Huawei Virtual Private Cloud User Manual
Virtual Private Cloud
FAQs
Issue |
30 |
Date |
2021-03-24 |
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise c fi in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every ff has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
i |
Virtual Private Cloud |
|
FAQs |
Contents |
Contents
1 General Questions................................................................................................................... |
|
|
|
1 |
|||
1.1 |
What Is a Quota?.................................................................................................................................................................... |
|
|
|
|
1 |
|
2 Billing and Payments.............................................................................................................. |
|
|
|
3 |
|||
2.1 |
Will I Be Charged for Using the VPC Service?............................................................................................................... |
|
3 |
||||
2.2 |
How Is an EIP Billed? ............................................................................................................................................................ |
|
|
|
3 |
||
2.3 |
How Do I Change the Billing Mode?................................................................................................................................ |
|
4 |
||||
2.4 |
How Do I Change the Bandwidth Billing Option from Bandwidth to |
ffic or from |
ffic to |
||||
Bandwidth?..................................................................................................................................................................................... |
|
|
|
|
|
6 |
|
3 VPC and Subnet....................................................................................................................... |
|
|
|
|
7 |
||
3.1 |
What Is Virtual Private Cloud?............................................................................................................................................ |
|
|
7 |
|||
3.2 |
Which CIDR Blocks Are Available for the VPC Service?............................................................................................. |
|
9 |
||||
3.3 |
How Many VPCs Can I Create?........................................................................................................................................... |
|
|
9 |
|||
3.4 |
Can Subnets Communicate with Each Other?.............................................................................................................. |
|
9 |
||||
3.5 |
What Subnet CIDR Blocks Are Available?....................................................................................................................... |
|
9 |
||||
3.6 |
Can I Modify the CIDR Block of a Subnet?..................................................................................................................... |
|
9 |
||||
3.7 |
How Many Subnets Can I Create?.................................................................................................................................. |
|
|
10 |
|||
3.8 |
How Can I Delete a Subnet That Is Being Used by Other Resources?............................................................... |
|
10 |
||||
3.9 |
How Do I Switch to a Private DNS Server?.................................................................................................................. |
|
10 |
||||
4 EIP............................................................................................................................................. |
|
|
|
|
|
12 |
|
4.1 |
How Do I Assign or Retrieve a |
c fic EIP?................................................................................................................ |
|
12 |
|||
4.2 |
What Are the |
ff |
nc |
Between EIP, Private IP Address, Floating IP Address, and Virtual IP Address? |
|||
............................................................................................................................................................................................................ |
|
|
|
|
|
|
12 |
4.3 |
How Do I Access the Internet Using an EIP Bound to an Extension NIC?........................................................ |
|
13 |
||||
4.4 |
What Are the |
ff |
nc |
Between the Primary and Extension NICs of ECSs?............................................... |
14 |
||
4.5 |
Can an EIP That Uses Dedicated Bandwidth Be Changed to Use Shared Bandwidth?................................ |
14 |
|||||
4.6 |
Can I Bind an EIP to Multiple ECSs?............................................................................................................................... |
|
14 |
||||
4.7 |
How Do I Access an ECS from the Internet After an EIP Is Bound to the ECS?.............................................. |
14 |
|||||
4.8 |
What Is the EIP Assignment Policy?............................................................................................................................... |
|
15 |
||||
4.9 |
Can I Bind an EIP to an ECS, to Another ECS?............................................................................................................ |
|
15 |
||||
4.10 Does an EIP Change Over Time?.................................................................................................................................. |
|
|
15 |
||||
4.11 Can I Assign a |
|
c fic EIP?............................................................................................................................................. |
|
|
16 |
||
4.12 How Do I Query the Region of My EIPs?................................................................................................................... |
|
16 |
|||||
4.13 Can a Bandwidth Be Used by Multiple Accounts?.................................................................................................. |
|
16 |
|||||
Issue 30 (2021-03-24) |
|
Copyright © Huawei Technologies Co., Ltd. |
|
ii |
|||
Virtual Private Cloud |
|
|
|
|
|
|
||||
FAQs |
|
|
|
|
|
Contents |
||||
4.14 |
How Do I Change an EIP for an Instance?................................................................................................................ |
|
|
16 |
|
|||||
4.15 |
Can I Bind an EIP to a Cloud Resource in Another Region?................................................................................ |
|
|
19 |
|
|||||
