apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-2806

Browse Source
This commit is contained in:
radhikap 2013-07-08 16:55:56 +05:30
parent 24e9797807
commit 03c8f74e98
4 changed files with 198 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/en-US/add-gateway-vpc.xml
View File

@ -144,10 +144,11 @@
<section id="acl-private-gateway"> <section id="acl-private-gateway">
<title>ACL on Private Gateway</title> <title>ACL on Private Gateway</title>
<para>The traffic on the VPC private gateway is controlled by creating both ingress and egress <para>The traffic on the VPC private gateway is controlled by creating both ingress and egress
network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the network ACL rules. The ACLs contains both allow and deny rules. In addition to the default ACL
ingress traffic to the private gateway interface and all the egress traffic out from the rules, rules you might have created are also listed in the ACL drop-down list. As per the
private gateway interface are blocked. You can change this default behaviour while creating a rule, all the ingress traffic to the private gateway interface and all the egress traffic out
private gateway.</para> from the private gateway interface are blocked. You can change this default behaviour while
creating a private gateway.</para>
</section> </section>
<section id="static-route"> <section id="static-route">
<title>Creating a Static Route</title> <title>Creating a Static Route</title>

308
docs/en-US/configure-acl.xml
View File

@ -25,119 +25,197 @@
default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports, default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports,
you must create a new network ACL. The network ACLs can be created for the tiers only if the you must create a new network ACL. The network ACLs can be created for the tiers only if the
NetworkACL service is supported.</para> NetworkACL service is supported.</para>
<orderedlist> <section id="acl-list">
<listitem> <title>Creating ACL Lists</title>
<para>Log in to the &PRODUCT; UI as an administrator or end user.</para> <orderedlist>
</listitem> <listitem>
<listitem> <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
<para>In the left navigation, choose Network.</para> </listitem>
</listitem> <listitem>
<listitem> <para>In the left navigation, choose Network.</para>
<para>In the Select view, select VPC.</para> </listitem>
<para>All the VPCs that you have created for the account is listed in the page.</para> <listitem>
</listitem> <para>In the Select view, select VPC.</para>
<listitem> <para>All the VPCs that you have created for the account is listed in the page.</para>
<para>Click the Configure button of the VPC, for which you want to configure load balancing </listitem>
rules.</para> <listitem>
<para>For each tier, the following options are displayed:</para> <para>Click the Configure button of the VPC.</para>
<itemizedlist> <para>For each tier, the following options are displayed:</para>
<listitem> <itemizedlist>
<para>Internal LB</para> <listitem>
</listitem> <para>Internal LB</para>
<listitem> </listitem>
<para>Public LB IP</para> <listitem>
</listitem> <para>Public LB IP</para>
<listitem> </listitem>
<para>Static NAT</para> <listitem>
</listitem> <para>Static NAT</para>
<listitem> </listitem>
<para>Virtual Machines</para> <listitem>
</listitem> <para>Virtual Machines</para>
<listitem> </listitem>
<para>CIDR</para> <listitem>
</listitem> <para>CIDR</para>
</itemizedlist> </listitem>
<para>The following router information is displayed:</para> </itemizedlist>
<itemizedlist> <para>The following router information is displayed:</para>
<listitem> <itemizedlist>
<para>Private Gateways</para> <listitem>
</listitem> <para>Private Gateways</para>
<listitem> </listitem>
<para>Public IP Addresses</para> <listitem>
</listitem> <para>Public IP Addresses</para>
<listitem> </listitem>
<para>Site-to-Site VPNs</para> <listitem>
</listitem> <para>Site-to-Site VPNs</para>
<listitem> </listitem>
<para>Network ACL Lists</para> <listitem>
</listitem> <para>Network ACL Lists</para>
</itemizedlist> </listitem>
</listitem> </itemizedlist>
<listitem> </listitem>
<para>Select Network ACL Lists.</para> <listitem>
<para>The following default rules are displayed in the Network ACLs page: default_allow, <para>Select Network ACL Lists.</para>
default_deny.</para> <para>The following default rules are displayed in the Network ACLs page: default_allow,
</listitem> default_deny.</para>
<listitem> </listitem>
<para>Click Add ACL Lists, and specify the following:</para> <listitem>
<itemizedlist> <para>Click Add ACL Lists, and specify the following:</para>
<listitem> <itemizedlist>
<para><emphasis role="bold">ACL List Name</emphasis>: A name for the ACL list.</para> <listitem>
</listitem> <para><emphasis role="bold">ACL List Name</emphasis>: A name for the ACL list.</para>
<listitem> </listitem>
<para><emphasis role="bold">Description</emphasis>: A short description of the ACL list <listitem>
that can be displayed to users.</para> <para><emphasis role="bold">Description</emphasis>: A short description of the ACL list
</listitem> that can be displayed to users.</para>
</itemizedlist> </listitem>
</listitem> </itemizedlist>
<listitem> </listitem>
<para>Select the ACL list.</para> </orderedlist>
</listitem> </section>
<listitem> <section id="add-acl-rule">
<para>Select the ACL List Rules tab.</para> <title>Creating an ACL Rule</title>
<para>To add an ACL rule, fill in the following fields to specify what kind of network traffic <orderedlist>
is allowed in the VPC. </para> <listitem>
<itemizedlist> <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
<listitem> </listitem>
<para><emphasis role="bold">CIDR</emphasis>: The CIDR acts as the Source CIDR for the <listitem>
Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from or <para>In the left navigation, choose Network.</para>
