From 896490ff85b158c9dae65a744b7c54db4b6767c7 Mon Sep 17 00:00:00 2001 From: Kyriakos Akriotis Date: Thu, 5 Dec 2024 11:18:46 +0000 Subject: [PATCH] fixed all broken anchors #180 --- .../migrating-container-images.md | 42 ++++----- .../google-cloud/google-deploy.md | 88 +++++++++---------- .../cloud-eye/resource-group-monitoring.md | 6 +- .../vpc-and-subnet-planning-suggestions.md | 28 ++---- ...mises-branch-networks-through-a-vpn-hub.md | 88 ++++++++----------- 5 files changed, 111 insertions(+), 141 deletions(-) diff --git a/docs/best-practices/containers/software-repository/migrating-container-images.md b/docs/best-practices/containers/software-repository/migrating-container-images.md index 845282390..9b1fe8d5b 100644 --- a/docs/best-practices/containers/software-repository/migrating-container-images.md +++ b/docs/best-practices/containers/software-repository/migrating-container-images.md @@ -11,7 +11,7 @@ Containers are growing in popularity. Many enterprises choose to build their own This blueprint describes three different scenarios for migrating image repositories to SWR smoothly. You can select one as required: | Solution | Application Scenario | Precautions | - | ----------------- | ---------------------------------- | ------------ | + | ----------------- | ---------------------------------- | ------------ | | Migrating images to SWR using **[Docker commands](#migrating-images-to-swr-using-docker-commands)** | Small quantity of images | - Disk storage leads to the timely deletion of local images and time-cost flushing. | | | | - Docker daemon strictly restricts the number of concurrent pull/push operations, so high-concurrency synchronization cannot be performed. | | | | - Scripts are complex because HTTP APIs are needed to perform the operations that cannot be implemented through Docker CLI. | @@ -24,13 +24,13 @@ This blueprint describes three different scenarios for migrating image repositor | | | - Docker or other programs are not required. | | Synchronizing images across clouds [from **Harbor** to SWR](#synchronizing-images-across-clouds-from-harbor-to-swr) | A customer deploys services in multiple clouds and uses Harbor as their image repository. | Only Harbor v1.10.5 and later versions are supported. | -## Migrating Images to SWR using Docker Commands +## Migrating Images to SWR using Docker Commands SWR provides easy-to-use image hosting and efficient distribution services. If small quantity of images need to be migrated, enterprises can use the **docker pull/push** command to migrate images to SWR: -1. Pull images from the source repository. +1. Pull images from the source repository. Run the `docker pull` command to pull the images. :::note Example @@ -46,7 +46,7 @@ can use the **docker pull/push** command to migrate images to SWR: nginx latest 22f2bf2e2b4f 5 hours ago 22.8MB ``` -2. Push the images pulled to SWR. +2. Push the images pulled to SWR. a. Log in to the VM where the target container is located and log in to SWR. For details, see [Uploading an Image Through a Container Engine Client](https://docs.otc.t-systems.com/software-repository-container/umn/image_management/uploading_an_image_through_the_client.html). @@ -82,7 +82,7 @@ can use the **docker pull/push** command to migrate images to SWR: To view the pushed image, refresh the *My Images* page. -## Migrating Images to SWR using image-syncer {#cce_bestpractice_0331} +## Migrating Images to SWR using image-syncer If small quantity of images need to be migrated, you can use Docker commands. However, for thousands of images and several TBs of image @@ -90,7 +90,7 @@ repository data, it takes a long time and even data may be lost. In this case, you can use the open-source image migration tool [image-syncer](https://github.com/AliyunContainerService/image-syncer): -1. Download, decompress, and run image-syncer. +1. Download, decompress, and run image-syncer. The following uses **image-syncer v1.3.1** as an example. @@ -99,7 +99,7 @@ case, you can use the open-source image migration tool tar -zvxf image-syncer-v1.3.1-linux-amd64.tar.gz ``` -2. Create **auth.json**, the authentication information file of the +2. Create **auth.json**, the authentication information file of the image repositories. image-syncer supports the Docker image repository based on Docker @@ -135,10 +135,10 @@ case, you can use the open-source image migration tool In the above figure : - `eu-de_otc@9LA\...\...` is the `username` - - `077be\...\...\...\.....` is the `password` and + - `077be\...\...\...\.....