Huawei Virtual Private Cloud User Manual

Virtual Private Cloud

FAQs

Issue 30

Date 2021-03-24

HUAWEI TECHNOLOGIES CO., LTD.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specied in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every eort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Virtual Private Cloud FAQs Contents

1 General Questions................................................................................................................... 1

1.1 What Is a Quota?.................................................................................................................................................................... 1

2 Billing and Payments..............................................................................................................3

2.1 Will I Be Charged for Using the VPC Service?............................................................................................................... 3

2.2 How Is an EIP Billed? ............................................................................................................................................................ 3

2.3 How Do I Change the Billing Mode?................................................................................................................................ 4

2.4 How Do I Change the Bandwidth Billing Option from Bandwidth to

Bandwidth?..................................................................................................................................................................................... 6

Trac or from Trac to

3 VPC and Subnet....................................................................................................................... 7

3.1 What Is Virtual Private Cloud?............................................................................................................................................7

3.2 Which CIDR Blocks Are Available for the VPC Service?............................................................................................. 9

3.3 How Many VPCs Can I Create?...........................................................................................................................................9

3.4 Can Subnets Communicate with Each Other?.............................................................................................................. 9

3.5 What Subnet CIDR Blocks Are Available?.......................................................................................................................9

3.6 Can I Modify the CIDR Block of a Subnet?.....................................................................................................................9

3.7 How Many Subnets Can I Create?.................................................................................................................................. 10

3.8 How Can I Delete a Subnet That Is Being Used by Other Resources?...............................................................10

3.9 How Do I Switch to a Private DNS Server?..................................................................................................................10

4 EIP............................................................................................................................................. 12

4.1 How Do I Assign or Retrieve a

4.2 What Are the Dierences Between EIP, Private IP Address, Floating IP Address, and Virtual IP Address?

............................................................................................................................................................................................................ 12

4.3 How Do I Access the Internet Using an EIP Bound to an Extension NIC?........................................................ 13

4.4 What Are the

4.5 Can an EIP That Uses Dedicated Bandwidth Be Changed to Use Shared Bandwidth?................................ 14

4.6 Can I Bind an EIP to Multiple ECSs?............................................................................................................................... 14

4.7 How Do I Access an ECS from the Internet After an EIP Is Bound to the ECS?.............................................. 14

4.8 What Is the EIP Assignment Policy?............................................................................................................................... 15

4.9 Can I Bind an EIP to an ECS, to Another ECS?............................................................................................................15

4.10 Does an EIP Change Over Time?.................................................................................................................................. 15

4.11 Can I Assign a

4.12 How Do I Query the Region of My EIPs?................................................................................................................... 16

4.13 Can a Bandwidth Be Used by Multiple Accounts?.................................................................................................. 16

Dierences Between the Primary and Extension NICs of ECSs?...............................................14

Specic EIP?.............................................................................................................................................16

Specic EIP?................................................................................................................12

Virtual Private Cloud FAQs Contents

4.14 How Do I Change an EIP for an Instance?................................................................................................................ 16

4.15 Can I Bind an EIP to a Cloud Resource in Another Region?................................................................................ 19

5 Bandwidth............................................................................................................................... 20

5.1 What Are Inbound Bandwidth and Outbound Bandwidth?...................................................................................20

5.2 How Do I Know If My Used Bandwidth Exceeds the Limit?.................................................................................. 21

5.3 What Is the Bandwidth Size Range?.............................................................................................................................. 23

5.4 What Bandwidth Types Are Available?.......................................................................................................................... 23

5.5 What Are the

Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around?.........................................................23

5.6 How Do I Buy a Shared Bandwidth?..............................................................................................................................23

5.7 Is There a Limit to the Number of EIPs That Can Be Added to Each Shared Bandwidth?..........................24

5.8 Can I Increase My Bandwidth Billed on Yearly/Monthly Basis and Then Decrease It?.................................24

5.9 What Is the Relationship Between Bandwidth and Upload/Download Rate?.................................................24