5 Bandwidth............................................................................................................................... |
|
|
|
|
|
20 |
||||
5.1 |
What Are Inbound Bandwidth and Outbound Bandwidth?................................................................................... |
|
|
20 |
|
|||||
5.2 |
How Do I Know If My Used Bandwidth Exceeds the Limit?.................................................................................. |
|
|
21 |
|
|||||
5.3 |
What Is the Bandwidth Size Range?.............................................................................................................................. |
|
|
23 |
|
|||||
5.4 |
What Bandwidth Types Are Available?.......................................................................................................................... |
|
|
23 |
|
|||||
5.5 |
What Are the |
ff |
nc |
Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated |
||||||
|
Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around?......................................................... |
|
|
23 |
||||||
5.6 |
How Do I Buy a Shared Bandwidth?.............................................................................................................................. |
|
|
23 |
||||||
5.7 |
Is There a Limit to the Number of EIPs That Can Be Added to Each Shared Bandwidth? |
.......................... |
24 |
|||||||
5.8 |
Can I Increase My Bandwidth Billed on Yearly/Monthly Basis and Then Decrease It?................................. |
|
24 |
|
||||||
5.9 |
What Is the Relationship Between Bandwidth and Upload/Download Rate?................................................. |
|
|
24 |
|
|||||
5.10 |
What Are the |
ff |
nc |
Between Static BGP and Dynamic BGP?................................................................. |
|
|
24 |
|
||
6 Connectivity............................................................................................................................ |
|
|
|
|
|
26 |
|
|||
6.1 |
Does a VPN Allow Communication Between Two VPCs?....................................................................................... |
|
|
26 |
|
|||||
6.2 |
Why Is Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When |
|||||||||
My ECS Has Multiple NICs?...................................................................................................................................................... |
|
|
|
26 |
|
|||||
6.3 |
What Are the Constraints Related to VPC Peering?.................................................................................................. |
|
|
27 |
|
|||||
6.4 |
Why Does Communication Fail Between VPCs That Are Connected by a VPC Peering Connection?.....28 |
|||||||||
6.5 |
How Many VPC Peering Connections Can I Create?................................................................................................ |
|
|
32 |
|
|||||
6.6 |
What Are the Priorities of the Custom Route and EIP If Both Are C nfig |
for an ECS to Enable the |
||||||||
ECS to Access the Internet?...................................................................................................................................................... |
|
|
|
32 |
|
|||||
6.7 |
Why Does Intermittent Interruption Occur When a Local Host Accesses a Website Built on an ECS? |
|||||||||
............................................................................................................................................................................................................ |
|
|
|
|
|
|
|
|
32 |
|
6.8 |
Why Do ECSs Using Private IP Addresses in the Same Subnet Only Support One-Way Communication? |
|||||||||
............................................................................................................................................................................................................ |
|
|
|
|
|
|
|
|
33 |
|
6.9 |
Why Does Communication Fail Between Two ECSs in the Same VPC or Packet Loss Occur When They |
|||||||||
Communicate?.............................................................................................................................................................................. |
|
|
|
|
|
34 |
|
|||
6.10 |
Why Cannot the Virtual IP Address Be Pinged After It Is Bound to an ECS NIC?........................................ |
|
37 |
|
||||||
6.11 |
Why Does My ECS Fail to Use Cloud-init?................................................................................................................. |
|
|
42 |
|
|||||
6.12 |
Why Does Internet Access Fail Even If My ECS Is Bound with an EIP?............................................................ |
|
|
46 |
|
|||||
6.13 |
How Do I Handle the IB Network Failure?................................................................................................................ |
|
|
50 |
|
|||||
6.14 |
Why Does My ECS Fail to Communicate at a Layer 2 or Layer 3 Network?................................................. |
|
|
52 |
|
|||||
6.15 |
How Do I Handle the BMS Network Failure?........................................................................................................... |
|
|
54 |
|
|||||
6.16 |
Why Does My ECS Fail to Obtain an IP Address?................................................................................................... |
|
|
55 |
|
|||||
6.17 |
How Do I Handle the VPN or Direct Connect Connection Network Failure?................................................ |
|
|
57 |
|
|||||
6.18 |
Why Does My Server Can Be Accessed from the Internet But Cannot Access the Internet?................... |
59 |
|
|||||||
6.19 |
Can I Use a VPC Peering Connection to Connect VPCs in ff n Regions?.............................................. |
|
|
61 |
|
|||||
6.20 |
Will I Be Billed for Using a VPC Peering Connection?........................................................................................... |
|
|
61 |
|
|||||
6.21 |
What Switches Can Connect to a L2CG on HUAWEI CLOUD?........................................................................... |
|
|
62 |
|
|||||
6.22 |
Why Is the Layer 2 Connection in the Not Connected State Even After Its C |
nfig |
n Is Complete? |
|||||||
............................................................................................................................................................................................................ |
|
|
|
|
|
|
|
|
62 |
|
|
|
|
|
|
|
|
|
|||
Issue 30 (2021-03-24) |
|
Copyright © Huawei Technologies Co., Ltd. |