` is the `password` and - `swr.eu-de.otc.t-systems.com` is the image repository address. -3. Create **images.json**, the image synchronization description file. +3. Create **images.json**, the image synchronization description file. In the following example, the source repository address is on the left, and the target repository address is on the right. @@ -151,7 +151,7 @@ case, you can use the open-source image migration tool } ``` -4. Run the following command to migrate the images to SWR: +4. Run the following command to migrate the images to SWR: ```bash ./image-syncer \--auth=./auth.json \--images=./images.json @@ -159,7 +159,6 @@ case, you can use the open-source image migration tool \--retries=3 \--log=./log ``` - ## Synchronizing Images Across Clouds from Harbor to SWR + [Harbor](https://goharbor.io/) is an open-source enterprise-class Docker Registry server developed by VMware. It extends the Docker Distribution by adding the functionalities such as role-based access control (RBAC), image @@ -208,7 +208,7 @@ and distribute container images. Our scenarion in this blueprint is a customer that deploys services in **multiple clouds** and uses Harbor as their image repository. We are going to be accessing SWR through a **public** network. -1. Configure a registry endpoint on Harbor. +1. Configure a registry endpoint on Harbor. :::note Open Telekom Cloud SWR has not yet integrated with Harbor. You need clone [this repo](https://github.com/akyriako/harbor/tree/opentelekomcloud_adapter) and build it from branch **opentelekomcloud\_adapter**. @@ -218,19 +218,19 @@ image repository. We are going to be accessing SWR through a **public** network. ![image2](/img/docs/best-practices/containers/cloud-container-engine/en-us_image_0000001418569120.png) - - `Provider`: Select `Open Telekom Cloud SWR`. - - `Name`: Enter a customized name. - - `Endpoint URL`: Enter the public network domain name of + - `Provider`: Select `Open Telekom Cloud SWR`. + - `Name`: Enter a customized name. + - `Endpoint URL`: Enter the public network domain name of SWR in the format of `https://{SWR image repository address}`. To obtain the image repository address, log in to the SWR console, choose *My Images*, and click *Upload Through Client*. You can view the image repository address of the current region on the page that is displayed. - - `Access ID`: Enter an access ID in the format of `Regional project name@\[AK\]`. - - `Access Secret`: Enter an AK/SK. To obtain an AK/SK, see [Obtaining a Long-Term Valid Login Command](https://docs.otc.t-systems.com/software-repository-container/umn/image_management/obtaining_a_long-term_valid_login_command.html). - - `Verify Remote Cert`: *Deselect* the option. + - `Access ID`: Enter an access ID in the format of `Regional project name@\[AK\]`. + - `Access Secret`: Enter an AK/SK. To obtain an AK/SK, see [Obtaining a Long-Term Valid Login Command](https://docs.otc.t-systems.com/software-repository-container/umn/image_management/obtaining_a_long-term_valid_login_command.html). + - `Verify Remote Cert`: *Deselect* the option. -2. Configure a replication rule. +2. Configure a replication rule. a. Create a replication rule. @@ -256,7 +256,7 @@ image repository. We are going to be accessing SWR through a **public** network. executing the replication rule. The value `-1` indicates no limitation. -3. After creating the replication rule, select it and click +3. After creating the replication rule, select it and click *REPLICATE* to complete the replication. - ![image2](/img/docs/best-practices/containers/cloud-container-engine/en-us_image_0000001418729104.png) \ No newline at end of file + ![image2](/img/docs/best-practices/containers/cloud-container-engine/en-us_image_0000001418729104.png) diff --git a/docs/best-practices/management-and-deployment/cloud-create/google-cloud/google-deploy.md b/docs/best-practices/management-and-deployment/cloud-create/google-cloud/google-deploy.md index e66dccb5c..51474042d 100644 --- a/docs/best-practices/management-and-deployment/cloud-create/google-cloud/google-deploy.md +++ b/docs/best-practices/management-and-deployment/cloud-create/google-cloud/google-deploy.md @@ -5,22 +5,20 @@ tags: [multi-cloud, google, gcp, cloud-create] --- # How to deploy your application on Google Cloud -Prerequisites ----------------------------------------------------------------- + +## Prerequisites To deploy on Google Cloud, you need to: -* Have a Google Cloud account. -* Your account has one of the following roles `roles/compute.admin`, `roles/editor`, or `roles/owner` assigned