5.10 What Are the Dierences Between Static BGP and Dynamic BGP?................................................................. 24

Dierences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated

6 Connectivity............................................................................................................................ 26

6.1 Does a VPN Allow Communication Between Two VPCs?.......................................................................................26

6.2 Why Is Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When

My ECS Has Multiple NICs?...................................................................................................................................................... 26

6.3 What Are the Constraints Related to VPC Peering?..................................................................................................27

6.4 Why Does Communication Fail Between VPCs That Are Connected by a VPC Peering Connection?.....28

6.5 How Many VPC Peering Connections Can I Create?................................................................................................ 32

6.6 What Are the Priorities of the Custom Route and EIP If Both Are

ECS to Access the Internet?...................................................................................................................................................... 32

6.7 Why Does Intermittent Interruption Occur When a Local Host Accesses a Website Built on an ECS?

6.8 Why Do ECSs Using Private IP Addresses in the Same Subnet Only Support One-Way Communication?

6.9 Why Does Communication Fail Between Two ECSs in the Same VPC or Packet Loss Occur When They

Communicate?.............................................................................................................................................................................. 34

6.10 Why Cannot the Virtual IP Address Be Pinged After It Is Bound to an ECS NIC?........................................37

6.11 Why Does My ECS Fail to Use Cloud-init?.................................................................................................................42

6.12 Why Does Internet Access Fail Even If My ECS Is Bound with an EIP?............................................................46

6.13 How Do I Handle the IB Network Failure?................................................................................................................50

6.14 Why Does My ECS Fail to Communicate at a Layer 2 or Layer 3 Network?.................................................52

6.15 How Do I Handle the BMS Network Failure?...........................................................................................................54

6.16 Why Does My ECS Fail to Obtain an IP Address?................................................................................................... 55

6.17 How Do I Handle the VPN or Direct Connect Connection Network Failure?................................................57

6.18 Why Does My Server Can Be Accessed from the Internet But Cannot Access the Internet?...................59

6.19 Can I Use a VPC Peering Connection to Connect VPCs in Dierent Regions?.............................................. 61

6.20 Will I Be Billed for Using a VPC Peering Connection?........................................................................................... 61

6.21 What Switches Can Connect to a L2CG on HUAWEI CLOUD?...........................................................................62

6.22 Why Is the Layer 2 Connection in the Not Connected State Even After Its Conguration Is Complete?

Congured for an ECS to Enable the

Virtual Private Cloud FAQs Contents

6.23 Why Is Communication Between the Cloud and On-premises Servers Unavailable Even When the

Layer 2 Connection Status Is Connected?........................................................................................................................... 62

6.24 Why Can't I Access Websites Using IPv6 Addresses After IPv4/IPv6 Dual Stack Is Congured?............ 62

7 Routing.................................................................................................................................... 64

7.1 How Do I

7.2 Why Can't I Ping an ECS with Two NICs Congured?.............................................................................................. 68

7.3 Can a Route Table Span Multiple VPCs?...................................................................................................................... 69

7.4 How Many Routes Can a Route Table Contain?........................................................................................................ 69

7.5 Are There Any Restrictions on Using a Route Table?............................................................................................... 69

7.6 Will a Route Table Be Billed?............................................................................................................................................ 70

7.7 Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same

VPC?.................................................................................................................................................................................................. 70

7.8 Are There Dierent Routing Priorities of the VPN and Custom Routes in the Same VPC?........................70

Congure Policy-Based Routing for ECSs with Multiple NICs?.........................................................64

8 Security.................................................................................................................................... 71

8.1 Are the Security Group Rules Considered the Same If All Parameters Except Their Description Are the

Same?............................................................................................................................................................................................... 71

8.2 What Are the Requirements for Deleting a Security Group?................................................................................ 71

8.3 Why Is Outbound Access Through TCP Port 25 Restricted?.................................................................................. 72

8.4 Can I Change the Security Group of an ECS?..............................................................................................................73

8.5 How Many Security Groups Can I Have?......................................................................................................................73

8.6 Will a Security Group Be Billed?...................................................................................................................................... 73

8.7 How Do I

8.8 How Many Network ACLs Can I Create?...................................................................................................................... 73

8.9 Does a Security Group Rule or a Network ACL Rule Immediately Take Eect for Its Original Trac

After It Is Modied?.................................................................................................................................................................... 74

8.10 Why Are Some Ports in the Public Cloud System Inaccessible?.........................................................................74

8.11 Why Is Access from a Specic IP Address Still Allowed After a Network ACL Rule That Denies the

Access from the IP Address Has Been Added?...................................................................................................................75

8.12 What Do My Security Group Rules Not Take Eect?............................................................................................. 75

Congure a Security Group for Multi-Channel Protocols?.................................................................73

Virtual Private Cloud FAQs 1 General Questions

1 General Questions

1.1 What Is a Quota?

What Is a Quota?

A quota limits the quantity of a resource available to users, thereby preventing spikes in the usage of the resource. For example, a VPC quota limits the number of VPCs that can be created.

You can also request for an increase in quota if an existing quota cannot meet your service requirements.

How Do I View My Quotas?

1. Log in to the management console.

2. Click

3. In the upper right corner of the page, choose Resources > My Quotas.

The Service Quota page is displayed.

Figure 1-1 My Quotas

in the upper left corner and select the desired region and project.

4. View the used and total quota of each type of resources on the displayed page.

Virtual Private Cloud FAQs 1 General Questions

If a quota cannot meet service requirements, apply for a higher quota.

How Do I Apply for a Higher Quota?

1. Log in to the management console.

2. In the upper right corner of the page, choose Resources > My Quotas.

The Service Quota page is displayed.

Figure 1-2 My Quotas

3. Click Increase Quota.

4. On the Create Service Ticket page, congure parameters as required.

In Problem Description area,

5. After all necessary parameters are congured, select I have read and agree

to the Tenant Authorization Letter and Privacy Statement and click Submit.

ll in the content and reason for adjustment.

Virtual Private Cloud FAQs 2 Billing and Payments

2 Billing and Payments

2.1 Will I Be Charged for Using the VPC Service?

The VPC service is free of charge. However, EIP and bandwidth used together with a VPC will be billed based on standard pricing.

2.2 How Is an EIP Billed?

EIPs can be billed on a yearly/monthly or pay-per-use basis.

Table 2-1 EIP billing details

Billing Mode

Yearly/ Monthly

Pay-per-use Bandwidth EIP retention fee is not

Billed By EIP Retention Fee Bandwidth

Bandwidth - Included Not

Trac Not

included if the EIP is bound to an ECS, BMS, or load balancer.

EIP retention fee is included if the EIP is unbound but not released.

Public

Price

Included Not

included

Network

Trac

Price

included

Included

NO TE

Virtual Private Cloud FAQs 2 Billing and Payments

● "Not included" indicates that the fee will not be included in the bill. "Included" indicates that the fee will be included in the bill.

● For details about the EIP pricing, see Product Pricing Details.

2.3 How Do I Change the Billing Mode?

Changing the Billing Mode from Pay-per-Use to Yearly/Monthly

You can change the billing mode of pay-per-use EIPs and shared bandwidth billed by bandwidth to yearly/monthly. After the change is successful, the new billing mode will take eect immediately.

You can change the billing mode on the EIP console. Do as follows to change the billing mode of an EIP from pay-per-use to yearly/monthly.

The billing mode of an EIP that is billed by trac on a pay-per-use basis cannot be directly changed to yearly/monthly. Change the EIP to be billed by bandwidth and then change its billing mode to yearly/monthly.

1. Log in to the management console.

2. Under Network, click Elastic IP.

3. On the displayed page, search for the pay-per-use EIP whose billing mode is to be changed.

4. Locate the row that contains the target EIP and click Change Billing Mode in the Operation column.

Figure 2-1 Changing the billing mode on the EIP console

5. Click Yes.

6. Set specications.

Virtual Private Cloud FAQs 2 Billing and Payments

Figure 2-2 Setting specications

7. Click Submit and Pay.

You can also select multiple EIPs and click Change Billing Mode above the EIP list to change the billing mode of all selected EIPs at the same time.

Changing the Billing Mode from Yearly/Monthly to Pay-per-Use

The billing mode of yearly/monthly EIPs and shared bandwidths can be changed to pay-per-use. The new billing mode takes the EIPs or bandwidths expires.

The billing mode of an EIP can be changed from yearly/monthly to pay-per-use in the billing center. Do as follows to change the billing mode of an EIP from yearly/ monthly to pay-per-use:

1. Log in to the management console.

2. Choose Billing > Renewal.

Figure 2-3 Renewal

eect only after the validity period of

3. In the search box on the right, search for the EIP whose billing mode you want to change.

4. Locate the row that contains the target EIP and click Change to Pay-per-Use After Expiration in the Operation column.

NO TE

Virtual Private Cloud FAQs 2 Billing and Payments

Figure 2-4 Changing the billing mode to pay-per-use

5. In the page that is displayed, click the Change to Pay-per-Use button.

Figure 2-5 Conrming the change

The EIP remains the same after the billing mode is changed.

2.4 How Do I Change the Bandwidth Billing Option from Bandwidth to Trac or from Trac to Bandwidth?

● The billing option can be changed only when the billing mode is Pay-per-use. For details, see Modifying EIP Bandwidth.

● A yearly/monthly resource can only be billed by bandwidth.

Virtual Private Cloud FAQs 3 VPC and Subnet

3 VPC and Subnet

3.1 What Is Virtual Private Cloud?

The Virtual Private Cloud (VPC) service enables you to provision logically isolated, congurable, and manageable virtual networks for cloud servers, cloud containers, and cloud databases, improving cloud service security and simplifying network deployment.

Within your own VPC, you can create security groups and VPNs, address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also

dene rules for communication between ECSs in the same security group or in dierent security groups.

Product Architecture

The product architecture consists of the VPC components, security features, and VPC connectivity options.

congure IP

Virtual Private Cloud FAQs 3 VPC and Subnet

Figure 3-1 Architecture

VPC Components

Each VPC consists of a private CIDR block, route tables, and at least one subnet.

● Private CIDR block: When creating a VPC, you need to specify the private CIDR block used by the VPC. The VPC service supports the following CIDR blocks:

10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, and 192.168.0.0 –

192.168.255.255

● Subnet: Cloud resources, such as ECSs and databases, must be deployed in subnets. After you create a VPC, divide the VPC into one or more subnets. Each subnet must be within the VPC. For more information, see Subnet.

● Route table: When you create a VPC, the system automatically generates a default route table. The route table ensures that all subnets in the VPC can communicate with each other. If the routes in the default route table cannot meet application requirements (for example, an ECS without an elastic IP address (EIP) bound needs to access the Internet), you can create a custom route table. For more information, see Example Custom Route in a VPC and

Example Custom Route Outside a VPC.

Security Features

Security groups and network ACLs ensure the security of cloud resources deployed in a VPC. A security group acts as a virtual

rewall to provide access rules for instances that have the same security requirements and are mutually trusted in a VPC. For more information, see Security Group Overview. A network ACL can be associated with subnets that have the same access control requirements. You can add inbound and outbound rules to precisely control inbound and outbound

trac

at the subnet level. For more information, see Network ACL Overview.

VPC Connectivity

HUAWEI CLOUD provides multiple VPC connectivity options to meet diverse requirements. For details, see Application Scenarios.

NO TE

Virtual Private Cloud FAQs 3 VPC and Subnet

● VPC Peering allows two VPCs in the same region to communicate with each

other using private IP addresses.

● Elastic IP or NAT Gateway allows ECSs in a VPC to communicate with the

Internet.

