VPC
A Proprietary Network VPC is a logically isolated piece of network space.
VPC is a logically isolated network space.
A VPC (Virtual Private Cloud) is a logically isolated piece of network space.
- VPC network: VPC is a logical isolated network space, within the VPC, users can freely define the network segmentation, IP address. The same intranet IP can be used on different VPCs.
- Classic network: All users share a pool of network resources, i.e. hosts, physical machines, and servers share a pool of network resources, and the same intranet IP cannot be assigned to different users.
Entry: In the cloud management platform, click the top left corner of 
navigation menu, and click “Network/Infrastructure/VPC” menu item in the left menu bar that pops up to enter the VPC page.
Create VPC
This function is used to create a proprietary network VPC.
Description
On the Create VPC page, you can click the “On-premise”, “Private Cloud”, and “Public Cloud” tabs at the top to switch between creating VPCs on different platforms.
Create VPC for the On-premise
OneCloud creates Default VPC (actually Classic Network) by default after the platform creation is complete, and the VPC on the new On-premise is a VPC network. Only the servers on the OneCloud platform on the On-premise support the use of the newly created VPC network, VMware servers as well as physical machines, hosts, etc. still use the IP subnet of the classic network.
- On the VPC page, click the “All” or “On-premise” tab at the top, and click the “Create” button at the top of the list to enter the Create On-premise VPC page.
- Configure the following information.
- Specify Domain: Select the domain to which the VPC belongs.
- Name: Set the name of the VPC.
- Region: Select the region to which the VPC belongs.
- Destination segment: Set the dedicated segment of the VPC network. The IP subnets under the VPC must use the addresses under this segment, and only support using 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 segments as the VPC destination segment.
- Click the “OK” button to complete the operation.
Create Private Cloud Platform VPC
Only the OpenStack platform supports new VPCs, so make sure you have a cloud account for the corresponding platform before creating private cloud platform VPC.
- On the VPC page, click the “Private Cloud” tab at the top and click the “Create” button at the top of the list to enter the Create Private Cloud Platform VPC page.
- Configure the following information.
- Specify the domain: Select the domain to which the VPC belongs.
- Name: Set the name of the VPC.
- Region: Select the region to which the VPC belongs. The region can be used to determine the platform to which the private cloud belongs and the private cloud cloud account to which the disk is created.
- Target network segment: Set the dedicated network segment of the VPC network. The IP subnets under the VPC must use the addresses under this segment, and support using 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 and their subnets as the VPC target network segment.
- Click the “OK” button to complete the operation.
Create public cloud platform VPC
Before creating public cloud platform VPC, please ensure that you have a cloud account for the corresponding platform.
- On the VPC page, click the “Public Cloud” tab at the top and click the “Create” button at the top of the list to enter the Create Public Cloud Platform VPC page.
- Configure the following information.
- Specify the domain: Select the domain to which the VPC belongs.
- Name: Set the name of the VPC.
- Region: Select the region to which the VPC belongs. The appropriate region can be filtered by city and platform quickly.
- Target network segment: Set the dedicated network segment of the VPC network, and the IP subnets under the VPC must use the addresses under this segment. Different public clouds support different ranges of target network segments. For details, please see [Supported range of VPC and IP subnets of public cloud platform](#Supported range of vpc and ip subnets of public cloud platform).
- Allow extranet access: When the VPC enables extranet access, all IP subnets under the VPC can access the extranet by binding EIP. All public cloud platforms except AWS platform allow it by default and do not allow modification. When the AWS platform VPC does not allow extranet access, the servers created using IP subnets under VPC do not support binding EIP. When the AWS platform VPC allows extranet access, the Internet gateway and the routing table to the Internet gateway will be created synchronously in the AWS platform, and the servers created using IP subnets under VPC can access the extranet by binding EIP.
- Specify the cloud subscription: Select the cloud subscription for the specific VPC creation.
- Click the “OK” button to complete the operation.
Note
Since Google Cloud only supports global VPC functionality, a Google Cloud VPC created on the VPC page will create a fake record of the VPC in all regions of Google Cloud.