to a Google project. This role allows you to create a compute resource in the given project. -* Your account has one of the following roles `roles/browser`, `roles/editor`, or `roles/owner`. This role allows Telekom Cloud Create to read the [IAM access control policy](https://cloud.google.com/resource-manager/docs/access-control-proj) of the project to check for access permissions before a deployment can start. -* Enable the **Compute Engine API** and **Cloud Resource Manager API** in your google project. - +* Have a Google Cloud account. +* Your account has one of the following roles `roles/compute.admin`, `roles/editor`, or `roles/owner` assigned to a Google project. This role allows you to create a compute resource in the given project. +* Your account has one of the following roles `roles/browser`, `roles/editor`, or `roles/owner`. This role allows Telekom Cloud Create to read the [IAM access control policy](https://cloud.google.com/resource-manager/docs/access-control-proj) of the project to check for access permissions before a deployment can start. +* Enable the **Compute Engine API** and **Cloud Resource Manager API** in your google project. ### How to assign a role to a principal -* Go to: **IAM & Admin** / **IAM** -* Go to **Principal**, click **Edit** and assign roles. The following example assigns the role `roles/browser` and `roles/compute.admin` to a principal. - +* Go to: **IAM & Admin** / **IAM** +* Go to **Principal**, click **Edit** and assign roles. The following example assigns the role `roles/browser` and `roles/compute.admin` to a principal. [![../_images/set-roles.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/set-roles.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/set-roles.png) @@ -28,22 +26,20 @@ Figure 1. Set IAM roles for a user ### How to enable an API on Google Cloud -* Go to: **APIs & Services** / **Library** -* Search for an API (e.g., `Compute Engine` or `Cloud Resource`) -* Click **Enable** - +* Go to: **APIs & Services** / **Library** +* Search for an API (e.g., `Compute Engine` or `Cloud Resource`) +* Click **Enable** + [![../_images/enable-api.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/enable-api.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/enable-api.png) Figure 2. Enable Compute Engine API -How to deploy ----------------------------------------------------------------- +## How to deploy ### Choose the Google Cloud location -1. Go to: **Deploy** -2. Choose **Google** - +1. Go to: **Deploy** +2. Choose **Google** [![../_images/deploy-step1.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step1.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step1.png) @@ -51,9 +47,9 @@ Figure 3. Choose Google Cloud location ### Authenticate for the first time -* The first time you deploy an application on Google Cloud, Cloud Create redirects you to Google Cloud to loggin. -* After logging sucessfully, click on the **allow** button to grant the permissions for Cloud Create to manage compute resources on Google Cloud on your behalf. - +* The first time you deploy an application on Google Cloud, Cloud Create redirects you to Google Cloud to loggin. +* After logging sucessfully, click on the **allow** button to grant the permissions for Cloud Create to manage compute resources on Google Cloud on your behalf. + [![../_images/deploy-step2.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step2.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step2.png) @@ -62,41 +58,42 @@ Figure 4. Authenticate and grant permissions :::important By clicking the allow button, you allow Cloud Create to access the following information: -1. Read your email address for authentication purpose. -2. List your Google projects so you can choose a Google project to deploy. -3. Manage compute resources on Google Cloud (e.g., to create and delete a VM). - +1. Read your email address for authentication purpose. +2. List your Google projects so you can choose a Google project to deploy. +3. Manage compute resources on Google Cloud (e.g., to create and delete a VM). + In particular, Cloud Create requests the following OAuth scopes: -* `https://www.googleapis.com/auth/userinfo.email` -* `https://www.googleapis.com/auth/cloudplatformprojects.readonly` -* `https://www.googleapis.com/auth/compute` -::: +* `https://www.googleapis.com/auth/userinfo.email` +* `https://www.googleapis.com/auth/cloudplatformprojects.readonly` +* `https://www.googleapis.com/auth/compute` + +::: :::tip -You can revoke access any time later. See [3\. How to revoke access](#google-revoke-access). +You can revoke access any time later. See [3\. How to revoke access](#how-to-revoke-access). ::: ### Choose a Google project to deploy -* Cloud Create displays a list of the Google projects, which you have the permissions to create a compute resource. -* Choose one Google project you want to deploy your app into. +* Cloud Create displays a list of the Google projects, which you have the permissions to create a compute resource. +* Choose one Google project you want to deploy your app into. [![../_images/deploy-step3.