Enabling ICMP Security Group Rules
Scenario
If a workload uses UDP for both load balancing and health check, enable ICMP security group rules for the backend servers. For details, see How Does ELB Perform UDP Health Checks? What Are the Precautions for UDP Health Checks?
Procedure
- Log in to the CCE console, choose Service List > Networking > Virtual Private Cloud, and choose Access Control > Security Groups in the navigation pane.
- In the security group list, locate the security group of the cluster. Click the Inbound Rules tab page and then Add Rule. In the Add Inbound Rule dialog box, configure inbound parameters.
Cluster Type
ELB Type
Security Group
Protocol & Port
Allowed Source CIDR Block
CCE Standard
Shared
Node security group, which is named in the format of "{Cluster name}-cce-node-{Random ID}".
If a custom node security group is bound to the cluster, select the target security group.
All ICMP ports
100.125.0.0/16 for the shared load balancer
Dedicated
Node security group, which is named in the format of "{Cluster name}-cce-node-{Random ID}".
If a custom node security group is bound to the cluster, select the target security group.
All ICMP ports
Backend subnet of the load balancer
CCE Turbo
Shared
Node security group, which is named in the format of "{Cluster name}-cce-node-{Random ID}".
If a custom node security group is bound to the cluster, select the target security group.
All ICMP ports
100.125.0.0/16 for the shared load balancer
Dedicated
ENI security group, which is named in the format of "{Cluster name}-cce-eni-{Random ID}".
If a custom ENI security group is bound to the cluster, select the target security group.
All ICMP ports
Backend subnet of the load balancer
Figure 1 Adding a security group rule
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot