All Products
Search

This Product

    :WA-security design of east-west flow on cloud

    Document Center

    :WA-security design of east-west flow on cloud

    Last Updated:Mar 27, 2025

    Template ID

    B7PNZR1WN3DANUY1

    Supported regions

    Hangzhou, Shenzhen, Shanghai

    Template architecture

    image.jpeg

    Parameter variables

    Types of parameter variables include String, among others. Parameter values are passed through these variables.

    Default values are used if no values are passed. For modifying the template variable configuration, refer to:Template Variable Configuration

    Ordinal number

    Variable name

    Variable type

    Default value

    Description

    1

    Region

    String

    cn-hangzhou

    Hangzhou region

    2

    ${vpc_Security_name}

    String

    vpc_Security

    Firewall area VPC name

    3

    ${vpc_Security_IP}

    String

    10.0.0.0/23

    Firewall area VPC CIDR block

    4

    ${vsw_Security_firewall_name}

    String

    firewall_vswitch

    Firewall area-application switch name

    5

    ${vsw_Security_firewall_IP}

    String

    10.0.1.0/24

    Firewall area-application switch CIDR block

    6

    ${vsw_Security_tr_AZ1_name}

    String

    vsw-tr-J

    Firewall area-tr switch 1 name

    7

    ${vsw_Security_tr_AZ1_IP}

    String

    10.0.0.0/25

    Firewall area-tr switch 1 CIDR block

    8

    ${vsw_Security_tr_AZ2_name}

    String

    vsw-tr-K

    Firewall area-tr switch 2 name

    9

    ${vsw_Security_tr_AZ2_IP}

    String

    10.0.0.128/25

    Firewall area-tr switch 2 CIDR block

    10

    ${vpc1_name}

    String

    vpc1

    VPC1 area name

    11

    ${vpc1_IP}

    String

    172.16.0.0/24

    VPC1 area CIDR block

    12

    ${vsw_vpc1_tr_AZ1_name}

    String

    vsw-tr-J

    VPC1 area-tr switch 1 name

    13

    ${vsw_vpc1_tr_AZ1_IP}

    String

    172.16.0.0/25

    VPC1 area-tr switch 1 CIDR block

    14

    ${vsw_vpc1_tr_AZ2_name}

    String

    vsw-tr-K

    VPC1 area-tr switch 2 name

    15

    ${vsw_vpc1_tr_AZ2_IP}

    String

    172.16.0.128/25

    VPC1 area-tr switch 2 CIDR block

    16

    ${vpc2_name}

    String

    vpc2

    VPC2 area name

    17

    ${vpc2_IP}

    String

    192.168.0.0/24

    VPC2 area VPC CIDR block

    18

    ${vsw_vpc2_tr_AZ1_name}

    String

    vsw-tr-J

    VPC2 area-tr switch 1 name

    19

    ${vsw_vpc2_tr_AZ1_IP}

    String

    192.168.0.0/25

    VPC2 area-tr switch 1 CIDR block

    20

    ${vsw_vpc2_tr_AZ2_name}

    String

    vsw-tr-K

    VPC2 area-tr switch 2 name

    21

    ${vsw_vpc2_tr_AZ2_IP}

    String

    192.168.0.128/25

    VPC2 area-tr switch 2 CIDR block

    Command line debugging

    Example of passing parameters in a YAML file configuration (newly created default VPC, switch, CEN, TR, and route table):

    template_id: B7PNZR1WN3DANUY1
area_id: "cn-hangzhou"

variables:
            ${vpc_Security_name}: "vpc_Security"
            ${vpc_Security_IP}: "10.0.0.0/23"
            ${vsw_Security_firewall_name}: "firewall_vswitch"
            ${vsw_Security_firewall_IP}: "10.0.1.0/24"
            ${vsw_Security_tr_AZ1_name}"vsw-tr-J"
            ${vsw_Security_tr_AZ1_IP}: "10.0.0.0/25"
            ${vsw_Security_tr_AZ2_name}: "vsw-tr-K"
            ${vsw_Security_tr_AZ2_IP}: "10.0.0.128/25"
            ${vpc1_name}: "vpc1"
            ${vpc1_IP}: "172.16.0.0/24"
            ${vsw_vpc1_tr_AZ1_name}: "vsw-tr-J"
            ${vsw_vpc1_tr_AZ1_IP}: "172.16.0.0/25"
            ${vsw_vpc1_tr_AZ2_name}: "vsw-tr-K"
            ${vsw_vpc1_tr_AZ2_IP}: "172.16.0.128/25"
            ${vpc2_name}: "vpc2"
            ${vpc2_IP}: "192.168.0.0/24"
            ${vsw_vpc2_tr_AZ1_name}: "vsw-tr-J"
            ${vsw_vpc2_tr_AZ1_IP}: "192.168.0.0/25"
            ${vsw_vpc2_tr_AZ2_name}: "vsw-tr-K"
            ${vsw_vpc2_tr_AZ2_IP}: "192.168.0.128/25"
  
configuration:
  enableMonitor: "0"
  enableReport: "0"

    Note:

    1. To replace the region, substitute the area_id field, such as replacing Hangzhou's "cn-hangzhou" with Shanghai's "cn-shanghai".

    For region and zone IDs, see: Region and Zone

    2. The default TR route table associates with the VPC where the firewall is located. Ensure "Automatically associate with the default route table of the transit router", "Automatically propagate system routes to the default route table of the transit router", and "Automatically configure all route tables of the VPC to point to the transit router" are checked. For the newly created route table in TR that associates VPC1 and VPC2, only "Automatically configure all route tables of the VPC to point to the transit router" should be checked, and the route should be manually configured in route learning.

    Template Library Address:

    Code Example Address:

    Visualization Method

    1. Batch create related Alibaba Cloud services, including 3 VPCs and 7 switches.

      1. Create a new application based on the template. The default region is Hangzhou, and all cloud products are newly created.

      2. Complete the application save, and perform verification and pricing separately. All related cloud products are billed on a pay-as-you-go basis in this example.

      3. After verification, confirm the protocol to initiate batch deployment, which automatically completes the routing configuration.

    Integrated API Invocation Method

    1. Quickly complete the setup using a set of openAPI interfaces by integrating the API.

    2. For more information, see the referenced document to initialize the command line tool.

    3. Refer to the model YAML file for direct deployment and output.

    4. If replacing the region, substitute the area_id field, such as changing Hangzhou's "cn-hangzhou" to Shanghai's "cn-shanghai".