● Virtual Private Network (VPN), Cloud Connect, or Direct Connect can connect

a VPC to your data center.

3.2 Which CIDR Blocks Are Available for the VPC Service?

The VPC service supports the following CIDR blocks:

● 10.0.0.0/8-24

● 172.16.0.0/12-24

● 192.168.0.0/16-24

3.3 How Many VPCs Can I Create?

By default, you can create a maximum of of VPCs cannot meet your service requirements, submit a service ticket to request a quota increase.

ve VPCs in your account. If the number

3.4 Can Subnets Communicate with Each Other?

Subnets in the same VPC can communicate with each other while subnets in dierent VPCs cannot communicate with each other by default. However, you can create VPC peering connections to enable subnets in communicate with each other.

If a subnet is associated with a network ACL, congure network ACL rules to allow communication between subnets.

dierent VPCs to

3.5 What Subnet CIDR Blocks Are Available?

A subnet CIDR block must be included in its VPC CIDR block. Supported VPC CIDR blocks are 10.0.0.0/8–24, 172.16.0.0/12–24, and 192.168.0.0/16–24. The allowed block size of a subnet is between the netmask of its VPC CIDR block and the /28 netmask.

3.6 Can I Modify the CIDR Block of a Subnet?

You can modify the CIDR block of a subnet only when you are creating the subnet. After the subnet is created, you cannot modify its CIDR block.

Virtual Private Cloud FAQs 3 VPC and Subnet

3.7 How Many Subnets Can I Create?

By default, you can create a maximum of 100 subnets in your cloud account. If the number of subnets cannot meet your service requirements, submit a service

ticket to request a quota increase.

3.8 How Can I Delete a Subnet That Is Being Used by Other Resources?

The VPC service allows you to create private, isolated virtual networks. In a VPC, you can manage private IP address ranges, subnets, and gateways. ECSs, BMSs, databases, and some other applications can use subnets created in VPCs.

A subnet cannot be deleted if it is being used by other resources. You must delete all resources in the subnet before you can delete the subnet.

You can view all resources of your account on the console homepage and check the resources that are in the subnet you want to delete.

The resources may include:

● ECS

● CCI instance

● Load balancer

● VPN

● Private IP address

● Custom route

● NAT gateway

● VPC endpoint and VPC endpoint service

If you cannot delete a subnet even after deleting all the resources it contains,

submit a service ticket.

3.9 How Do I Switch to a Private DNS Server?

ECSs use private DNS servers for domain name resolution in VPCs. ECSs in a VPC can access the Internet using public domain names and other cloud services like OBS and SMN through private DNS servers, with no need to connect to the Internet.

For VPCs created earlier before private domain names are available, a public DNS server (114.114.114.114) is private domain names, you can change the public DNS server to the private DNS servers private DNS server address, see What Are the Private DNS Server Addresses

Provided by the DNS Service?

Perform the operations provided in this section to change the public DNS servers to private DNS servers.

congured for the VPC subnets. For instructions about how to obtain a

congured. To allow ECSs in these VPCs to access

NO TICE

Virtual Private Cloud FAQs 3 VPC and Subnet

Checking the DNS Server Addresses of an ECS

1. Log in to the management console.

2. In the Computing category, click Elastic Cloud Server.

The Elastic Cloud Server page is displayed.

3. In the ECS list, click the ECS name.

4. On the ECS details page, click the VPC name.

The Virtual Private Cloud page is displayed.

5. Locate the target VPC and click the number in the Subnets column.

The Subnets page is displayed.

6. Click the name of the target subnet.

In the Gateway and DNS Information area, view the DNS server addresses used by the ECS.

Changing the DNS Servers for a VPC Subnet

If the ECS uses default public DNS servers, change them to private DNS servers provided by the DNS service.

1. In the Gateway and DNS Information area, click

Address.

2. Change the DNS server addresses to private DNS server addresses.

For example, in the CN North-Beijing1 region, change the DNS server addresses of a VPC subnet to 100.125.1.250 and 100.125.21.250.

