user guide - huawei cloud · 2021. 1. 27. · virtual private network user guide issue 01 date...
TRANSCRIPT
-
Virtual Private Network
User Guide
Issue 01
Date 2021-02-28
HUAWEI TECHNOLOGIES CO., LTD.
-
Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. i
-
Contents
1 Viewing a VPN......................................................................................................................... 1
2 Modifying a VPN......................................................................................................................2
3 Deleting a VPN.........................................................................................................................3
4 Managing VPN Connections................................................................................................. 44.1 Viewing a VPN Connection.................................................................................................................................................. 44.2 Modifying a VPN Connection.............................................................................................................................................. 44.3 Deleting a VPN Connection................................................................................................................................................. 5
5 Managing VPN Gateways...................................................................................................... 65.1 Viewing a VPN Gateway....................................................................................................................................................... 65.2 Modifying a VPN Gateway...................................................................................................................................................65.3 Deleting a Pay-per-Use VPN Gateway............................................................................................................................. 7
6 Monitoring................................................................................................................................ 86.1 Monitoring VPN....................................................................................................................................................................... 86.2 Monitoring Metrics................................................................................................................................................................. 86.3 Creating Alarm Rules........................................................................................................................................................... 116.4 Viewing Metrics..................................................................................................................................................................... 12
7 Permissions Management................................................................................................... 137.1 Creating a User and Granting VPN Permissions........................................................................................................ 13
8 Quotas......................................................................................................................................15
A Change History...................................................................................................................... 17
Virtual Private NetworkUser Guide Contents
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. ii
-
1 Viewing a VPNScenarios
This section applies to regions where the old VPN edition is available.
You can view details about an existing VPN.
Procedure1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. On the displayed Virtual Private Network page, view the target VPN. Table
1-1 describes the VPN status.
Table 1-1 VPN status
Status Description
Normal Indicates that the VPN is successfully created andcommunication with the local data center through theVPN is normal.
Not connected Indicates that the VPN is successfully created but hasnot been used for communication with the local datacenter.
Creating Indicates that the VPN is being created.
Updating Indicates that VPN information is being updated.
Deleting Indicates that the VPN is being deleted.
Abnormal Indicates that the VPN is abnormal.
Frozen Indicates that the VPN is frozen.
Virtual Private NetworkUser Guide 1 Viewing a VPN
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 1
-
2 Modifying a VPNScenarios
This section applies to regions where the old VPN edition is available.
If you need to adjust your VPN network configurations, you can modify a VPN.
Procedure1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. On the Virtual Private Network page, locate the target VPN and click
Modify.5. In the displayed dialog box, set parameters as prompted.6. Click OK.
Virtual Private NetworkUser Guide 2 Modifying a VPN
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 2
-
3 Deleting a VPNScenarios
This section applies to regions where the old VPN edition is available.
You can delete a VPN if the VPN is no longer required.
Procedure1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. On the Virtual Private Network page, locate the target VPN and click
Delete.5. Click Yes in the displayed dialog box.
Virtual Private NetworkUser Guide 3 Deleting a VPN
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 3
-
4 Managing VPN Connections4.1 Viewing a VPN Connection
ScenariosAfter creating a VPN connection, you can view details about your VPN connection.
Procedure1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.
4. In the navigation pane on the left, choose Virtual Private Network > VPNConnections.
5. View all of your VPN connections on the VPN Connections page.6. Locate the row that contains the target VPN connection, click View Policy in
the Operation column to view IKE and IPsec policy details about the VPNconnection.
4.2 Modifying a VPN Connection
ScenariosA VPN connection is an encrypted communications channel established betweenthe VPN gateway in your VPC and that in an on-premises data center. You canmodify a VPN connection when required.
Procedure1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.
Virtual Private NetworkUser Guide 4 Managing VPN Connections
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 4
-
3. On the console homepage, under Network, click Virtual Private Network.4. In the navigation pane on the left, choose Virtual Private Network > VPN
Connections.5. On the VPN Connections page, locate the row that contains the target VPN
connection and click Modify in the Operation column.6. In the displayed dialog box, set parameters as prompted.7. Click OK.
4.3 Deleting a VPN Connection
ScenariosYou can delete a VPN connection to release network resources if it is no longerrequired.
Deleting the last VPN connection for a pay-per-use VPN gateway will also deletethe VPN gateway.
