El contenido no se encuentra disponible en el idioma seleccionado. Estamos trabajando continuamente para agregar más idiomas. Gracias por su apoyo.

Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
Software Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
Help Center/ Virtual Private Cloud/ Getting Started/ Setting Up an IPv4 Network in a VPC

Setting Up an IPv4 Network in a VPC

Updated on 2025-01-08 GMT+08:00

This topic describes how to create a VPC and an ECS to set up an IPv4 private network on the cloud and bind an EIP to the ECS to allow the ECS to access the Internet.

Figure 1 shows the architecture of an IPv4 network. In this network, security group Sg-A protects ECS ECS-A01 in it. You can configure security group rules to control access to and from ECS-A01.
Figure 1 The architecture of an IPv4 network
  1. To allow users to remotely log in to ECS-A01 from the local PC (IP address: 10.1.0.7) and perform operations on this ECS, you need to configure the following inbound rules:
    • Rule A01: allows the local PC to ping ECS-A01 in VPC-A over all ICMP ports to test network connectivity.
    • Rules A02: allow the local PC to remotely log in to ECS-A01 over TCP port 22 if the ECS runs Linux.
    • Rules A03: allow the local PC to remotely log in to ECS-A01 over TCP port 3389 if the ECS runs Windows.
    • Rule A04: allows ECSs in Sg-A to communicate with each other.
  2. To allow ECS-A01 to access the Internet, you need to EIP EIP-A to it and add outbound rule A05.

Precautions

The network planning in this topic is only for your reference. Once a VPC and subnet are created, the CIDR blocks cannot be changed. Before creating VPCs, determine how many VPCs, the number of subnets, and what CIDR blocks or connectivity options you will need.

For details, see VPC and Subnet Planning Suggestions.

Procedure

Procedure

What to Do

Preparations

Before using cloud services, sign up for a HUAWEI ID, enable Huawei Cloud services, complete real-name authentication, and top up your account.

Step 1: Create a VPC and Subnet

Create a VPC, specify an IPv4 CIDR block (for example, 192.168.0.0/16), and create a subnet with the CIDR block of 192.168.0.0/24 in the VPC.

Step 2: Buy an ECS

Buy an ECS in the subnet you have created and configure security group rules for the ECS.

Step 3: Buy an EIP and Bind It to ECS-A01

Buy an EIP and bind it to the ECS so that the ECS can access the Internet.

Step 4: Test Network Connectivity

To test ECS connectivity, you can:

  1. Log in to the ECS from the local PC.
  2. Access the Internet from the ECS using an EIP.

Preparations

Before creating resources such as VPCs and ECSs, you need to sign up for a HUAWEI ID, enable Huawei Cloud services, complete real-name authentication, and top up your account. Ensure that your account has sufficient balance.

  1. You have created a HUAWEI ID, enabled Huawei Cloud services, and completed real-name authentication.
    If you already have a HUAWEI ID, skip this part. If you do not have a HUAWEI ID, perform the following operations to create one:
    1. Sign up for a HUAWEI ID and enable Huawei Cloud services.
    2. Complete real-name authentication.
  2. You need to ensure that your account has sufficient balance. If it does not, top up your account.

Step 1: Create a VPC and Subnet

  1. Go to the Create VPC page.
  2. On the Create VPC page, set parameters as needed.

    In this example, you need to create a VPC and a subnet.

    Figure 2 Creating a VPC
    Figure 3 Setting a subnet
    Table 1 VPC parameters

    Parameter

    Example Value

    Description

    Region

    CN-Hong Kong

    The region where the VPC is created. Select the region nearest to you to ensure the lowest possible latency. The VPC, ECS, and EIP used in this example must be in the same region.

    The region cannot be changed after the VPC is created.

    Name

    VPC-A

    The VPC name. Set it to VPC-A.

    The name can be modified after VPC-A is created.

    IPv4 CIDR Block

    192.168.0.0/16

    The IPv4 CIDR block of VPC-A. You are advised to select from the following CIDR blocks:
    • 10.0.0.0/8-24: The IP address ranges from 10.0.0.0 to 10.255.255.255, and the netmask ranges from 8 to 24.
    • 172.16.0.0/12-24: The IP address ranges from 172.16.0.0 to 172.31.255.255, and the netmask ranges from 12 to 24.
    • 192.168.0.0/16-24: The IP address ranges from 192.168.0.0 to 192.168.255.255, and the netmask ranges from 16 to 24.

    The IPv4 CIDR block cannot be changed after VPC-A is created.

    Enterprise Project

    default

    The enterprise project by which VPCs are centrally managed. Select an existing enterprise project for VPC-A.

    The enterprise project cannot be changed after VPC-A is created.

    Advanced Settings (Optional) > Tag

    Not required

    The tag that is used to classify and identify resources. Add tags to VPC-A as required.

    After VPC-A is created, you can edit tags added to VPC-A.

    Advanced Settings (Optional) > Description

    Not required

    Supplementary information about VPC-A. Enter a description as required.

    The description can be modified after VPC-A is created.

    Table 2 Subnet parameters

    Parameter

    Example Value

    Description

    AZ

    AZ4

    A geographic location with independent power supply and network facilities in a region. Each region contains multiple AZs. AZs are physically isolated but connected through an internal network. Subnets of a VPC can be located in different AZs without affecting communications. You can select any AZ in a region.

    If Edge is displayed, select an edge AZ based on your service requirements. If Edge is not displayed, you do not need to set the subnet AZ, which does not affect your service running.

    An ECS and its VPC can be in different AZs. For example, you can select AZ1 for the ECS and AZ3 for its VPC subnet.

    The AZ cannot be changed after Subnet-A01 is created.

    You can select an AZ for a subnet only in certain regions. See the available regions on the management console.