Updating the DNS Server Addresses for the ECS

New DNS server addresses will not take

The DNS server addresses needs to be updated rst. There are two ways to do this:

● Restart the OS. The ECS will then obtain the new DNS server addresses from

the DHCP server.

Restarting the OS will interrupt services on the ECS. Perform this operation during o-peak hours.

Alternatively, wait for the DHCP lease to expire, which takes 24 hours by default. After the lease time expires, the DHCP server allocates another IP address and updates the DNS server addresses to the ECS.

eect immediately on the ECS.

next to DNS Server

● Manually change the DNS congurations on the ECS.

If DHCP is disabled on the ECS, manually update DNS congurations.

For example, if the ECS is running Linux, change the DNS congurations by editing the /etc/resolv.conf

le.

NO TE

Virtual Private Cloud FAQs 4 EIP

4 EIP

4.1 How Do I Assign or Retrieve a Specic EIP?

If you want to retrieve an EIP that you have released or assign a specic EIP, you can use APIs. When assigning an EIP, set the value of ip_address to the IP address that you want to assign. For details, see Elastic IP API Reference.

● If the EIP has been assigned to another user, you will fail to assign your required EIP.

● You cannot use the management console to assign a specic EIP.

4.2 What Are the Dierences Between EIP, Private IP Address, Floating IP Address, and Virtual IP Address?

An EIP is an IP address that can be accessed over the Internet. Each EIP can be used by only one ECS at a time.

A private IP address is used on the private network of the public cloud for private communications. It cannot be reached from the Internet.

oating IP address is similar to an EIP. They are both public IP addresses that are

A used to connect to the Internet, but a oating IP address API cannot be used to congure bandwidth parameters. For details, see Floating IP Address.

A virtual IP address can be shared among multiple ECSs. A virtual IP address is used for active/standby switchover of ECSs for higher availability. If the active ECS becomes faulty and cannot provide services, the virtual IP address is dynamically re-assigned to the standby ECS so services can continue uninterrupted. For details, see Virtual IP Address Overview.

NO TE

Virtual Private Cloud FAQs 4 EIP

4.3 How Do I Access the Internet Using an EIP Bound to an Extension NIC?

1. After an EIP is bound to an extension NIC, log in to the ECS and run the route

command to query the route.

You can run route --help to learn more about the route command.

Figure 4-1 Viewing route information

2. Run the ifcong command to view NIC information.

Figure 4-2 Viewing NIC information

3. Enable access to the Internet through the extension NIC by default.

a. Run the following command to delete the default route of the primary

NIC:

route del 0.0.0.0 192.168.11.1 dev eth0

This operation will interrupt ECS communication. It is recommended that you perform the conguration by following step 4.

Virtual Private Cloud FAQs 4 EIP

b. Run the following command to congure the default route for the

extension NIC:

route add default gw 192.168.17.1

Congure Internet access from the extension NIC based on your destination address.

Run the following command to congure access to a specied CIDR block (for example,

You can

route add -net xx.xx.0.0 netmask 255.255.0.0 gw 192.168.17.1

xx.xx

.0.0/16) through the extension NIC:

congure the CIDR block as required.

4.4 What Are the Dierences Between the Primary and Extension NICs of ECSs?

The dierences are as follows:

● Generally, the OS default routes preferentially use the primary NICs. If the OS

default routes use the extension NICs, network communication will be interrupted. Then, you can check the route network communication error.

● Primary NICs can communicate with the public service zone (zone where PaaS

and DNS services are deployed). Extension NICs cannot communicate this zone.

conguration to rectify the

4.5 Can an EIP That Uses Dedicated Bandwidth Be Changed to Use Shared Bandwidth?

No. An EIP that uses a dedicated bandwidth cannot be changed to use a shared bandwidth.

In addition, an EIP that uses a shared bandwidth cannot be changed to use a dedicated bandwidth.