Procedure1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. In the navigation pane on the left, choose Virtual Private Network > VPN
Connections.5. On the VPN Connections page, locate the row that contains the target VPN
connection and click Delete in the Operation column.6. Click Yes in the displayed dialog box.
Virtual Private NetworkUser Guide 4 Managing VPN Connections
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 5
-
5 Managing VPN Gateways5.1 Viewing a VPN Gateway
ScenariosAfter creating a VPN gateway, you can view information about your VPN gateway.
Procedure1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. In the navigation pane on the left, choose Virtual Private Network > VPN
Gateways.5. View information about your VPN gateway on the VPN Gateways page.
5.2 Modifying a VPN Gateway
Modifying the Basic Information of a VPN GatewayScenario
Modify the name and description of a VPN gateway as required.
Procedure
1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. In the navigation pane on the left, choose Virtual Private Network > VPN
Gateways.5. On the VPN Gateways page, locate the row that contains the target VPN
gateway, and choose More > Modify Basic Information.
Virtual Private NetworkUser Guide 5 Managing VPN Gateways
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 6
-
6. Modify the VPN gateway name or description as required.7. Click OK.
Modifying VPN Gateway BandwidthScenario
When the bandwidth of a VPN gateway does not meet your service requirements,you can modify the VPN gateway bandwidth.
Procedure
1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. In the navigation pane on the left, choose Virtual Private Network > VPN
Gateways.5. On the VPN Gateways page, locate the row that contains the target VPN
gateway and click Modify Bandwidth in the Operation column.6. Modify the bandwidth as required.7. Click Submit.
5.3 Deleting a Pay-per-Use VPN Gateway
ScenariosYou can delete a VPN gateway to release network resources if it is no longerrequired.
A VPN gateway cannot be deleted if it is being used by VPN connections. Youmust first delete the VPN connections before deleting the VPN gateway.
NO TE
● If you create a pay-per-use VPN gateway, a VPN connection will be created togetherwith the gateway. If you delete all the VPN connections created for a pay-per-use VPNgateway, the VPN gateway will be automatically deleted. For details, see Deleting aVPN Connection.
Procedure1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. In the navigation pane on the left, choose Virtual Private Network > VPN
Gateways.5. On the VPN Gateways page, locate the row that contains the target VPN
gateway and click Delete in the Operation column.6. Click Yes in the displayed dialog box.
Virtual Private NetworkUser Guide 5 Managing VPN Gateways
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 7
-
6 Monitoring6.1 Monitoring VPN
Cloud Eye lets you keep a close eye on the performance and resource utilization ofVPNs, ensuring VPN reliability and availability. You can use Cloud Eye toautomatically monitor VPNs in real time and manage alarms and notifications, sothat you can keep track of VPN performance metrics.
This following sections are:
● Monitoring Metrics● Creating Alarm Rules● Viewing Metrics
6.2 Monitoring Metrics
DescriptionThis section describes monitored metrics reported by VPN to Cloud Eye as well astheir namespaces and dimensions. You can use the Cloud Eye managementconsole to query the metrics of the monitored objects and alarms generated forVPN.
NamespaceSYS.VPN
Virtual Private NetworkUser Guide 6 Monitoring
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 8
-
Monitoring Metrics
Table 6-1 Monitoring on VPN connection status
Parameter
Metric Description ValueRange
Monitored Object
Monitoring Period(RawData)
connection_status
VPNConnectionStatus
VPN connection tunnelstatus0: indicates the notconnected status.1: indicates theconnected status.
0 or 1 VPNconnection
5 minutes
Table 6-2 EIP and Bandwidth metrics
Parameter Metric Description ValueRange
MonitoredObject
up_bandwidth
OutboundBandwidth(Deprecated)
Network rate ofoutbound traffic(Previously called"UpstreamBandwidth")This metric isavailable in regionsCN North-Beijing1,CN East-Shanghai2,and CN South-Guangzhou.
≥ 0bytes/s
Bandwidth orEIP
down_bandwidth
InboundBandwidth(Deprecated)
Network rate ofinbound traffic(Previously called"DownstreamBandwidth")This metric isavailable in regionsCN North-Beijing1,CN East-Shanghai2,and CN South-Guangzhou.
≥ 0bytes/s
Bandwidth orEIP
Virtual Private NetworkUser Guide 6 Monitoring
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 9
-
Parameter Metric Description ValueRange
MonitoredObject
up_bandwidth
OutboundBandwidth
Network rate ofoutbound traffic(Previously called"UpstreamBandwidth")This metric isavailable in regionsAP-Hong Kong andAP-Bangkok.