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step3.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step3.png) Figure 5. Choose a google project to deploy :::note -If no projects are dislayed, it means you do not have the roles mentioned in the [1\. Prerequisites](#google-prerequisites). In such a case, ask your Google administrators to assign a role in a Google project for you. +If no projects are dislayed, it means you do not have the roles mentioned in the [1\. Prerequisites](#prerequisites). In such a case, ask your Google administrators to assign a role in a Google project for you. ::: ### Choose an availability zone and keypair (optional) -1. Click **Configure cloud provider** -2. Choose a **Compute**. -3. Choose an availability **zone** from the dropbox. The default availability zone is `europe-west1-c` if not set. -4. Choose a **keypair** from the dropbox. - +1. Click **Configure cloud provider** +2. Choose a **Compute**. +3. Choose an availability **zone** from the dropbox. The default availability zone is `europe-west1-c` if not set. +4. Choose a **keypair** from the dropbox. + [![../_images/deploy-step4.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step4.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-step4.png) Figure 6. Choose a zone and keypair @@ -107,18 +104,17 @@ If the keypair dropbox is empty, you can create a keypair from the Open Telekom ### Deploy -* Click **Deploy** to start. - -How to revoke access ------------------------------------------------------------------------------- +* Click **Deploy** to start. + +## How to revoke access In step 2, you grant Cloud Create the permissions to manage compute resources on your behalf. You can revoke this access anytime. To revoke: -* Go to: 1. **Manage your Google account** / 2. **Security** / 3. **Third party apps with account access**. -* Click on **Revoke access** button. - +* Go to: 1. **Manage your Google account** / 2. **Security** / 3. **Third party apps with account access**. +* Click on **Revoke access** button. + [![../_images/deploy-revoke.png](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-revoke.png)](https://docs.otc.t-systems.com/cloud-create/umn/_images/deploy-revoke.png) Figure 7. Revoke token diff --git a/docs/best-practices/management-and-deployment/cloud-eye/resource-group-monitoring.md b/docs/best-practices/management-and-deployment/cloud-eye/resource-group-monitoring.md index e92e362ba..074abc3e5 100644 --- a/docs/best-practices/management-and-deployment/cloud-eye/resource-group-monitoring.md +++ b/docs/best-practices/management-and-deployment/cloud-eye/resource-group-monitoring.md @@ -1,7 +1,7 @@ --- id: resource-group-monitoring title: Resource Group Monitoring -tags: [] +tags: [cloud-eye] --- # Resource Group Monitoring @@ -91,14 +91,14 @@ When resource exceptions occur, an alarm notification can be sent to the configu ![**Figure 5** Configuring an alarm rule](/img/docs/best-practices/management-and-deployment/cloud-eye/en-us_image_0229987653.png) - Set **Group** to *Development group resources* created in [Step 1 Creating a Resource Group](#step-1-creating-a-resource-group). + Set **Group** to *Development group resources* created in [Step 1 Creating a Resource Group](#creating-a-resource-group). 3. Set **Alarm Notification** parameters. ![**Figure 6** Configuring alarm notification](/img/docs/best-practices/management-and-deployment/cloud-eye/en-us_image_0229987913.png) :::note - Note: When configuring **Notification Object**, select **Mytopic** created in [Step 2 Creating a Topic and Configuring the Notification Object](#step-2-creating-a-topic-and-configuring-the-notification-object). + Note: When configuring **Notification Object**, select **Mytopic** created in [Step 2 Creating a Topic and Configuring the Notification Object](#creating-a-topic-and-configuring-the-notification-object). ::: 4. Click *Create*. diff --git a/docs/best-practices/networking/virtual-private-cloud/vpc-and-subnet-planning-suggestions.md