4.6 Can I Bind an EIP to Multiple ECSs?

Each EIP can be bound to only one ECS at a time.

Multiple ECSs cannot share the same EIP. An ECS and its bound EIP must be in the same region. If you want multiple ECSs in the same VPC to share an EIP, you have to use a NAT gateway. For more information, see NAT Gateway User Guide.

4.7 How Do I Access an ECS from the Internet After an EIP Is Bound to the ECS?

Each ECS is automatically added to a security group after being created to ensure its security. The security group denies access (except TCP trac from port 22 through SSH to the Linux OS and TCP trac from

trac from the Internet by default

NO TE

Virtual Private Cloud FAQs 4 EIP

port 3389 through RDP to the Windows OS). To allow external access to ECSs in the security group, add an inbound rule to the security group.

You can set Protocol to TCP, UDP, ICMP, or All as required on the page for creating a security group rule.

● If the ECS needs to be accessible over the Internet and the IP address used to

access the ECS over the Internet has been does not need to be accessible over the Internet, set Source to the IP address range containing the IP address that is allowed to access the ECS over the Internet.

● If the ECS needs to be accessible over the Internet and the IP address used to

access the ECS over the Internet has not been recommended that you retain the default setting 0.0.0.0/0 for Source, and then set Port Range to improve network security.

● Allocate ECSs that have dierent Internet access policies to dierent security

groups.

The default source IP address 0.0.0.0/0 indicates that all IP addresses can access ECSs in the security group.

congured on the ECS, or the ECS

congured on the ECS, it is

4.8 What Is the EIP Assignment Policy?

By default, EIPs are assigned randomly.

In case that an EIP is released by mistake, the system will assign you the EIP that you have released in the last 24 hours preferentially.

If you want an EIP that you released 24 hours ago, see How Do I Assign or

Retrieve a Specic EIP?

If you do not want an EIP that you have released, it is recommended that you buy another EIP

rst and then release the one that you do not want.

4.9 Can I Bind an EIP to an ECS, to Another ECS?

Yes.

Unbind the EIP from the current ECS. For details, see Unbinding or Releasing an

EIP.

Then, bind the EIP to another ECS. For details, see Binding an EIP to Cloud

Resources.

Another related operation is to change the EIP associated with an ECS.

For details, see Changing an EIP.

4.10 Does an EIP Change Over Time?

EIPs will not be changed after they are assigned.

Stopping and starting an ECS does not aect its EIP.

Virtual Private Cloud FAQs 4 EIP

An EIP will be released if it expires or if the EIP owner's account is in arrears.

4.11 Can I Assign a Specic EIP?

By default, EIPs are assigned randomly. If you have released EIPs before, the system preferentially assigns an EIP from what you released.

Certain APIs need to be called to assign

EIP.

specic EIPs. For details, see Assigning an

4.12 How Do I Query the Region of My EIPs?

You can visit https://en.ipip.net/?origin=CN to query the region of your EIPs.

● The region of an EIP identied using a third-party website may be dierent

from the region that the EIP belongs to.

● If the region identied using another third-party website is dierent from the

one identied using https://en.ipip.net/?origin=CN, use the region identied using https://en.ipip.net/?origin=CN.

● If the region identied using https://en.ipip.net/?origin=CN is dierent from

the one you selected when purchasing the EIP, use the region you had selected during EIP purchase.

● If your service is adversely

determined, submit a service ticket.

To know more about the region of EIPs, submit a service ticket.

aected because the region of your EIP cannot be

4.13 Can a Bandwidth Be Used by Multiple Accounts?

A bandwidth cannot be shared between dierent accounts. Each account can use and manage only its own EIP bandwidths.

4.14 How Do I Change an EIP for an Instance?

Scenario 1: Changing an EIP for an ECS

1. Unbind an EIP.

a. Log in to the management console.

b. On the console homepage, under Network, click Elastic IP.

c. On the displayed page, locate the row that contains the target EIP, and

click Unbind.

d. Click Yes.

