the added record set in the Normal state.
Change the DNS server addresses of the VPC subnet.
To ensure that the private domain name can be resolved in the associated VPC, verify that the DNS server addresses for the VPC subnet are those provided by the DNS service. If the DNS server addresses are not those provided by the DNS service, change them.

Query the private DNS server addresses provided by the DNS service.
1. Log in to the management console.
2. In the service list, choose Network > Domain Name Service.
  The DNS console is displayed.
3. In the navigation pane on the left, choose Private Zones.
  The Private Zones page is displayed.
4. Click in the upper left corner and select the desired region and project.
5. In the private zone list, click the domain name of the zone and view the DNS server addresses.
Change the DNS server addresses.
1. Go to the private zone list.
2. Click the VPC name under Associated VPC.
  On the VPC console, change the DNS server addresses for the VPC subnet.
  
  For details, see the Virtual Private Cloud User Guide.