|
|
iii |
|||||
Virtual Private Cloud |
|
|
|
|||
FAQs |
|
|
|
|
Contents |
|
6.23 Why Is Communication Between the Cloud and On-premises Servers Unavailable Even When the |
||||||
Layer 2 Connection Status Is Connected?........................................................................................................................... |
62 |
|||||
6.24 Why Can't I Access Websites Using IPv6 Addresses After IPv4/IPv6 Dual Stack Is C nfig |
............ 62 |
|||||
7 Routing.................................................................................................................................... |
|
|
|
|
64 |
|
7.1 |
How Do I C |
nfig |
Policy-Based Routing for ECSs with Multiple NICs?......................................................... |
64 |
||
7.2 |
Why Can't I Ping an ECS with Two NICs C nfig .............................................................................................. |
68 |
||||
7.3 |
Can a Route Table Span Multiple VPCs?...................................................................................................................... |
69 |
||||
7.4 |
How Many Routes Can a Route Table Contain?........................................................................................................ |
69 |
||||
7.5 |
Are There Any Restrictions on Using a Route Table?............................................................................................... |
69 |
||||
7.6 |
Will a Route Table Be Billed?............................................................................................................................................ |
70 |
||||
7.7 |
Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same |
|||||
VPC?.................................................................................................................................................................................................. |
|
|
|
|
70 |
|
7.8 |
Are There |
|
ff n |
Routing Priorities of the VPN and Custom Routes in the Same VPC?........................ |
70 |
|
8 Security.................................................................................................................................... |
|
|
|
|
71 |
|
8.1 |
Are the Security Group Rules Considered the Same If All Parameters Except Their Description Are the |
|||||
Same?............................................................................................................................................................................................... |
|
|
|
|
71 |
|
8.2 |
What Are the Requirements for Deleting a Security Group?................................................................................ |
71 |
||||
8.3 |
Why Is Outbound Access Through TCP Port 25 Restricted?.................................................................................. |
72 |
||||
8.4 |
Can I Change the Security Group of an ECS?.............................................................................................................. |
73 |
||||
8.5 |
How Many Security Groups Can I Have?...................................................................................................................... |
73 |
||||
8.6 |
Will a Security Group Be Billed?...................................................................................................................................... |
73 |
||||
8.7 |
How Do I C |
nfig |
a Security Group for Multi-Channel Protocols?................................................................. |
73 |
||
8.8 |
How Many Network ACLs Can I Create?...................................................................................................................... |
73 |
||||
8.9 |
Does a Security Group Rule or a Network ACL Rule Immediately Take ff c for Its Original |
ffic |
||||
After It Is |
fi .................................................................................................................................................................... |
|
|
74 |
||
8.10 Why Are Some Ports in the Public Cloud System Inaccessible?......................................................................... |
74 |
|||||
8.11 Why Is Access from a |
c fic IP Address Still Allowed After a Network ACL Rule That Denies the |
|||||
Access from the IP Address Has Been Added?................................................................................................................... |
75 |
|||||
8.12 What Do My Security Group Rules Not Take ff c ............................................................................................. |
75 |
|||||
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
iv |
Virtual Private Cloud |
|
FAQs |
1 General Questions |
1General Questions
1.1 What Is a Quota?
What Is a Quota?
A quota limits the quantity of a resource available to users, thereby preventing spikes in the usage of the resource. For example, a VPC quota limits the number of VPCs that can be created.
You can also request for an increase in quota if an existing quota cannot meet your service requirements.
How Do I View My Quotas?
1.Log in to the management console.
2.Click 
in the upper left corner and select the desired region and project.
3.In the upper right corner of the page, choose Resources > My Quotas. The Service Quota page is displayed.
Figure 1-1 My Quotas
4.View the used and total quota of each type of resources on the displayed page.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
1 |
Virtual Private Cloud |
|
FAQs |
1 General Questions |
|
If a quota cannot meet service requirements, apply for a higher quota. |
How Do I Apply for a Higher Quota?
1.Log in to the management console.
2.In the upper right corner of the page, choose Resources > My Quotas. The Service Quota page is displayed.
Figure 1-2 My Quotas
3.Click Increase Quota.
4. |
On the Create Service Ticket page, c nfig |
parameters as required. |
|
In Problem Description area, fi in the content and reason for adjustment. |
|
5. |
After all necessary parameters are c nfig |
select I have read and agree |
|
to the Tenant Authorization Letter and Privacy Statement and click |
|
|
Submit. |
|
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
2 |
Virtual Private Cloud |
|
FAQs |
2 Billing and Payments |
2Billing and Payments
2.1 Will I Be Charged for Using the VPC Service?
The VPC service is free of charge. However, EIP and bandwidth used together with a VPC will be billed based on standard pricing.