Public cloud platform VPC and IP subnet support range
| Platform | VPC Target Segment Mask Range | IP Subnet Segment Range |
|---|---|---|
| Alibaba Cloud | 10.0.0.0/8~24 172.16.0.0/12~24 192.168.0.0/16~24 |
10.0.0.0/16~29 172.16.0.0/16~29 192.168.0.0/17~29 |
| Tencent Cloud | 10.0.0.0/16~28 172.16.0.0/16~28 192.168.0.0/16~28 |
10.0.0.0/16~29 172.16.0.0/16~29 192.168.0.0/17~29 |
| Huawei Cloud | 10.0.0.0/8~24 172.16.0.0/12~24 192.168.0.0/16~24 |
10.0.0.0/9~29 172.16.0.0/13~29 192.168.0.0/17~29 |
| UCloud | 10.0.0.0/8~29 172.16.0.0/12~29 192.168.0.0/16~29 |
10.0.0.0/9~29 172.16.0.0/13~29 192.168.0.0/17~29 |
| AWS | Mask range: 16~28 Supports public private, but not recommended |
Subnet mask range: 16~28 |
| Azure | Mask range: 8~29 Private public support, but not recommended |
Subnet mask range: 8~29 |
| Subnet mask range: 8~29 |
The cloud management platform does not support public private use by default, it will judge such network segment as public IP and occupy the quota of public IP. If users have the need of public network private use, they can modify the configuration file to be compatible with the public network private use segment.
$ climc service-config-edit common
default:
api_server: https://10.127.190.254
# Add the public private segment to the configuration file
customized_private_prefixes:
- 52.0.0.0/16
- 54.0.0.0/16
enable_quota_check: true
non_default_domain_projects: true
Synchronize status
This function is used to synchronize the current state of the VPC.
synchronization status
- On the VPC page, click the “Sync Status” button on the right action bar of the VPC to synchronize the VPC status.
Batch Sync Status
- Select one or more VPCs in the VPC list, click the “Batch Action” button at the top of the list, and select the drop-down menu “Sync Status” menu item to batch sync the status.
Change Domain
This function is used to change the domain to which the VPC belongs.
Description
Conditions for changing the domain: both of them must be satisfied
- The current user is in the system backend.
- Three-level Resource Hierarchy are enabled in OneCloud .
- The shared scope of the VPC is private.
VPC Change Domain.
- On the VPC page, click the “More” button on the right action bar of the VPC, and select the drop-down menu “Change Domain” menu item to bring up the Change Domain dialog box.
- Select the domain to which the VPC belongs, click “OK” button.
Batch Change Domain
- Check one or more VPCs in the VPC list, click the “Batch Action” button at the top of the list, select the drop-down menu “Change Domain” menu item, and the Change Domain dialog box pops up.
- Select the domain to which the VPC belongs, click “OK” button.
Set up sharing
This function is used to set the sharing scope of the VPC.
There are three types of sharing scopes for domain resources.
- No sharing (private): I.e. domain resources can only be used by users in this domain.
- Domain sharing-part (Multiple Domains sharing): I.e. domain resources can be shared to the specified domain (one or more), and only users under the domain where the domain resources are located and the shared domain can use the domain resources.
- Domain Share-All (Global share): I.e. domain resources can be shared to all domains, i.e. all users in the system can use the domain resources.
Description
Conditions for setting up sharing: need to satisfy both
- The current user is in the system backend.
- Three-level Resource Hierarchy have been enabled in OneCloud
Note
- The scope of VPC sharing for private and public clouds is related to the scope of sharing of the cloud account.
- When the cloud account is not shared, resources synced down through the cloud account cannot be shared either.
- When the cloud account is enabled for sharing, the resources synced through the cloud account will also be enabled for sharing with the cloud account.
- When the cloud account is enabled for sharing, the resources synced through the cloud account can change the sharing range. Please make sure the sharing range is within the sharing range of the cloud account.
- When the cloud account modifies the sharing range, the sharing range of the resources synced through the cloud account should always remain within the sharing range of the cloud account. E.g. if the cloud account shares domain A, B, C, D, and domain resources share domain A and C, and the cloud account modifies the sharing range to domain A and B, then the domain resources can only be shared to domain A.
- When the cloud account shares cloud subscriptions, the domain resources synced down through the cloud account cannot be shared.
VPC set up sharing.