b/docs/best-practices/networking/virtual-private-cloud/vpc-and-subnet-planning-suggestions.md index 2b367d48f..ae7b5798e 100644 --- a/docs/best-practices/networking/virtual-private-cloud/vpc-and-subnet-planning-suggestions.md +++ b/docs/best-practices/networking/virtual-private-cloud/vpc-and-subnet-planning-suggestions.md @@ -10,30 +10,17 @@ Before creating your VPCs, determine how many VPCs, the number of subnets, and what IP address ranges or connectivity options you will need. -- [VPC and Subnet Planning Suggestions](#vpc-and-subnet-planning-suggestions) - - [How Do I Determine How Many VPCs I Need?](#how-do-i-determine-how-many-vpcs-i-need) - - [One VPC](#one-vpc) - - [Multiple VPCs](#multiple-vpcs) - - [How Do I Plan Subnets?](#how-do-i-plan-subnets) - - [How Do I Plan Routing Policies?](#how-do-i-plan-routing-policies) - - [How Do I Connect to an On-Premises Data Center?](#how-do-i-connect-to-an-on-premises-data-center) - - [How Do I Access the Internet?](#how-do-i-access-the-internet) - - [Use EIPs to enable a small number of ECSs to access the Internet](#use-eips-to-enable-a-small-number-of-ecss-to-access-the-internet) - - [Use a NAT gateway to enable a large number of ECSs to access the Internet](#use-a-nat-gateway-to-enable-a-large-number-of-ecss-to-access-the-internet) - - [Use ELB to access the Internet If there are a large number of concurrent requests](#use-elb-to-access-the-internet-if-there-are-a-large-number-of-concurrent-requests) - - [Additional Resources](#additional-resources) - ## How Do I Determine How Many VPCs I Need? VPCs are region-specific. By default, networks in VPCs in different regions or even in the same region are not connected. -#### One VPC +### One VPC If your services do not require network isolation, a single VPC should be enough. -#### Multiple VPCs +### Multiple VPCs If you have multiple service systems in a region and each service system requires an isolated network, you can create a separate VPC for each @@ -64,12 +51,11 @@ block: - IP address range: Avoid IP address conflicts if you need to connect a VPC to an on-premises data center or connect two VPCs. - -| VPC CIDR Block Addresses | IP Address Range | Maximum Number IP | -| ------------------- |-----------------------------| ---------------------------- | -| 10.0.0.0/8-24 | 10.0.0.0-10.255.255.255 | 2\^24-2=16777214 | -| 172.16.0.0/12-24 | 172.16.0.0-172.31.255.255 | 2\^20-2=1048574 | -| 192.168.0.0/16-24 | 192.168.0.0-192.168.255.255 | 2\^16-2=65534 | +| VPC CIDR Block Addresses | IP Address Range | Maximum Number IP | +| ------------------------- | --------------------------- | ----------------- | +| 10.0.0.0/8-24 | 10.0.0.0-10.255.255.255 | 2\^24-2=16777214 | +| 172.16.0.0/12-24 | 172.16.0.0-172.31.255.255 | 2\^20-2=1048574 | +| 192.168.0.0/16-24 | 192.168.0.0-192.168.255.255 | 2\^16-2=65534 | : **Table 1** VPC CIDR blocks diff --git a/docs/best-practices/networking/virtual-private-network/connecting-multiple-on-premises-branch-networks-through-a-vpn-hub.md b/docs/best-practices/networking/virtual-private-network/connecting-multiple-on-premises-branch-networks-through-a-vpn-hub.md index bdb26b5ed..d9a52dfb6 100644 --- a/docs/best-practices/networking/virtual-private-network/connecting-multiple-on-premises-branch-networks-through-a-vpn-hub.md +++ b/docs/best-practices/networking/virtual-private-network/connecting-multiple-on-premises-branch-networks-through-a-vpn-hub.md @@ -10,9 +10,7 @@ To meet service requirements, enterprise A needs to implement communication betw ## Solution Design -[Figure 1](#figure-1) shows the networking where the VPN service is used to connect the two on-premises data centers. - - +*Figure 1* shows the networking where the VPN service is used to connect the two on-premises data centers. ![](/img/docs/best-practices/networking/virtual-private-network/connecting-multiple-on-premises-branch-networks-through-a-vpn-hub/en-us_image_0000001592878805.png) @@ -175,17 +173,15 @@ Open Telekom Cloud VPNs support static routing mode, BGP routing mode, and polic 1. Choose *Virtual Private Network* -> *Enterprise – VPN Gateways*, and click *Create VPN Gateway*. 