Enabling ICMP Security Group Rules

Scenario

If a workload uses UDP for both load balancing and health check, enable ICMP security group rules for the backend servers.

Procedure

  1. Log in to the CCE console, choose Service List > Networking > Virtual Private Cloud, and choose Access Control > Security Groups in the navigation pane.

  2. In the security group list, locate the security group of the cluster. Click the Inbound Rules tab page and then Add Rule. In the Add Inbound Rule dialog box, configure inbound parameters.

    Cluster Type

    ELB Type

    Security Group

    Protocol & Port

    Allowed Source CIDR Block

    CCE Standard

    Shared

    Node security group, which is named in the format of "{Cluster name}-cce-node-{Random ID}".

    If a custom node security group is bound to the cluster, select the target security group.

    All ICMP ports

    100.125.0.0/16 for the shared load balancer

    Dedicated

    Node security group, which is named in the format of "{Cluster name}-cce-node-{Random ID}".

    If a custom node security group is bound to the cluster, select the target security group.

    All ICMP ports

    Backend subnet of the load balancer

    CCE Turbo

    Shared

    Node security group, which is named in the format of "{Cluster name}-cce-node-{Random ID}".

    If a custom node security group is bound to the cluster, select the target security group.

    All ICMP ports

    100.125.0.0/16 for the shared load balancer

    Dedicated

    ENI security group, which is named in the format of "{Cluster name}-cce-eni-{Random ID}".

    If a custom ENI security group is bound to the cluster, select the target security group.

    All ICMP ports

    Backend subnet of the load balancer

  3. Click OK.