    Subnet Name

    Subnet-A01

    The subnet name. Set it to Subnet-A01.

    The name can be modified after Subnet-A01 is created.

    IPv4 CIDR Block

    192.168.0.0/24

    The IPv4 CIDR block of Subnet-A01, which is a unique CIDR block with a range of IP addresses in VPC-A.

    The CIDR block cannot be changed after Subnet-A01 is created.

    IPv6 CIDR Block (Optional)

    Disabled

    Whether to assign IPv6 addresses.

    You can enable or disable this option after Subnet-A01 is created.

    Associated Route Table

    Default

    The default route table that Subnet-A01 is associated with. Each VPC comes with a default route table. Subnets in the VPC are then automatically associated with the default route table.

    The default route table has a preset system route that allows subnets in a VPC to communicate with each other.

    After Subnet-A01 is created, you can create a custom route table and associate Subnet-A01 with it.

    Advanced Settings (Optional) > Gateway

    192.168.0.1

    The gateway address of Subnet-A01. You are advised to retain the default address.

    The gateway address cannot be changed after Subnet-A01 is created.

    Advanced Settings (Optional)
    • DNS Server Address
    • Domain Name
    • NTP Server Address
    • IPv4 DHCP Lease Time

    Not required

    The parameters are configured for the ECS-A01 in VPC-A. In this example, retain the default values or leave them blank.

    You can change the values after Subnet-A01 is created.

    Advanced Settings (Optional) > Tag

    Not required

    The tag that is used to classify and identify resources. Add tags to Subnet-A01 as required.

    After Subnet-A01 is created, you can edit the tags added to Subnet-A01.

    Advanced Settings (Optional) > Description

    Not required

    Supplementary information about Subnet-A01. Enter a description as required.

    The description can be modified after Subnet-A01 is created.

  3. Click Create Now.

    You will be redirected to the VPC list, where you can find VPC-A you have created.

Step 2: Buy an ECS

  1. Go to the Buy ECS page.
  2. On the Buy ECS page, set parameters as required.
    In this example, set the ECS name to ECS-A01 and configure other parameters as follows:
    • Network: Select VPC-A and Subnet-A01 you have created.
      Figure 4 Network settings
    • Security Group: Create security group Sg-A and add inbound and outbound rules to it. Each security group comes with system rules. You need to check and modify the rules as required to ensure that all rules in Table 3 are added.
      Figure 5 Inbound rules of Sg-A
      Figure 6 The outbound rule of Sg-A
      Table 3 Sg-A rules

      Direction

      Action

      Type

      Protocol & Port

      Source/Destination

      Description

      Inbound

      Allow

      IPv4

      TCP: 22

      Source: 10.1.0.7/32

      Allows the local PC (10.1.0.7/32) to remotely log in to Linux ECS-A01 over SSH port 22.

      Inbound

      Allow

      IPv4

      TCP: 3389

      Source: 10.1.0.7/32

      Allows the local PC (10.1.0.7/32) to remotely log in to Windows ECS-A01 over RDP port 3389.

      Inbound

      Allow

      IPv4

      ICMP: All

      Source: 0.0.0.0/0

      Allows ping traffic to ECS-A01 in VPC-A over all ICMP ports to test network connectivity.

      Inbound

      Allow

      IPv4

      All

      Source: current security group (Sg-A)

      Allows the ECSs in Sg-A to communicate with each other.

      Outbound

      Allow

      IPv4

      All

      Destination: 0.0.0.0/0

      Allows ECS-A01 in Sg-A to access the Internet.

    • EIP: Select Not required.
      Figure 7 Selecting Not required

    Configure other ECS parameters s as required. For details, see Purchasing a Custom ECS.

  3. Click Create.

    Return to the ECS list to view ECS-A01 you have bought.

Step 3: Buy an EIP and Bind It to ECS-A01

  1. Go to the Buy EIP page.
  2. On the Buy EIP page, set the EIP name to EIP-A.

    You can configure other EIP parameters as required. For details, see Buying an EIP.

  3. Click Next.

    Return to the EIP list to view EIP-A you have assigned.

  4. In the EIP list, locate EIP-A and click Bind in the Operation column.

    The Bind EIP dialog box is displayed.

  5. In the displayed dialog box, select ECS-A01 and click OK.

    Return to the EIP list. You can see that ECS-A01 is displayed in the Associated Instance column in the EIP list.

Step 4: Test Network Connectivity

  1. Use the local PC to remotely log in to ECS-A01.

    Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.

  2. Run the following command to test the network connectivity between ECS-A01 and Internet:

    ping IPv4 EIP or Domain name

    Example command:

    ping support.huaweicloud.com

    If information similar to the following is displayed, ECS-A01 can communicate with the Internet.
    [root@ecs-a01 ~]# ping support.huaweicloud.com
    PING hcdnw.cbg-notzj.c.cdnhwc2.com (203.193.226.103) 56(84) bytes of data.
    64 bytes from 203.193.226.103 (203.193.226.103): icmp_seq=1 ttl=51 time=2.17 ms
    64 bytes from 203.193.226.103 (203.193.226.103): icmp_seq=2 ttl=51 time=2.13 ms
    64 bytes from 203.193.226.103 (203.193.226.103): icmp_seq=3 ttl=51 time=2.10 ms
    64 bytes from 203.193.226.103 (203.193.226.103): icmp_seq=4 ttl=51 time=2.09 ms
    ...
    --- hcdnw.cbg-notzj.c.cdnhwc2.com ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3004ms
    rtt min/avg/max/mdev = 2.092/2.119/2.165/0.063 ms
    

Utilizamos cookies para mejorar nuestro sitio y tu experiencia. Al continuar navegando en nuestro sitio, tú aceptas nuestra política de cookies. Descubre más

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback