VPC interconnection for the same tenant

<p>If there are multiple VPCs under the same tenant, the interconnection of ECS instances among different VPCs requires opening the security policy and configuring Express Connects among the VPCs.</p> <p>The following uses two ECSs (ECS1 and ECS2) in different VPCs (VPC1 and VPC2) under the same tenant as an example to illustrate how to configure cross-VPC interconnection for the same tenant.</p> <p><span style="font-size:18px"><strong>Create Express Connect</strong></span></p> <p>Please perform the following steps to create an Express Connect:</p> <p>1.&nbsp;&nbsp;&nbsp;&nbsp; Log on to Ping An Cloud Console and click <strong>All Products</strong> &rarr; <strong>Express Connect</strong> to enter the VPC Peer Link page.</p> <p>2.&nbsp;&nbsp;&nbsp;&nbsp; Click <strong>Add</strong> to enter the Add page.</p> <p>3.&nbsp;&nbsp;&nbsp;&nbsp; Select <strong>This Tenant</strong> as Remote Tenant, select Local VPC and Remote VPC, select Local IP Address and Remote IP Address, and then click <strong>Confirm</strong> to complete the creation.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pacloud/20191204113839-18ab89249184.png" style="height:526px; width:830px" /></p> <p>4.&nbsp;&nbsp;&nbsp;&nbsp; Log on to the ECSs to perform the ping test.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pacloud/20181202150019-10fc8af89f4e.png" /></p> <p><strong>Note:</strong> If the ping succeeds, the Express Connect is configured successfully. However, the ECS cannot be accessed at present because the port policy has not been opened.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pacloud/20181202150023-1f37751f9c58.png" /></p> <p>&nbsp;</p> <p><span style="font-size:18px"><strong>Configure Security Policy</strong></span></p> <p>After the successful configuration of the Express Connect, if mutual access is required, the security policy of the corresponding port should be opened. Here, port 22 is taken as an example to illustrate how to connect the ECS in VPC2 to the ECS in VPC1. Please perform the following steps to complete the configuration:</p> <p>1.&nbsp;&nbsp;&nbsp;&nbsp; Log on to Ping An Cloud Console and click <strong>All Products</strong> &rarr; <strong>Elastic Compute Service</strong> to enter the Overview page.</p> <p>2.&nbsp;&nbsp;&nbsp;&nbsp; Click <strong>Security Group</strong> to enter the Security Group page.</p> <p>3.&nbsp;&nbsp;&nbsp;&nbsp; Click <strong>Create</strong> and the Create Security Group window pops up.</p> <p>4.&nbsp;&nbsp;&nbsp;&nbsp; Select VPC1 and Network, and then click <strong>Confirm</strong> to complete the creation of a security group.</p> <p>5.&nbsp;&nbsp;&nbsp;&nbsp; On the Security Group page, click the name of the just created security group to enter the Security Group Information page.</p> <p>6.&nbsp;&nbsp;&nbsp;&nbsp; Click <strong>Add Instance</strong> and the Add Instance window pops up.</p> <p>7.&nbsp;&nbsp;&nbsp;&nbsp; SelectECS1 and click <strong>Confirm</strong> to add it to the security group.</p> <p>8.&nbsp;&nbsp;&nbsp;&nbsp; On the Security Group Information page, click <strong>SECURITY GROUP RULES</strong> to enter the security group rules management page.</p> <p>9.&nbsp;&nbsp;&nbsp;&nbsp; Click <strong>Create</strong> and the Create Security Group Rules window pops up.</p> <p>10.&nbsp;&nbsp; Select the Rules Direction (IN) and Protocol Type (TCP), input the Port Range (22) and Authorize IP (the IP address of VPC2), and click <strong>Confirm</strong> to complete the configuration of the ingress security group.</p> <p>11.&nbsp;&nbsp; Repeat step1-9 to create a security group, add ECS2 and create a security group rule for VPC2. On the Create Security Group Rules window, select the Rules Direction (OUT) and Protocol Type (TCP), input the Port Range (22) and Authorize IP (VPC1 IP address), and click <strong>Confirm</strong> to complete the configuration of the egress security group.</p> <p>12.&nbsp;&nbsp; When the configuration is completed, test telnet port 22. Passing the test indicates the configuration of security policy is complete.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pacloud/20181202150105-1ed11f769b86.png" /></p> <p><strong>Note: </strong>Repeat the above steps and set security group rules in the reverse way to connect the ECS in VPC1 to the ECS in VPC2.</p>

Cross-tenant VPC Interconnection

<p>Cross-tenant ECS interconnection also requires configuring Express Connects first.</p> <p>The following uses two ECSs (ECS1 and ECS2) under different tenants (Tenant 1 and Tenant 2) as an example to illustrate how to configure cross-tenant interconnection.</p> <p><span style="font-size:18px"><strong>Create Express Connect</strong></span></p> <p>Please perform the following steps to create an Express Connect:</p> <p>1.&nbsp;&nbsp;&nbsp;&nbsp; Log on to Ping An Cloud Console and click <strong>All Products</strong> &rarr; <strong>Express Connect</strong> to enter the VPC Peer Link page.</p> <p>2.&nbsp;&nbsp;&nbsp;&nbsp; Click <strong>Add</strong> to enter the Add page.</p> <p>3.&nbsp;&nbsp;&nbsp;&nbsp; Select Local VPC, select <strong>Other Tenant</strong> as Remote Tenant, input the name of the Remote Tenant, Remote VPC and Phone, click <strong>ACQUIRE AUTHORIZATION CODE</strong>, input the received Authorization Code and click VERIFY; input the Local IP Address and Remote IP Address, and click <strong>Confirm</strong> to complete the creation.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pacloud/20191204142435-1961d9999e1c.png" style="height:516px; width:830px" /></p> <p>&nbsp;</p> <p><span style="font-size:18px"><strong>Configure Security Policy</strong></span></p> <p>After the successful configuration of the Express Connect, if mutual access is required, the security policy of the corresponding port should be opened.</p> <p>The cross-tenant security policy configuration is similar to that under the same tenant. Please follow the above steps to configure the security policy. The following is a brief example illustrating how to connect the ECS under Tenant 2 to the ECS under Tenant 1:</p> <p>1.&nbsp;&nbsp;&nbsp;&nbsp; Create new security group rules in the security group created under Tenant 1. The Rules Direction is IN, and the Authorize IP is the IP address of the subnet under Tenant 2.</p> <p>2.&nbsp;&nbsp;&nbsp;&nbsp; Create corresponding security group rules in the security group created under Tenant 2. The Rules Direction is OUT, and the Authorize IP is the IP address of the subnet under Tenant 1.</p> <p>3.&nbsp;&nbsp; When the configuration is completed, test the connection to ensure normal access to port 22.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pacloud/20181202150431-1301ddea9a1e.png" /></p> <p><strong>Note: </strong>Set security group rules in the reverse way to connect the ECS under Tenant 1 to the ECS under Tenant 2.</p>
Did the above content solve your problem? Yes No
Please complete information!

Call us

400-151-8800

Email us

cloud@pingan.com

Online customer service

Instant reply

Technical Support

cloud products