≥ 0bytes/s
Bandwidth orEIP
down_bandwidth
InboundBandwidth
Network rate ofinbound traffic(Previously called"DownstreamBandwidth")This metric isavailable in regionsAP-Hong Kong andAP-Bangkok.
≥ 0bytes/s
Bandwidth orEIP
upstream_bandwidth
OutboundBandwidth
Network rate ofoutbound traffic(Previously called"UpstreamBandwidth")This metric isavailable in regionsCN North-Beijing1,CN East-Shanghai2,and CN South-Guangzhou.
≥ 0 bits/s Bandwidth orEIP
downstream_bandwidth
InboundBandwidth
Network rate ofinbound traffic(Previously called"DownstreamBandwidth")This metric isavailable in regionsCN North-Beijing1,CN East-Shanghai2,and CN South-Guangzhou.
≥ 0 bits/s Bandwidth orEIP
upstream_bandwidth_usage
OutboundBandwidthUsage
Usage rate ofoutbound bandwidthin the unit of percent.
0-100% Bandwidth orEIP
Virtual Private NetworkUser Guide 6 Monitoring
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 10
-
Parameter Metric Description ValueRange
MonitoredObject
up_stream OutboundTraffic
Network traffic goingout of the cloudplatform (Previouslycalled "UpstreamTraffic")
≥ 0 bytes Bandwidth orEIP
down_stream InboundTraffic
Network traffic goinginto the cloudplatform (Previouslycalled "DownstreamTraffic")
≥ 0 bytes Bandwidth orEIP
Dimensions
key Value
connection_id VPN connection
6.3 Creating Alarm Rules
Scenarios
You can configure alarm rules to customize the monitored objects and notificationpolicies and to learn VPN status at any time.
Procedure1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.
3. On the console homepage, under Management & Deployment, click CloudEye.
4. In the left navigation pane, choose Alarm Management > Alarm Rules.
5. On the Alarm Rules page, click Create Alarm Rule and set requiredparameters to create an alarm rule, or modify an existing alarm rule.
6. After the parameters are set, click Create.
After the alarm rule is set, the system automatically notifies you when analarm is triggered.
NO TE
For more information about alarm rules of VPN, see the Cloud Eye User Guide.
Virtual Private NetworkUser Guide 6 Monitoring
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 11
https://support.huaweicloud.com/intl/en-us/ces/index.html
-
6.4 Viewing Metrics
ScenariosView the VPN connection status and the usage of bandwidth and EIP.
ProcedureViewing VPN connection status
1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Management & Deployment, click Cloud
Eye.4. Click Cloud Service Monitoring on the left navigation pane and then Virtual
Private Network.5. Click View Metric in the Operation column to view the VPN connection
status.You can view data during the last one, three, or twelve hours.
NO TE
You can also log in to the management console, under Network, click Virtual PrivateNetwork, and then click VPN Connections. Locate the row that contains the targetVPN connection and choose More > View Metric in the Operation column to viewthe VPN connection status.
Viewing bandwidth or EIP usage
1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. Click VPN Gateways on the left navigation pane.5. Locate the row that contains the target VPN gateway and click View Metric
in the Operation column to check the bandwidth or EIP monitoringinformation.You can view data during the last one, three, or twelve hours.
Virtual Private NetworkUser Guide 6 Monitoring
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 12
-
7 Permissions Management7.1 Creating a User and Granting VPN Permissions
This topic describes how to use IAM to implement fine-grained permissionscontrol for your VPN resources. With IAM, you can:
● Create IAM users for employees based on your enterprise's organizationalstructure. Each IAM user will have their own security credentials for accessingVPN resources.
● Grant only the permissions required for users to perform a specific task.● Entrust a HUAWEI CLOUD account or cloud service to perform efficient O&M
on your VPN resources.
If your HUAWEI CLOUD account does not need individual IAM users, skip thistopic.
This section describes the procedure for granting permissions (see Figure 7-1).
PrerequisitesLearn about the permissions (see Permissions Management) supported by VPNand choose policies or roles based on your requirements. For the permissions ofother services, see System Permissions.