2.2 How Is an EIP Billed?
EIPs can be billed on a yearly/monthly or pay-per-use basis.
Table 2-1 EIP billing details
Billing |
Billed By |
EIP Retention Fee |
Bandwidth |
Public |
Mode |
|
|
Price |
Network |
|
|
|
|
ffic |
|
|
|
|
Price |
Yearly/ |
Bandwidth |
- |
Included |
Not |
Monthly |
|
|
|
included |
|
|
|
|
|
Pay-per-use |
Bandwidth |
EIP retention fee is not |
Included |
Not |
|
|
included if the EIP is |
|
included |
|
|
bound to an ECS, BMS, |
|
|
|
ffic |
Not |
Included |
|
|
or load balancer. |
|||
|
|
included |
|
|
|
|
EIP retention fee is |
|
|
|
|
|
|
|
|
|
included if the EIP is |
|
|
|
|
unbound but not |
|
|
|
|
released. |
|
|
|
|
|
|
|
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
3 |
Virtual Private Cloud |
|
FAQs |
2 Billing and Payments |
NOTE
●"Not included" indicates that the fee will not be included in the bill. "Included" indicates that the fee will be included in the bill.
●For details about the EIP pricing, see Product Pricing Details.
2.3How Do I Change the Billing Mode?
Changing the Billing Mode from Pay-per-Use to Yearly/Monthly
You can change the billing mode of pay-per-use EIPs and shared bandwidth billed by bandwidth to yearly/monthly. After the change is successful, the new billing mode will take ff c immediately.
You can change the billing mode on the EIP console. Do as follows to change the billing mode of an EIP from pay-per-use to yearly/monthly.
NOTE
The billing mode of an EIP that is billed by ffic on a pay-per-use basis cannot be directly changed to yearly/monthly. Change the EIP to be billed by bandwidth and then change its billing mode to yearly/monthly.
1.Log in to the management console.
2.Under Network, click Elastic IP.
3.On the displayed page, search for the pay-per-use EIP whose billing mode is to be changed.
4.Locate the row that contains the target EIP and click Change Billing Mode in the Operation column.
Figure 2-1 Changing the billing mode on the EIP console
5.Click Yes.
6. Set |
c fic n |
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
4 |
Virtual Private Cloud |
|
|
FAQs |
|
2 Billing and Payments |
Figure 2-2 Setting |
c fic |
n |
7.Click Submit and Pay.
You can also select multiple EIPs and click Change Billing Mode above the EIP list to change the billing mode of all selected EIPs at the same time.
Changing the Billing Mode from Yearly/Monthly to Pay-per-Use
The billing mode of yearly/monthly EIPs and shared bandwidths can be changed to pay-per-use. The new billing mode takes ff c only after the validity period of the EIPs or bandwidths expires.
The billing mode of an EIP can be changed from yearly/monthly to pay-per-use in the billing center. Do as follows to change the billing mode of an EIP from yearly/ monthly to pay-per-use:
1.Log in to the management console.
2.Choose Billing > Renewal.
Figure 2-3 Renewal
3.In the search box on the right, search for the EIP whose billing mode you want to change.
4.Locate the row that contains the target EIP and click Change to Pay-per-Use After Expiration in the Operation column.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
5 |
Virtual Private Cloud |
|
FAQs |
2 Billing and Payments |
Figure 2-4 Changing the billing mode to pay-per-use
5.In the page that is displayed, click the Change to Pay-per-Use button.
Figure 2-5 C nfi m ng the change
NOTE
The EIP remains the same after the billing mode is changed.
2.4 How Do I Change the Bandwidth Billing Option from Bandwidth to ffic or from ffic to Bandwidth?
●The billing option can be changed only when the billing mode is Pay-per-use. For details, see Modifying EIP Bandwidth.
●A yearly/monthly resource can only be billed by bandwidth.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
6 |
Virtual Private Cloud |
|
FAQs |
3 VPC and Subnet |
3VPC and Subnet
3.1 What Is Virtual Private Cloud?
The Virtual Private Cloud (VPC) service enables you to provision logically isolated, c nfig b and manageable virtual networks for cloud servers, cloud containers, and cloud databases, improving cloud service security and simplifying network deployment.
Within your own VPC, you can create security groups and VPNs, c nfig IP address ranges, specify bandwidth sizes, manage the networks in the VPC, and make changes to these networks as needed, quickly and securely. You can also fin rules for communication between ECSs in the same security group or in
ff n security groups.
Product Architecture
The product architecture consists of the VPC components, security features, and VPC connectivity options.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
7 |
Virtual Private Cloud |
|
FAQs |
3 VPC and Subnet |
Figure 3-1 Architecture
VPC Components
Each VPC consists of a private CIDR block, route tables, and at least one subnet.
●Private CIDR block: When creating a VPC, you need to specify the private CIDR block used by the VPC. The VPC service supports the following CIDR blocks: 10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, and 192.168.0.0 – 192.168.255.255
●Subnet: Cloud resources, such as ECSs and databases, must be deployed in subnets. After you create a VPC, divide the VPC into one or more subnets. Each subnet must be within the VPC. For more information, see Subnet.
●Route table: When you create a VPC, the system automatically generates a default route table. The route table ensures that all subnets in the VPC can communicate with each other. If the routes in the default route table cannot meet application requirements (for example, an ECS without an elastic IP address (EIP) bound needs to access the Internet), you can create a custom route table. For more information, see Example Custom Route in a VPC and
Example Custom Route Outside a VPC.
Security Features
Security groups and network ACLs ensure the security of cloud resources deployed in a VPC. A security group acts as a virtual fi w to provide access rules for instances that have the same security requirements and are mutually trusted in a VPC. For more information, see Security Group Overview. A network ACL can be associated with subnets that have the same access control requirements. You can add inbound and outbound rules to precisely control inbound and outbound ffic at the subnet level. For more information, see Network ACL Overview.
VPC Connectivity
HUAWEI CLOUD provides multiple VPC connectivity options to meet diverse requirements. For details, see Application Scenarios.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
8 |
Virtual Private Cloud |
|
FAQs |
3 VPC and Subnet |
●VPC Peering allows two VPCs in the same region to communicate with each other using private IP addresses.
●Elastic IP or NAT Gateway allows ECSs in a VPC to communicate with the Internet.
●Virtual Private Network (VPN), Cloud Connect, or Direct Connect can connect a VPC to your data center.
3.2Which CIDR Blocks Are Available for the VPC Service?
The VPC service supports the following CIDR blocks:
●10.0.0.0/8-24
●172.16.0.0/12-24
●192.168.0.0/16-24
3.3How Many VPCs Can I Create?
By default, you can create a maximum of fiv VPCs in your account. If the number of VPCs cannot meet your service requirements, submit a service ticket to request a quota increase.
3.4 Can Subnets Communicate with Each Other?
Subnets in the same VPC can communicate with each other while subnets in
ff n VPCs cannot communicate with each other by default. However, you can create VPC peering connections to enable subnets in ff n VPCs to communicate with each other.
NOTE
If a subnet is associated with a network ACL, c nfig |
network ACL rules to allow |
communication between subnets. |
|
3.5 What Subnet CIDR Blocks Are Available?
A subnet CIDR block must be included in its VPC CIDR block. Supported VPC CIDR blocks are 10.0.0.0/8–24, 172.16.0.0/12–24, and 192.168.0.0/16–24. The allowed block size of a subnet is between the netmask of its VPC CIDR block and the /28 netmask.
3.6 Can I Modify the CIDR Block of a Subnet?
You can modify the CIDR block of a subnet only when you are creating the subnet. After the subnet is created, you cannot modify its CIDR block.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
9 |
Virtual Private Cloud |
|
FAQs |
3 VPC and Subnet |
3.7 How Many Subnets Can I Create?
By default, you can create a maximum of 100 subnets in your cloud account. If the number of subnets cannot meet your service requirements, submit a service ticket to request a quota increase.
3.8 How Can I Delete a Subnet That Is Being Used by Other Resources?
The VPC service allows you to create private, isolated virtual networks. In a VPC, you can manage private IP address ranges, subnets, and gateways. ECSs, BMSs, databases, and some other applications can use subnets created in VPCs.
A subnet cannot be deleted if it is being used by other resources. You must delete all resources in the subnet before you can delete the subnet.
You can view all resources of your account on the console homepage and check the resources that are in the subnet you want to delete.
The resources may include:
●ECS
●CCI instance
●Load balancer
●VPN
●Private IP address
●Custom route
●NAT gateway
●VPC endpoint and VPC endpoint service
If you cannot delete a subnet even after deleting all the resources it contains, submit a service ticket.
3.9 How Do I Switch to a Private DNS Server?
ECSs use private DNS servers for domain name resolution in VPCs. ECSs in a VPC can access the Internet using public domain names and other cloud services like OBS and SMN through private DNS servers, with no need to connect to the Internet.
For VPCs created earlier before private domain names are available, a public DNS server (114.114.114.114) is c nfig To allow ECSs in these VPCs to access private domain names, you can change the public DNS server to the private DNS servers c nfig for the VPC subnets. For instructions about how to obtain a private DNS server address, see What Are the Private DNS Server Addresses
Provided by the DNS Service?
Perform the operations provided in this section to change the public DNS servers to private DNS servers.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
10 |
Virtual Private Cloud |
|
FAQs |
3 VPC and Subnet |
Checking the DNS Server Addresses of an ECS
1.Log in to the management console.
2.In the Computing category, click Elastic Cloud Server. The Elastic Cloud Server page is displayed.
3.In the ECS list, click the ECS name.
4.On the ECS details page, click the VPC name. The Virtual Private Cloud page is displayed.
5.Locate the target VPC and click the number in the Subnets column. The Subnets page is displayed.
6.Click the name of the target subnet.
In the Gateway and DNS Information area, view the DNS server addresses used by the ECS.
Changing the DNS Servers for a VPC Subnet
If the ECS uses default public DNS servers, change them to private DNS servers provided by the DNS service.
1.In the Gateway and DNS Information area, click 
next to DNS Server Address.
2.Change the DNS server addresses to private DNS server addresses.
For example, in the CN North-Beijing1 region, change the DNS server addresses of a VPC subnet to 100.125.1.250 and 100.125.21.250.
Updating the DNS Server Addresses for the ECS
New DNS server addresses will not take ff c immediately on the ECS.
The DNS server addresses needs to be updated fi There are two ways to do this:
●Restart the OS. The ECS will then obtain the new DNS server addresses from the DHCP server.
NOTICE
Restarting the OS will interrupt services on the ECS. Perform this operation during ff hours.
Alternatively, wait for the DHCP lease to expire, which takes 24 hours by default. After the lease time expires, the DHCP server allocates another IP address and updates the DNS server addresses to the ECS.
● Manually change the DNS c nfig |
n on the ECS. |
|
If DHCP is disabled on the ECS, manually update DNS c nfig |
n |
|
For example, if the ECS is running Linux, change the DNS c nfig |
n by |
|
editing the /etc/resolv.conf fi |
|
|
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
11 |
Virtual Private Cloud |
|
FAQs |
4 EIP |
4EIP
4.1 |
How Do I Assign or Retrieve a |
c fic EIP? |
|
|
If you want to retrieve an EIP that you have released or assign a c fic EIP, you |
||
|
can use APIs. When assigning an EIP, set the value of ip_address to the IP address |
||
|
that you want to assign. For details, see Elastic IP API Reference. |
||
|
NOTE |
|
|
|
● If the EIP has been assigned to another user, you will fail to assign your required EIP. |
||
|
● You cannot use the management console to assign a c fic EIP. |
||
4.2 |
What Are the ff |
nc Between EIP, Private IP |
|
Address, Floating IP Address, and Virtual IP Address?
An EIP is an IP address that can be accessed over the Internet. Each EIP can be used by only one ECS at a time.
A private IP address is used on the private network of the public cloud for private communications. It cannot be reached from the Internet.
A fl |
ng IP address is similar to an EIP. They are both public IP addresses that are |
|
used to connect to the Internet, but a fl |
ng IP address API cannot be used to |
|
c nfig |
bandwidth parameters. For details, see Floating IP Address. |
|
A virtual IP address can be shared among multiple ECSs. A virtual IP address is used for active/standby switchover of ECSs for higher availability. If the active ECS becomes faulty and cannot provide services, the virtual IP address is dynamically re-assigned to the standby ECS so services can continue uninterrupted. For details, see Virtual IP Address Overview.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
12 |
Virtual Private Cloud |
|
FAQs |
4 EIP |
4.3 How Do I Access the Internet Using an EIP Bound to an Extension NIC?
1.After an EIP is bound to an extension NIC, log in to the ECS and run the route command to query the route.
You can run route --help to learn more about the route command.
Figure 4-1 Viewing route information
2.Run the fc nfig command to view NIC information.
Figure 4-2 Viewing NIC information
3.Enable access to the Internet through the extension NIC by default.
a.Run the following command to delete the default route of the primary NIC:
route del 0.0.0.0 192.168.11.1 dev eth0
NOTE
This operation will interrupt ECS communication. It is recommended that you perform the c nfig n by following step 4.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
13 |
Virtual Private Cloud |
|
|
|
|
|
|
FAQs |
|
|
|
|
|
4 EIP |
b. |
Run the following command to c |
nfig |
the default route for the |
|||
|
extension NIC: |
|
|
|
||
|
route add default gw 192.168.17.1 |
|
|
|||
4. C |
nfig |
Internet access from the extension NIC based on your destination |
||||
address. |
|
|
|
|
|
|
Run the following command to c nfig |
access to a |
c fi CIDR block (for |
||||
example, xx.xx.0.0/16) through the extension NIC: |
|
|||||
You can c |
nfig |
the CIDR block as required. |
|
|
||
route add -net xx.xx.0.0 netmask 255.255.0.0 gw 192.168.17.1 |
||||||
4.4 What Are the |
ff nc Between the Primary and |
Extension NICs of ECSs? |
|
The ff nc |
are as follows: |
●Generally, the OS default routes preferentially use the primary NICs. If the OS
default routes use the extension NICs, network communication will be interrupted. Then, you can check the route c nfig n to rectify the network communication error.
