User Guide - HUAWEI CLOUD · 2021. 1. 27. · Virtual Private Network User Guide Issue 01 Date 2020-11-30 HUAWEI TECHNOLOGIES CO., LTD

Virtual Private Network

User Guide

Issue 01

Date 2021-02-28

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. i

Contents

1 Viewing a VPN......................................................................................................................... 1

2 Modifying a VPN......................................................................................................................2

3 Deleting a VPN.........................................................................................................................3

4 Managing VPN Connections................................................................................................. 44.1 Viewing a VPN Connection.................................................................................................................................................. 44.2 Modifying a VPN Connection.............................................................................................................................................. 44.3 Deleting a VPN Connection................................................................................................................................................. 5

5 Managing VPN Gateways...................................................................................................... 65.1 Viewing a VPN Gateway....................................................................................................................................................... 65.2 Modifying a VPN Gateway...................................................................................................................................................65.3 Deleting a Pay-per-Use VPN Gateway............................................................................................................................. 7

6 Monitoring................................................................................................................................ 86.1 Monitoring VPN....................................................................................................................................................................... 86.2 Monitoring Metrics................................................................................................................................................................. 86.3 Creating Alarm Rules........................................................................................................................................................... 116.4 Viewing Metrics..................................................................................................................................................................... 12

7 Permissions Management................................................................................................... 137.1 Creating a User and Granting VPN Permissions........................................................................................................ 13

8 Quotas......................................................................................................................................15

A Change History...................................................................................................................... 17

Virtual Private NetworkUser Guide Contents

Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. ii

1 Viewing a VPNScenarios

This section applies to regions where the old VPN edition is available.

You can view details about an existing VPN.

Procedure1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. On the displayed Virtual Private Network page, view the target VPN. Table

1-1 describes the VPN status.

Table 1-1 VPN status

Status Description

Normal Indicates that the VPN is successfully created andcommunication with the local data center through theVPN is normal.

Not connected Indicates that the VPN is successfully created but hasnot been used for communication with the local datacenter.

Creating Indicates that the VPN is being created.

Updating Indicates that VPN information is being updated.

Deleting Indicates that the VPN is being deleted.

Abnormal Indicates that the VPN is abnormal.

Frozen Indicates that the VPN is frozen.

Virtual Private NetworkUser Guide 1 Viewing a VPN

Issue 01 (2021-02-28) Copyright © Huawei Technologies Co., Ltd. 1

2 Modifying a VPNScenarios


If you need to adjust your VPN network configurations, you can modify a VPN.


2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. On the Virtual Private Network page, locate the target VPN and click

Modify.5. In the displayed dialog box, set parameters as prompted.6. Click OK.

Virtual Private NetworkUser Guide 2 Modifying a VPN


3 Deleting a VPNScenarios


You can delete a VPN if the VPN is no longer required.


2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. On the Virtual Private Network page, locate the target VPN and click

Delete.5. Click Yes in the displayed dialog box.

Virtual Private NetworkUser Guide 3 Deleting a VPN


4 Managing VPN Connections4.1 Viewing a VPN Connection

ScenariosAfter creating a VPN connection, you can view details about your VPN connection.


2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.

4. In the navigation pane on the left, choose Virtual Private Network > VPNConnections.

5. View all of your VPN connections on the VPN Connections page.6. Locate the row that contains the target VPN connection, click View Policy in

the Operation column to view IKE and IPsec policy details about the VPNconnection.

4.2 Modifying a VPN Connection

ScenariosA VPN connection is an encrypted communications channel established betweenthe VPN gateway in your VPC and that in an on-premises data center. You canmodify a VPN connection when required.


2. Click in the upper left corner and select the desired region and project.

Virtual Private NetworkUser Guide 4 Managing VPN Connections


3. On the console homepage, under Network, click Virtual Private Network.4. In the navigation pane on the left, choose Virtual Private Network > VPN

Connections.5. On the VPN Connections page, locate the row that contains the target VPN

connection and click Modify in the Operation column.6. In the displayed dialog box, set parameters as prompted.7. Click OK.

4.3 Deleting a VPN Connection

ScenariosYou can delete a VPN connection to release network resources if it is no longerrequired.