Virtual Private NetworkUser Guide 7 Permissions Management
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 13
https://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_01_0001.htmlhttps://support.huaweicloud.com/intl/en-us/productdesc-vpn/vpn_01_0011.htmlhttps://support.huaweicloud.com/intl/en-us/usermanual-permissions/iam_01_0001.html
-
Process Flow
Figure 7-1 Process for granting VPN permissions
1. Create a user group and assign permissions to it.Create a user group on the IAM console and attach the VPN Administratorpolicy to the group.
2. Create an IAM user.Create a user on the IAM console and add the user to the group created in 1.
3. Log in and verify permissions.Log in to the management console as the created user. Switch to theauthorized region and verify the permissions.– Choose Service List > Network > Virtual Private Network. Then click
Buy VPN Gateway in the upper right corner. If the VPN gateway issuccessfully created, the VPN Administrator policy has already takeneffect.
– Choose any other service in Service List. If a message appears indicatingthat you have insufficient permissions to access the service, the VPNAdministrator policy has already taken effect.
Virtual Private NetworkUser Guide 7 Permissions Management
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 14
https://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_03_0001.htmlhttps://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_02_0001.htmlhttps://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_01_0552.html
-
8 QuotasWhat Is Quota?
Quotas are enforced for service resources on the platform to prevent unforeseenspikes in resource usage. Quotas can limit the number or amount of resourcesavailable to users, such as the maximum number of ECSs or EVS disks that can becreated.
If the existing resource quota cannot meet your service requirements, you canapply for a higher quota.
How Do I View My Quotas?1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.
3. In the upper right corner of the page, choose Resources > My Quotas.
The Service Quota page is displayed.
Figure 8-1 My Quotas
4. View the used and total quota of each type of resources on the displayedpage.
If a quota cannot meet service requirements, apply for a higher quota.
Virtual Private NetworkUser Guide 8 Quotas
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 15
-
How Do I Apply for a Higher Quota?1. Log in to the management console.2. In the upper right corner of the page, choose Resources > My Quotas.
The Service Quota page is displayed.
Figure 8-2 My Quotas
3. Click Increase Quota.4. On the Create Service Ticket page, configure parameters as required.
In the Problem Description area, enter the required quota and reason for theadjustment.
5. After all necessary parameters are configured, select I have read and agreeto the Tenant Authorization Letter and Privacy Statement and clickSubmit.
Virtual Private NetworkUser Guide 8 Quotas
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 16
-
A Change HistoryRelease Date Description
2021-02-28 This issue is the eleventh official release, whichincorporates the following changes:● Added "Permissions Management" in Service
Overview.● Optimized the configuration process in Getting
Started.● Optimized the user guide.● Optimized a bandwidth and network speed
FAQ.
2020-08-30 This issue is the tenth official release, whichincorporates the following changes:● Getting Started● Best Practices● FAQs
2020-06-30 This issue is the ninth official release, whichincorporates the following changes:● Overview● Getting Started● Best Practices● FAQs
2020-04-30 This issue is the eighth official release, whichincorporates the following changes:● Usage Restrictions● FAQs
Virtual Private NetworkUser Guide A Change History
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 17
-
Release Date Description
2020-03-30 This issue is the seventh official release, whichincorporates the following changes:● Added section "Pricing Details".● Optimized the entire document.
2019-12-30 This issue is the sixth official release, whichincorporates the following changes:● Updated FAQs.● Optimized the entire document.
2019-11-30 This issue is the fifth official release, whichincorporates the following changes:● Updated FAQs.
2019-10-30 This issue is the fourth official release, whichincorporates the following changes:● Updated FAQs.
2019-09-30 This issue is the third official release, whichincorporates the following changes:● Updated Monitoring.● Optimized the entire document.
2019-08-15 This issue is the second official release, whichincorporates the following changes:Optimized the document content.
2018-11-16 This issue is the first official release.
Virtual Private NetworkUser Guide A Change History
Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 18
Contents1 Viewing a VPN2 Modifying a VPN3 Deleting a VPN4 Managing VPN Connections4.1 Viewing a VPN Connection4.2 Modifying a VPN Connection4.3 Deleting a VPN Connection
5 Managing VPN Gateways5.1 Viewing a VPN Gateway5.2 Modifying a VPN Gateway5.3 Deleting a Pay-per-Use VPN Gateway
6 Monitoring6.1 Monitoring VPN6.2 Monitoring Metrics6.3 Creating Alarm Rules6.4 Viewing Metrics
7 Permissions Management7.1 Creating a User and Granting VPN Permissions
8 QuotasA Change History