●Primary NICs can communicate with the public service zone (zone where PaaS and DNS services are deployed). Extension NICs cannot communicate this zone.
4.5Can an EIP That Uses Dedicated Bandwidth Be Changed to Use Shared Bandwidth?
No. An EIP that uses a dedicated bandwidth cannot be changed to use a shared bandwidth.
In addition, an EIP that uses a shared bandwidth cannot be changed to use a dedicated bandwidth.
4.6 Can I Bind an EIP to Multiple ECSs?
Each EIP can be bound to only one ECS at a time.
Multiple ECSs cannot share the same EIP. An ECS and its bound EIP must be in the same region. If you want multiple ECSs in the same VPC to share an EIP, you have to use a NAT gateway. For more information, see NAT Gateway User Guide.
4.7 How Do I Access an ECS from the Internet After an EIP Is Bound to the ECS?
Each ECS is automatically added to a security group after being created to ensure its security. The security group denies access ffic from the Internet by default (except TCP ffic from port 22 through SSH to the Linux OS and TCP ffic from
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
14 |
Virtual Private Cloud |
|
FAQs |
4 EIP |
port 3389 through RDP to the Windows OS). To allow external access to ECSs in the security group, add an inbound rule to the security group.
You can set Protocol to TCP, UDP, ICMP, or All as required on the page for creating a security group rule.
●If the ECS needs to be accessible over the Internet and the IP address used to
access the ECS over the Internet has been c nfig on the ECS, or the ECS does not need to be accessible over the Internet, set Source to the IP address range containing the IP address that is allowed to access the ECS over the Internet.
●If the ECS needs to be accessible over the Internet and the IP address used to
access the ECS over the Internet has not been c nfig on the ECS, it is recommended that you retain the default setting 0.0.0.0/0 for Source, and then set Port Range to improve network security.
● Allocate ECSs that have ff n Internet access policies to ff n security groups.
NOTE
The default source IP address 0.0.0.0/0 indicates that all IP addresses can access ECSs in the security group.
4.8 What Is the EIP Assignment Policy?
By default, EIPs are assigned randomly.
In case that an EIP is released by mistake, the system will assign you the EIP that you have released in the last 24 hours preferentially.
If you want an EIP that you released 24 hours ago, see How Do I Assign or
Retrieve a c fic EIP?
If you do not want an EIP that you have released, it is recommended that you buy another EIP fi and then release the one that you do not want.
4.9 Can I Bind an EIP to an ECS, to Another ECS?
Yes.
Unbind the EIP from the current ECS. For details, see Unbinding or Releasing an EIP.
Then, bind the EIP to another ECS. For details, see Binding an EIP to Cloud Resources.
Another related operation is to change the EIP associated with an ECS. For details, see Changing an EIP.
4.10 Does an EIP Change Over Time?
EIPs will not be changed after they are assigned. Stopping and starting an ECS does not ff c its EIP.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
15 |
Virtual Private Cloud |
|
FAQs |
4 EIP |
An EIP will be released if it expires or if the EIP owner's account is in arrears.
4.11 Can I Assign a c fic EIP?
By default, EIPs are assigned randomly. If you have released EIPs before, the system preferentially assigns an EIP from what you released.
Certain APIs need to be called to assign |
c fic EIPs. For details, see Assigning an |
EIP. |
|
4.12 How Do I Query the Region of My EIPs?
You can visit https://en.ipip.net/?origin=CN to query the region of your EIPs.
● |
The region of an EIP |
n |
fi |
using a third-party website may be |
ff |
n |
||||
|
from the region that the EIP belongs to. |
|
|
|
||||||
● |
If the region |
n fi |
using another third-party website is ff |
n |
from the |
|||||
|
one |
n fi |
using https://en.ipip.net/?origin=CN, use the region |
n |
fi |
|||||
|
using https://en.ipip.net/?origin=CN. |
|
|
|
||||||
● |
If the region |
n fi |
using https://en.ipip.net/?origin=CN is |
ff |
n |
from |
||||
|
the one you selected when purchasing the EIP, use the region you had |
|
||||||||
|
selected during EIP purchase. |
|
|
|
|
|
||||
● |
If your service is adversely |
ff |
c |
because the region of your EIP cannot be |
||||||
determined, submit a service ticket.
To know more about the region of EIPs, submit a service ticket.