Deleting the last VPN connection for a pay-per-use VPN gateway will also deletethe VPN gateway.


2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. In the navigation pane on the left, choose Virtual Private Network > VPN

Connections.5. On the VPN Connections page, locate the row that contains the target VPN

connection and click Delete in the Operation column.6. Click Yes in the displayed dialog box.

Virtual Private NetworkUser Guide 4 Managing VPN Connections


5 Managing VPN Gateways5.1 Viewing a VPN Gateway

ScenariosAfter creating a VPN gateway, you can view information about your VPN gateway.



Gateways.5. View information about your VPN gateway on the VPN Gateways page.

5.2 Modifying a VPN Gateway

Modifying the Basic Information of a VPN GatewayScenario

Modify the name and description of a VPN gateway as required.

Procedure

1. Log in to the management console.


Gateways.5. On the VPN Gateways page, locate the row that contains the target VPN

gateway, and choose More > Modify Basic Information.

Virtual Private NetworkUser Guide 5 Managing VPN Gateways


6. Modify the VPN gateway name or description as required.7. Click OK.

Modifying VPN Gateway BandwidthScenario

When the bandwidth of a VPN gateway does not meet your service requirements,you can modify the VPN gateway bandwidth.

Procedure




gateway and click Modify Bandwidth in the Operation column.6. Modify the bandwidth as required.7. Click Submit.

5.3 Deleting a Pay-per-Use VPN Gateway

ScenariosYou can delete a VPN gateway to release network resources if it is no longerrequired.

A VPN gateway cannot be deleted if it is being used by VPN connections. Youmust first delete the VPN connections before deleting the VPN gateway.

NO TE

● If you create a pay-per-use VPN gateway, a VPN connection will be created togetherwith the gateway. If you delete all the VPN connections created for a pay-per-use VPNgateway, the VPN gateway will be automatically deleted. For details, see Deleting aVPN Connection.




gateway and click Delete in the Operation column.6. Click Yes in the displayed dialog box.

Virtual Private NetworkUser Guide 5 Managing VPN Gateways


6 Monitoring6.1 Monitoring VPN

Cloud Eye lets you keep a close eye on the performance and resource utilization ofVPNs, ensuring VPN reliability and availability. You can use Cloud Eye toautomatically monitor VPNs in real time and manage alarms and notifications, sothat you can keep track of VPN performance metrics.

This following sections are:

● Monitoring Metrics● Creating Alarm Rules● Viewing Metrics

6.2 Monitoring Metrics

DescriptionThis section describes monitored metrics reported by VPN to Cloud Eye as well astheir namespaces and dimensions. You can use the Cloud Eye managementconsole to query the metrics of the monitored objects and alarms generated forVPN.

NamespaceSYS.VPN

Virtual Private NetworkUser Guide 6 Monitoring


Monitoring Metrics

Table 6-1 Monitoring on VPN connection status

Parameter

Metric Description ValueRange

Monitored Object

Monitoring Period(RawData)

connection_status

VPNConnectionStatus

VPN connection tunnelstatus0: indicates the notconnected status.1: indicates theconnected status.

0 or 1 VPNconnection

5 minutes

Table 6-2 EIP and Bandwidth metrics

Parameter Metric Description ValueRange

MonitoredObject

up_bandwidth

OutboundBandwidth(Deprecated)

Network rate ofoutbound traffic(Previously called"UpstreamBandwidth")This metric isavailable in regionsCN North-Beijing1,CN East-Shanghai2,and CN South-Guangzhou.

≥ 0bytes/s

Bandwidth orEIP

down_bandwidth

InboundBandwidth(Deprecated)

Network rate ofinbound traffic(Previously called"DownstreamBandwidth")This metric isavailable in regionsCN North-Beijing1,CN East-Shanghai2,and CN South-Guangzhou.

≥ 0bytes/s

Bandwidth orEIP




MonitoredObject

up_bandwidth

OutboundBandwidth

Network rate ofoutbound traffic(Previously called"UpstreamBandwidth")This metric isavailable in regionsAP-Hong Kong andAP-Bangkok.

≥ 0bytes/s

Bandwidth orEIP

down_bandwidth

InboundBandwidth

Network rate ofinbound traffic(Previously called"DownstreamBandwidth")This metric isavailable in regionsAP-Hong Kong andAP-Bangkok.