- On the VPC page, click the “More” button on the right action bar of the VPC, and select the drop-down menu “Set up sharing” menu item to bring up the Set up sharing dialog box.
- Configure the following parameters.
- When the sharing range is selected as “No Sharing”, the sharing range of domain resources is private and only users of this domain can use it.
- When Shared Range is selected as “Domain Shared”, you need to select the domain to be shared.
- When the domain is selected as one or more domains, the shared scope of the domain resource is Domain Shared-Partial, and only users in the domain where the domain resource is located and under the shared domain can use the domain resource.
- When the domain selects All, i.e. the sharing scope of the domain resource is Domain Share-All, all users in the system can use the domain resource.
- Click the “OK” button to complete the operation.
Batch Setting Sharing.
- Select one or more VPCs in the VPC list, click the**_“Batch Action”_** button at the top of the list, and select the drop-down menu **_“Set up sharing”_** menu item to bring up the Set up sharing dialog box.
- Configure the following parameters.
- When the sharing range is selected as “No Sharing”, the sharing range of domain resources is private and only users of this domain can use it.
- When Shared Range is selected as “Domain Shared”, you need to select the domain to be shared.
- When the domain is selected as one or more domains, the shared scope of the domain resource is Domain Shared-Partial, and only users in the domain where the domain resource is located and under the shared domain can use the domain resource.
- When the domain selects All, i.e. the sharing scope of the domain resource is Domain Share-All, all users in the system can use the domain resource.
- Click the “OK” button to complete the operation.
Delete VPC
This function is used to delete VPCs, and supports single or batch VPC deletion.
Description
- Deletion is not supported for Default proprietary networks of local IDCs.
- Deletion is not supported when there is an IP subnet under the VPC.
- AWS platform VPC deletion will delete routing tables, security groups, and Internet gateways under the VPC at the same time.
delete
- On the VPC page, click the “Delete” button on the right action bar of the VPC to bring up the action confirmation dialog.
- Click the “OK” button to complete the operation.
Batch Delete
- Select one or more VPCs in the VPC list and click the “Delete” button at the top of the list to bring up the operation confirmation dialog box.
- Click the “OK” button to complete the operation.
View VPC details
This function is used to view the details of VPC.
- On the VPC page, click the VPC name item to enter the VPC details page.
- The menu item at the top of the details page supports deleting operations for VPCs.
- View the VPC Cloud ID, ID, name, status, domain, project, shared range, platform, target segment, number of Layer 2 networks, number of routing tables, number of IP subnets, number of nat gateways, allow external network access, region, zone, cloud account, created at, updated at, notes, etc.
View IP subnet information
This function is used to view the IP subnet information under the VPC.
- On the VPC details page, click the “IP Subnet” tab to enter the IP subnet page.
- View the IP subnet information under the VPC network, including name, IP address, VLAN, shared or not, type, and usage (total and usage).
- The operation column on the right side supports administrative operations on IP subnets.
View routing table information
The routing table is used to control the routing direction in the network. Currently, it only supports synchronizing the routing tables of Alibaba Cloud, Huawei Cloud, and OpenStack platform.
- When a proprietary network is created on a public cloud platform, the system automatically creates a default routing table and adds system routes to it to manage the traffic on the proprietary network.
- The routing table of OpenStack is actually the routing table of the router, when users create the routing table under the router of OpenStack platform, it will be synchronized to the corresponding VPC.
- On the VPC details page, click the “Routing Table” tab to enter the Routing Table page.
- Check the routing table name, proprietary network, area, cloud account, and entry (routing table type, destination segment, next hop).
View operation log
This function is used to view the log information of VPC-related operations.
- On the VPC details page, click the Operation Log tab to enter the Operation Log page.
- Load More Logs: In the Operation Logs page, the list shows 20 operation logs by default. To view more operation logs, please click the “Load More” button to get more logs.
- View Log Details: Click the “View” button on the right column of the operation log to view the log details. Copy details are supported.
- View logs of specified time period: If you want to view the operation logs of a certain time period, set the specific date in the start date and end date at the top right of the list to query the log information of the specified time period.
- Export logs: Currently, only the logs displayed on this page are supported to be exported. Click the upper-right corner of
icon, set the export data column in the pop-up export data dialog, and click the “OK” button to export the logs.