Shulou(Shulou.com)06/03 Report--

Today, the editor will bring you an article about the use of the security group. The editor thinks it is very practical, so I will share it for you as a reference. Let's follow the editor and have a look.

Can I adjust the maximum number of security group rules?

No, each security group can contain up to 100 security group rules. If the current limit does not meet your needs, it is recommended that you follow these steps:

Check for redundant rules. You can also submit a ticket, and Aliyun Technical support will provide inspection service.

Clear the redundant rules if there are redundant rules, or split the security group if there are no redundant rules.

Note: currently, each ENI in an instance can join up to 5 security groups by default, so each ENI in an instance can contain up to 500 security group rules, which can meet the needs of most scenarios.

Does the inbound rule and outbound rule of the security group count differently?

No distinction. The total number of inbound and outbound rules for each security group cannot exceed 100.

Does the adjustment of the upper limit of the number of VPC instances only apply to the newly added security groups?

No. Currently, the maximum number of VPC instances is 2000, which is valid for all security groups of VPC instances. It should be noted that the upper limit of 2000 refers to the number of VPCs contained in all instances (this quota is shared by primary and secondary NICs), not the number of instances. However, if you do not enable the secondary network card, 2000 private network IP is equivalent to 2000 instances.

Why is there an over-limit prompt when the instance joins the security group?

The upper limit of the number of security group rules acting on an instance (primary Nic) = the number of security groups allowed to join the instance x the maximum number of rules per security group.

If the prompt "failed to join the security group, the number of security group rules acting on the instance has reached the upper limit", the total number of rules actually acting on the current instance has exceeded the upper limit. You can view the total number of rules by following these steps:

Log in to the ECS Management console.

Go to the instance page.

In the actions column of the specified instance, click more > Network and Security groups > Security Group configuration.

On the security group page of this example, switch the tab to view all the rules of private network access direction and all the rules of private network access direction.

Lowering the upper limit of the number of rules leads to exceeding the limit, can you use security groups normally?

Existing security groups are not affected. Examples are as follows:

You can join 5 security groups for each instance, and each security group can contain 100 security group rules, of which security group An already contains 51 security group rules. Then, the submitted ticket is adjusted so that each instance can join 10 security groups, and each security group can contain 50 security group rules.

In this case, you can still use security group A normally. However, if you add security group rules to security group An again, you will be prompted that the number of security group rules exceeds the limit.

About the use of security groups to share here, I hope the above content can be of some help to you, can learn more knowledge. If you like this article, you might as well share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.