2. Assign an EIP.

a. Log in to the management console.

b. On the console homepage, under Network, click Elastic IP.

c. On the displayed page, click Buy EIP.

Virtual Private Cloud FAQs 4 EIP

d. Set the parameters as prompted.

e. Click Next.

3. Bind the new EIP to the ECS.

a. On the EIPs page, locate the row that contains the target EIP, and click

Bind.

b. Select the desired ECS.

c. Click OK.

4. Release the EIP that has been replaced.

a. Release a single EIP.

i. Log in to the management console.

ii. On the console homepage, under Network, click Elastic IP.

iii. In the EIP list, locate the row that contains the target EIP, and click

Release.

iv. Click Yes.

b. Unbind multiple EIPs at a time.

i. Log in to the management console.

ii. On the console homepage, under Network, click Elastic IP.

iii. In the EIP list, select the EIPs to be unbound.

iv. Click Unbind above the EIP list.

v. Click Yes.

Scenario 2: Changing an EIP for a Load Balancer

1. Unbind an EIP.

a. Log in to the management console.

b. Click Service List. Under Network, click Elastic Load Balance.

c. In the load balancer list, locate the target load balancer and choose More

> Unbind EIP in the Operation column.

d. Click Yes.

2. Assign an EIP. For details, see 2.

3. Bind the new EIP to the load balancer.

a. Log in to the management console.

b. Click Service List. Under Network, click Elastic Load Balance.

c. In the load balancer list, locate the target load balancer and choose More

> Bind EIP in the Operation column.

d. In the Bind EIP dialog box, select the EIP to be bound and click OK.

4. Release the EIP that has been replaced. For details, see 4.

Scenario 3: Changing an EIP for a NAT Gateway

1. Assign an EIP. For details, see 2.

2. Modify an SNAT rule.

For details about how to modify an SNAT rule, see Modifying an SNAT Rule. In the EIP area, select the newly assigned EIP and deselect the original EIP

Virtual Private Cloud FAQs 4 EIP

(ensure that the deselected EIP belongs to the IP address range on Telefonica Open Cloud).

Figure 4-3 Selecting the newly assigned EIP

3. Modify a DNAT rule.

For details about how to modify a DNAT rule, see Modifying a DNAT Rule. In the EIP area, select the newly assigned EIP (ensure that the original EIP belongs to the IP address range on Telefonica Open Cloud).

Figure 4-4 Selecting the newly assigned EIP

4. Release the EIP that has been replaced. For details, see 4.

Virtual Private Cloud FAQs 4 EIP

4.15 Can I Bind an EIP to a Cloud Resource in Another Region?

No. EIPs and their associated cloud resources must be in the same region. For example, an EIP in the CN North-Beijing1 region cannot be bound to a resource in the CN North-Beijing4 region.

NO TE

Virtual Private Cloud FAQs 5 Bandwidth

5 Bandwidth

5.1 What Are Inbound Bandwidth and Outbound Bandwidth?

Inbound bandwidth: refers to the bandwidth consumed when data is transferred from the Internet to HUAWEI CLOUD. For example, resources are downloaded from the Internet to ECSs in the cloud.

Outbound bandwidth: refers to the bandwidth consumed when data is transferred from HUAWEI CLOUD to the Internet. For example, the ECSs in the cloud provide services accessible from the Internet and external users download resources from the ECSs.

Figure 5-1 Inbound bandwidth and outbound bandwidth

HUAWEI CLOUD only bills for the outbound bandwidth.

Inbound and outbound bandwidths have been adjusted as follows since July 31, 2020 00:00:00 GMT+08:00:

● If your purchased or inbound bandwidth will be 10 Mbit/s, and the outbound bandwidth will be the same as the purchased or modied bandwidth.

● If your purchased or modied bandwidth is greater than 10 Mbit/s, both the inbound and the outbound bandwidth will be the same as the purchased or modied bandwidth.

modied bandwidth is less than or equal to 10 Mbit/s, the

+ 57 hidden pages