4.13 Can a Bandwidth Be Used by Multiple Accounts?
A bandwidth cannot be shared between ff n accounts. Each account can use and manage only its own EIP bandwidths.
4.14 How Do I Change an EIP for an Instance?
Scenario 1: Changing an EIP for an ECS
1.Unbind an EIP.
a.Log in to the management console.
b.On the console homepage, under Network, click Elastic IP.
c.On the displayed page, locate the row that contains the target EIP, and click Unbind.
d.Click Yes.
2.Assign an EIP.
a.Log in to the management console.
b.On the console homepage, under Network, click Elastic IP.
c.On the displayed page, click Buy EIP.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
16 |
Virtual Private Cloud |
|
FAQs |
4 EIP |
d.Set the parameters as prompted.
e.Click Next.
3.Bind the new EIP to the ECS.
a.On the EIPs page, locate the row that contains the target EIP, and click
Bind.
b.Select the desired ECS.
c.Click OK.
4.Release the EIP that has been replaced.
a.Release a single EIP.
i.Log in to the management console.
ii.On the console homepage, under Network, click Elastic IP.
iii.In the EIP list, locate the row that contains the target EIP, and click
Release.
iv.Click Yes.
b.Unbind multiple EIPs at a time.
i.Log in to the management console.
ii.On the console homepage, under Network, click Elastic IP.
iii.In the EIP list, select the EIPs to be unbound.
iv.Click Unbind above the EIP list.
v.Click Yes.
Scenario 2: Changing an EIP for a Load Balancer
1.Unbind an EIP.
a.Log in to the management console.
b.Click Service List. Under Network, click Elastic Load Balance.
c.In the load balancer list, locate the target load balancer and choose More
>Unbind EIP in the Operation column.
d.Click Yes.
2.Assign an EIP. For details, see 2.
3.Bind the new EIP to the load balancer.
a.Log in to the management console.
b.Click Service List. Under Network, click Elastic Load Balance.
c.In the load balancer list, locate the target load balancer and choose More
>Bind EIP in the Operation column.
d.In the Bind EIP dialog box, select the EIP to be bound and click OK.
4.Release the EIP that has been replaced. For details, see 4.
Scenario 3: Changing an EIP for a NAT Gateway
1.Assign an EIP. For details, see 2.
2.Modify an SNAT rule.
For details about how to modify an SNAT rule, see Modifying an SNAT Rule. In the EIP area, select the newly assigned EIP and deselect the original EIP
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
17 |
Virtual Private Cloud |
|
FAQs |
4 EIP |
|
(ensure that the deselected EIP belongs to the IP address range on Telefonica |
|
Open Cloud). |
|
Figure 4-3 Selecting the newly assigned EIP |
3.Modify a DNAT rule.
For details about how to modify a DNAT rule, see Modifying a DNAT Rule. In the EIP area, select the newly assigned EIP (ensure that the original EIP belongs to the IP address range on Telefonica Open Cloud).
Figure 4-4 Selecting the newly assigned EIP
4.Release the EIP that has been replaced. For details, see 4.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
18 |
Virtual Private Cloud |
|
FAQs |
4 EIP |
4.15 Can I Bind an EIP to a Cloud Resource in Another Region?
No. EIPs and their associated cloud resources must be in the same region. For example, an EIP in the CN North-Beijing1 region cannot be bound to a resource in the CN North-Beijing4 region.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
19 |
Virtual Private Cloud |
|
FAQs |
5 Bandwidth |
5Bandwidth
5.1 What Are Inbound Bandwidth and Outbound
Bandwidth?
Inbound bandwidth: refers to the bandwidth consumed when data is transferred from the Internet to HUAWEI CLOUD. For example, resources are downloaded from the Internet to ECSs in the cloud.
Outbound bandwidth: refers to the bandwidth consumed when data is transferred from HUAWEI CLOUD to the Internet. For example, the ECSs in the cloud provide services accessible from the Internet and external users download resources from the ECSs.
Figure 5-1 Inbound bandwidth and outbound bandwidth
HUAWEI CLOUD only bills for the outbound bandwidth.
NOTE
Inbound and outbound bandwidths have been adjusted as follows since July 31, 2020 00:00:00 GMT+08:00:
● |
If your purchased or m |
fi |
bandwidth is less than or equal to 10 Mbit/s, the |
|
inbound bandwidth will be 10 Mbit/s, and the outbound bandwidth will be the same |
||
|
as the purchased or m |
fi |
bandwidth. |
● |
If your purchased or m |
fi |
bandwidth is greater than 10 Mbit/s, both the inbound |
and the outbound bandwidth will be the same as the purchased or m fi bandwidth.
Issue 30 (2021-03-24) |
Copyright © Huawei Technologies Co., Ltd. |
20 |
Loading...