2. Set parameters as prompted. - [Table 1](#table-1) only describes the key parameters for creating a VPN gateway. + *Table 1* only describes the key parameters for creating a VPN gateway. - - **Table 1** Description of VPN gateway parameters | Parameter | Description | Value | | ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | | Name | Name of a VPN gateway. | vpngw-001 | | Network Type | Select **Public network**. | Public network | | Associate With | Select **VPC**. If the VPN gateway is associated with an enterprise router, select **Enterprise Router**. | VPC | - | VPC | Open Telekom Cloud VPC that the on-premises data centers need to access. | vpc-001(192.168.0.0/16) | + | VPC | Open Telekom Cloud VPC that the on-premises data centers need to access. | vpc-001(192.168.0.0/16) | | Local Subnet | VPC subnets that the on-premises data centers need to access. | 192.168.0.0/24,192.168.1.0/24 | | Interconnection Subnet | This subnet is used for communication between the VPN gateway and VPC. Ensure that the selected interconnection subnet has four or more assignable IP addresses. | 192.168.2.0/24 | | BGP ASN | BGP AS number. | 64512 | @@ -198,16 +194,14 @@ Open Telekom Cloud VPNs support static routing mode, BGP routing mode, and polic 1. Choose *Virtual Private Network* -> *Enterprise – Customer Gateways*, and click *Create Customer Gateway*. 2. Set parameters as prompted. - [Table 2](#table-2) only describes the key parameters for creating a customer gateway. - - - + *Table 2* only describes the key parameters for creating a customer gateway. + **Table 2** Description of customer gateway parameters - | Parameter | Description | Value | - | ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | - | Name | Name of a customer gateway. | cgw-fw1 | - | Routing Mode | Select **Static**. | Static | + | Parameter | Description | Value | + | ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | + | Name | Name of a customer gateway. | cgw-fw1 | + | Routing Mode | Select **Static**. | Static | | Gateway IP Address | IP address used by the customer gateway in on-premises data center 1 to communicate with the Open Telekom Cloud VPN gateway.
Ensure that UDP port 4500 is permitted on the customer gateway device in the on-premises data center. | 1.1.1.1 | @@ -217,26 +211,24 @@ Open Telekom Cloud VPNs support static routing mode, BGP routing mode, and polic 1. Choose *Virtual Private Network* -> *Enterprise – VPN Connections*, and click *Create VPN Connection*. 2. Set parameters for VPN connection 1 and click *Submit*. - [Table 3](#table-3) only describes the key parameters for creating a VPN connection. - - - + *Table 3* only describes the key parameters for creating a VPN connection. + **Table 3** Description of VPN connection parameters - | Parameter | Description | Value | - | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | - | Name | Name of a VPN connection. | vpn-001 | - | VPN Gateway | VPN gateway for which the VPN connection is created. | vpngw-001 | - | Gateway IP Address | Active EIP bound to the VPN gateway. | 1.1.1.2 | - | VPN Type | Select **Static routing**. | Static routing | - | Customer Gateway | Name of a customer gateway. | cgw-fw1 | + | Parameter | Description | Value | + | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | + | Name | Name of a VPN connection. | vpn-001 | + | VPN Gateway | VPN gateway for which the VPN connection is created. | vpngw-001 | + | Gateway IP Address | Active EIP bound to the VPN gateway. | 1.1.1.2 | + | VPN Type | Select **Static routing**. | Static routing | + | Customer Gateway | Name of a customer gateway. | cgw-fw1 | | Customer Subnet | Subnet in on-premises data center 1 that needs to access the VPC on Open Telekom Cloud. A customer subnet cannot be included in any local subnet or any subnet of the VPC to which the VPN gateway is attached. Reserved VPC CIDR blocks such as 100.64.0.0/10 and 214.0.0.0/8 cannot be used as customer subnets. | 172.16.0.0/16 | - | Interface IP Address Assignment | Manually specify In this example, select **Manually specify**. Automatically assign | Manually specify | - | Local Tunnel Interface Address | Tunnel interface IP address configured on the VPN gateway. | 169.254.70.1 | - | Customer Tunnel Interface Address | Tunnel interface IP address configured on the customer gateway device. | 169.254.70.2 | - | Link Detection | Whether to enable route reachability detection in multi-link scenarios. When NQA is enabled, ICMP packets are sent for detection and your device needs to respond to these ICMP packets. | **NQA** enabled | - | PSK, Confirm PSK | The value must be the same as the PSK configured on the customer gateway device. | Test@123 | - | Policy Settings | The policy settings must be the same as those on the customer gateway device. | Default | + | Interface IP Address Assignment | Manually specify In this example, select **Manually specify**. Automatically