All products

General Reference

Office Automation

Partners

Backup

Big Data

Intelligent Management

API Center

Interconnection across Network Domains

<p>By default, different network domains in the VPC are isolated and cannot access each other. You must configure a security group for interconnection between ECS instances in different network domains.</p> <p><strong>Background Information</strong></p> <p>Cloud resources in different networks of VPC are permitted in the inbound direction but blocked in the outbound direction by default. It requires to configure security group in outbound direction for cross-network interconnection.</p> <p>The following example illustrates how to connect DMZ and SF of VPC-1 by creating security groups and security group rules.</p> <p><strong>Prerequisites</strong></p> <p>Subnets are created in DMZ and SF of VPC-1.</p> <p>ECS instances are deployed in the subnets of DMZ and SF of VPC-1.</p> <p><strong>Procedure</strong></p> <p>1.&nbsp;&nbsp;Create Security Group 1 for the SF of VPC-1. For more information, see <a href="https://www.pinganyun.com/ssr/help/network/vpc/og.safety.csg" target="_blank">Create a Security Group</a>.</p> <p>2.&nbsp; Add the ECS instance in the SF to Security Group 1. For more information, see <a href="https://www.pinganyun.com/ssr/help/network/vpc/og.safety.misg.aisg" target="_blank">Bind an Instance&nbsp;to a Security Group</a>.</p> <p>3.&nbsp;&nbsp;Configure a security group rule for Security Group 1 and authorize the outbound direction access to the subnet IP address of DMZ. For more information, see <a href="https://www.pinganyun.com/ssr/help/network/vpc/og.safety.msgr.csgr" target="_blank">Create a Security Group Rule</a>. After the security group rule is created, the ECS instance of the SF can access to the DMZ.</p> <p>4.&nbsp;&nbsp;Create Security Group 2 for the DMZ of VPC-1. For more information, see <a href="http://www.pinganyun.com/ssr/help/network/vpc/og.safety.csg" target="_blank">Create a Security Group</a>.</p> <p>5.&nbsp;&nbsp;Add the ECS instance of the DMZ network to Security Group 2. For more information, see <a href="https://www.pinganyun.com/ssr/help/network/vpc/og.safety.misg.aisg" target="_blank">Bind an Instance&nbsp;to a Security Group</a>.</p> <p>6.&nbsp;&nbsp;Configure a security group rule for Security Group 2 and authorize the OUT direction access to the subnet IP address of the SF. For more information, see <a href="http://www.pinganyun.com/ssr/help/network/vpc/og.safety.msgr.csgr" target="_blank">Create a Security Group Rule</a>. After the security group rule is created, the ECS instance of the DMZ can access to the SF network.</p>
Did the above content solve your problem? Yes No
Please complete information!
Ok Cancel

Call us

400-151-8800

Email us

cloud@pingan.com

Online customer service

Instant reply

Consult Now

Technical Support

cloud products

Submitted technical jobs