≥ 0bytes/s

Bandwidth orEIP

upstream_bandwidth

OutboundBandwidth

Network rate ofoutbound traffic(Previously called"UpstreamBandwidth")This metric isavailable in regionsCN North-Beijing1,CN East-Shanghai2,and CN South-Guangzhou.

≥ 0 bits/s Bandwidth orEIP

downstream_bandwidth

InboundBandwidth

Network rate ofinbound traffic(Previously called"DownstreamBandwidth")This metric isavailable in regionsCN North-Beijing1,CN East-Shanghai2,and CN South-Guangzhou.

≥ 0 bits/s Bandwidth orEIP

upstream_bandwidth_usage

OutboundBandwidthUsage

Usage rate ofoutbound bandwidthin the unit of percent.

0-100% Bandwidth orEIP




MonitoredObject

up_stream OutboundTraffic

Network traffic goingout of the cloudplatform (Previouslycalled "UpstreamTraffic")

≥ 0 bytes Bandwidth orEIP

down_stream InboundTraffic

Network traffic goinginto the cloudplatform (Previouslycalled "DownstreamTraffic")

≥ 0 bytes Bandwidth orEIP

Dimensions

key Value

connection_id VPN connection

6.3 Creating Alarm Rules

Scenarios

You can configure alarm rules to customize the monitored objects and notificationpolicies and to learn VPN status at any time.



3. On the console homepage, under Management & Deployment, click CloudEye.

4. In the left navigation pane, choose Alarm Management > Alarm Rules.

5. On the Alarm Rules page, click Create Alarm Rule and set requiredparameters to create an alarm rule, or modify an existing alarm rule.

6. After the parameters are set, click Create.

After the alarm rule is set, the system automatically notifies you when analarm is triggered.

NO TE

For more information about alarm rules of VPN, see the Cloud Eye User Guide.



https://support.huaweicloud.com/intl/en-us/ces/index.html

6.4 Viewing Metrics

ScenariosView the VPN connection status and the usage of bandwidth and EIP.

ProcedureViewing VPN connection status


2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Management & Deployment, click Cloud

Eye.4. Click Cloud Service Monitoring on the left navigation pane and then Virtual

Private Network.5. Click View Metric in the Operation column to view the VPN connection

status.You can view data during the last one, three, or twelve hours.

NO TE

You can also log in to the management console, under Network, click Virtual PrivateNetwork, and then click VPN Connections. Locate the row that contains the targetVPN connection and choose More > View Metric in the Operation column to viewthe VPN connection status.

Viewing bandwidth or EIP usage


2. Click in the upper left corner and select the desired region and project.3. On the console homepage, under Network, click Virtual Private Network.4. Click VPN Gateways on the left navigation pane.5. Locate the row that contains the target VPN gateway and click View Metric

in the Operation column to check the bandwidth or EIP monitoringinformation.You can view data during the last one, three, or twelve hours.



7 Permissions Management7.1 Creating a User and Granting VPN Permissions

This topic describes how to use IAM to implement fine-grained permissionscontrol for your VPN resources. With IAM, you can:

● Create IAM users for employees based on your enterprise's organizationalstructure. Each IAM user will have their own security credentials for accessingVPN resources.

● Grant only the permissions required for users to perform a specific task.● Entrust a HUAWEI CLOUD account or cloud service to perform efficient O&M

on your VPN resources.

If your HUAWEI CLOUD account does not need individual IAM users, skip thistopic.

This section describes the procedure for granting permissions (see Figure 7-1).

PrerequisitesLearn about the permissions (see Permissions Management) supported by VPNand choose policies or roles based on your requirements. For the permissions ofother services, see System Permissions.

Virtual Private NetworkUser Guide 7 Permissions Management


https://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_01_0001.htmlhttps://support.huaweicloud.com/intl/en-us/productdesc-vpn/vpn_01_0011.htmlhttps://support.huaweicloud.com/intl/en-us/usermanual-permissions/iam_01_0001.html

Process Flow

Figure 7-1 Process for granting VPN permissions

1. Create a user group and assign permissions to it.Create a user group on the IAM console and attach the VPN Administratorpolicy to the group.