assign | Manually specify | + | Local Tunnel Interface Address | Tunnel interface IP address configured on the VPN gateway. | 169.254.70.1 | + | Customer Tunnel Interface Address | Tunnel interface IP address configured on the customer gateway device. | 169.254.70.2 | + | Link Detection | Whether to enable route reachability detection in multi-link scenarios. When NQA is enabled, ICMP packets are sent for detection and your device needs to respond to these ICMP packets. | **NQA** enabled | + | PSK, Confirm PSK | The value must be the same as the PSK configured on the customer gateway device. | Test@123 | + | Policy Settings | The policy settings must be the same as those on the customer gateway device. | Default | @@ -245,8 +237,6 @@ Open Telekom Cloud VPNs support static routing mode, BGP routing mode, and polic :::note For VPN connection 2, you are advised to use the same parameter settings as VPN connection 1, except the parameters listed in the following table. ::: - - **Table 4** Parameter settings for VPN connection 2 @@ -261,26 +251,24 @@ Open Telekom Cloud VPNs support static routing mode, BGP routing mode, and polic 1. Choose *Virtual Private Network* -> *Enterprise – VPN Connections*, and click *Create VPN Connection*. 2. Set parameters for VPN connection 1 as prompted and click *Submit*. - [Table 5](#table-5) only describes the key parameters for creating a VPN connection. - - + *Table 5* only describes the key parameters for creating a VPN connection. **Table 5** Description of VPN connection parameters - | Parameter | Description | Value | - | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | - | Name | Name of a VPN connection. | vpn-003 | - | VPN Gateway | VPN gateway for which the VPN connection is created. | vpngw-001 | - | Gateway IP Address | Active EIP bound to the VPN gateway. | 1.1.1.2 | - | Customer Gateway | Name of a customer gateway. | cgw-fw2 | - | VPN Type | Select **Static routing**. | Static routing | + | Parameter | Description | Value | + | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | + | Name | Name of a VPN connection. | vpn-003 | + | VPN Gateway | VPN gateway for which the VPN connection is created. | vpngw-001 | + | Gateway IP Address | Active EIP bound to the VPN gateway. | 1.1.1.2 | + | Customer Gateway | Name of a customer gateway. | cgw-fw2 | + | VPN Type | Select **Static routing**. | Static routing | | Customer Subnet | Subnet in on-premises data center 2 that needs to access the VPC on Open Telekom Cloud. A customer subnet cannot be included in any local subnet or any subnet of the VPC to which the VPN gateway is attached. Reserved VPC CIDR blocks such as 100.64.0.0/10 and 214.0.0.0/8 cannot be used as customer subnets. | 10.10.0.0/16 | - | Interface IP Address Assignment | **Manually specify** In this example, select Manually specify. Automatically assign | Manually specify | - | Local Tunnel Interface Address | Tunnel interface IP address configured on the VPN gateway. | 169.254.72.1 | - | Customer Tunnel Interface Address | Tunnel interface IP address configured on the customer gateway device. | 169.254.72.2 | - | Link Detection | Whether to enable route reachability detection in multi-link scenarios. When NQA is enabled, ICMP packets are sent for detection and your device needs to respond to these ICMP packets. | **NQA** enabled | - | PSK, Confirm PSK | The value must be the same as the PSK configured on the customer gateway device in on-premises data center 2. | Test@123 | - | Policy Settings | The policy settings must be the same as those configured on the customer gateway device in on-premises data center 2. | Default | + | Interface IP Address Assignment | **Manually specify** In this example, select Manually specify. Automatically assign | Manually specify | + | Local Tunnel Interface Address | Tunnel interface IP address configured on the VPN gateway. | 169.254.72.1 | + | Customer Tunnel Interface Address | Tunnel interface IP address configured on the customer gateway device. | 169.254.72.2 | + | Link Detection | Whether to enable route reachability detection in multi-link scenarios. When NQA is enabled, ICMP packets are sent for detection and your device needs to respond to these ICMP packets. | **NQA** enabled | + | PSK, Confirm PSK | The value must be the same as the PSK configured on the customer gateway device in on-premises data center 2. | Test@123 | + | Policy Settings | The policy settings must be the same as those configured on the customer gateway device in on-premises data center 2. | Default |