to the IP addresses within a particular address block, enter a CIDR or a comma-separated </listitem>
list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, <listitem>
192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para> <para>In the Select view, select VPC.</para>
</listitem> <para>All the VPCs that you have created for the account is listed in the page.</para>
<listitem> </listitem>
<para><emphasis role="bold">Protocol</emphasis>: The networking protocol that sources use <listitem>
to send traffic to the tier. The TCP and UDP protocols are typically used for data <para>Click the Configure button of the VPC.</para>
exchange and end-user communications. The ICMP protocol is typically used to send error </listitem>
messages or network monitoring data. All supports all the traffic. Other option is <listitem>
Protocol Number.</para> <para>Select Network ACL Lists.</para>
</listitem> <para>In addition to the custom ACL lists you have created, the following default rules are
<listitem> displayed in the Network ACLs page: default_allow, default_deny.</para>
<para><emphasis role="bold">Start Port</emphasis>, <emphasis role="bold">End </listitem>
Port</emphasis> (TCP, UDP only): A range of listening ports that are the destination <listitem>
for the incoming traffic. If you are opening a single port, use the same number in both <para>Select the desired ACL list.</para>
fields.</para> </listitem>
</listitem> <listitem>
<listitem> <para>Select the ACL List Rules tab.</para>
<para><emphasis role="bold">Protocol Number</emphasis>: The protocol number associated <para>To add an ACL rule, fill in the following fields to specify what kind of network
with IPv4 or IPv6. For more information, see <ulink traffic is allowed in the VPC. </para>
url="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml">Protocol <itemizedlist>
Numbers</ulink>.</para> <listitem>
</listitem> <para><emphasis role="bold">CIDR</emphasis>: The CIDR acts as the Source CIDR for the
<listitem> Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from
<para><emphasis role="bold">ICMP Type</emphasis>, <emphasis role="bold">ICMP or to the IP addresses within a particular address block, enter a CIDR or a
Code</emphasis> (ICMP only): The type of message and error code that will be comma-separated list of CIDRs. The CIDR is the base IP address of the incoming
sent.</para> traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis role="bold">Action</emphasis>: What action to be taken. </para> <para><emphasis role="bold">Protocol</emphasis>: The networking protocol that sources
</listitem> use to send traffic to the tier. The TCP and UDP protocols are typically used for data
</itemizedlist> exchange and end-user communications. The ICMP protocol is typically used to send
</listitem> error messages or network monitoring data. All supports all the traffic. Other option
<listitem> is Protocol Number.</para>
<para>Click Add. The ACL rule is added.</para> </listitem>
<para>You can edit the tags assigned to the ACL rules and delete the ACL rules you have <listitem>
created. Click the appropriate button in the Details tab.</para> <para><emphasis role="bold">Start Port</emphasis>, <emphasis role="bold">End
</listitem> Port</emphasis> (TCP, UDP only): A range of listening ports that are the destination
</orderedlist> for the incoming traffic. If you are opening a single port, use the same number in
both fields.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Protocol Number</emphasis>: The protocol number associated
with IPv4 or IPv6. For more information, see <ulink
url="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml">Protocol
Numbers</ulink>.</para>
</listitem>
<listitem>
<para><emphasis role="bold">ICMP Type</emphasis>, <emphasis role="bold">ICMP
Code</emphasis> (ICMP only): The type of message and error code that will be
sent.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Action</emphasis>: What action to be taken. </para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Click Add. The ACL rule is added.</para>
<para>You can edit the tags assigned to the ACL rules and delete the ACL rules you have
created. Click the appropriate button in the Details tab.</para>
</listitem>
</orderedlist>
</section>
<section id="create-acl-tier">
<title>Assigning a Custom ACL List to a Tier</title>
<orderedlist>
<listitem>
<para>Create a VPC.</para>
</listitem>
<listitem>
<para>Create a custom ACL list.</para>
</listitem>
<listitem>
<para>Add ACL rules to the ACL list.</para>
</listitem>
<listitem>
<para>Create a tier in the VPC.</para>
<para>Select the desired ACL list while creating a tier.</para>
</listitem>
<listitem><para>Click OK.</para></listitem>
</orderedlist>
</section>
<section id="assign-acl-tier">
<title>Assigning a Custom ACL List to a Tier</title>
<orderedlist>
<listitem>
<para>Create a VPC.</para>
</listitem>
<listitem>
<para>Create a tier in the VPC.</para>
</listitem>
<listitem>
<para>Associate the tier with the default ACL rule.</para>
</listitem>
<listitem>
<para>Create a custom ACL list.</para>
</listitem>
<listitem>
<para>Add ACL rules to the ACL list.</para>
</listitem>
<listitem>
<para>Select the tier for which you want to assign the custom ACL.</para>
</listitem>
<listitem><para>Click the Replace ACL List icon.<inlinemediaobject>
<imageobject>
<imagedata fileref="./images/replace-acl-icon.png"/>
</imageobject>
<textobject>
<phrase>replace-acl-icon.png: button to replace an ACL list</phrase>
</textobject>
</inlinemediaobject></para>
<para>The Replace ACL List dialog is displayed.</para></listitem>
<listitem><para>Select the desired ACL list.</para></listitem>
<listitem><para>Click OK.</para></listitem>
</orderedlist>
</section>
</section> </section>

BIN
docs/en-US/images/replace-acl-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 930 B

BIN
docs/en-US/images/replace-acl-list.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.5 KiB