2. Create an IAM user.Create a user on the IAM console and add the user to the group created in 1.

3. Log in and verify permissions.Log in to the management console as the created user. Switch to theauthorized region and verify the permissions.– Choose Service List > Network > Virtual Private Network. Then click

Buy VPN Gateway in the upper right corner. If the VPN gateway issuccessfully created, the VPN Administrator policy has already takeneffect.

– Choose any other service in Service List. If a message appears indicatingthat you have insufficient permissions to access the service, the VPNAdministrator policy has already taken effect.

Virtual Private NetworkUser Guide 7 Permissions Management


https://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_03_0001.htmlhttps://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_02_0001.htmlhttps://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_01_0552.html

8 QuotasWhat Is Quota?

Quotas are enforced for service resources on the platform to prevent unforeseenspikes in resource usage. Quotas can limit the number or amount of resourcesavailable to users, such as the maximum number of ECSs or EVS disks that can becreated.

If the existing resource quota cannot meet your service requirements, you canapply for a higher quota.

How Do I View My Quotas?1. Log in to the management console.


3. In the upper right corner of the page, choose Resources > My Quotas.

The Service Quota page is displayed.

Figure 8-1 My Quotas

4. View the used and total quota of each type of resources on the displayedpage.

If a quota cannot meet service requirements, apply for a higher quota.

Virtual Private NetworkUser Guide 8 Quotas


How Do I Apply for a Higher Quota?1. Log in to the management console.2. In the upper right corner of the page, choose Resources > My Quotas.

The Service Quota page is displayed.

Figure 8-2 My Quotas

3. Click Increase Quota.4. On the Create Service Ticket page, configure parameters as required.

In the Problem Description area, enter the required quota and reason for theadjustment.

5. After all necessary parameters are configured, select I have read and agreeto the Tenant Authorization Letter and Privacy Statement and clickSubmit.

Virtual Private NetworkUser Guide 8 Quotas


A Change HistoryRelease Date Description

2021-02-28 This issue is the eleventh official release, whichincorporates the following changes:● Added "Permissions Management" in Service

Overview.● Optimized the configuration process in Getting

Started.● Optimized the user guide.● Optimized a bandwidth and network speed

FAQ.

2020-08-30 This issue is the tenth official release, whichincorporates the following changes:● Getting Started● Best Practices● FAQs

2020-06-30 This issue is the ninth official release, whichincorporates the following changes:● Overview● Getting Started● Best Practices● FAQs

2020-04-30 This issue is the eighth official release, whichincorporates the following changes:● Usage Restrictions● FAQs

Virtual Private NetworkUser Guide A Change History


Release Date Description

2020-03-30 This issue is the seventh official release, whichincorporates the following changes:● Added section "Pricing Details".● Optimized the entire document.

2019-12-30 This issue is the sixth official release, whichincorporates the following changes:● Updated FAQs.● Optimized the entire document.

2019-11-30 This issue is the fifth official release, whichincorporates the following changes:● Updated FAQs.

2019-10-30 This issue is the fourth official release, whichincorporates the following changes:● Updated FAQs.

2019-09-30 This issue is the third official release, whichincorporates the following changes:● Updated Monitoring.● Optimized the entire document.

2019-08-15 This issue is the second official release, whichincorporates the following changes:Optimized the document content.

2018-11-16 This issue is the first official release.

Virtual Private NetworkUser Guide A Change History


Contents1 Viewing a VPN2 Modifying a VPN3 Deleting a VPN4 Managing VPN Connections4.1 Viewing a VPN Connection4.2 Modifying a VPN Connection4.3 Deleting a VPN Connection

5 Managing VPN Gateways5.1 Viewing a VPN Gateway5.2 Modifying a VPN Gateway5.3 Deleting a Pay-per-Use VPN Gateway

6 Monitoring6.1 Monitoring VPN6.2 Monitoring Metrics6.3 Creating Alarm Rules6.4 Viewing Metrics

7 Permissions Management7.1 Creating a User and Granting VPN Permissions

8 QuotasA Change History

Documents

User Guide - HUAWEI CLOUD · 2021. 1. 27. · Virtual Private Network User Guide Issue 01 Date 2020-11-30 HUAWEI TECHNOLOGIES CO., LTD