Got it

HCS8.0.3 Captain Secret Scripts !Episode 5 Mysterious internal network Highlighted

Latest reply: Apr 12, 2022 06:30:21 299 5 2 0 0

internal network!

The VMS communicates with the managerone through the internal network.

Some communication traffic of higher order services is transmitted through the internal network.

DNS/NTP, The internal network is used.


Why does an internal network need anywhere?

Does the higher-order service also use the internal network?

All traffic is transmitted through the internal network?

Whoa, easy, easy.

Read this page and you won't be bothered by the internal network.

Look, what can we do to meet the following requirements on the network?

There are two departments, department A and department B. Currently, departments A and B are completely isolated from each other. However, there is a set of security scanning terminals that need to scan terminals of two departments at the same time. How to do this?


Eh, open up the network between them?

Meby, doing so would break the network isolation between them.

Is there a better way?



We use NAT to convert the security scan system, and we only need to convert one system.

so, the internal network actually uses NAT, but the NAT pool is very large and connects to a large number of systems and terminals. Therefore, a dedicated network plane is used for bearer.

The structure is as follows.


Assume, that a VM converts VNC traffic through the internal public network. He's actually like that.


What! What's the difference between this and EIP?

Yes, its implementation is the same as that of EIP. There are three differences in use.

    1. External_Relay_Network (VRF): Internal never communicates with other planes. Firewalls and route leaks do not occur. External_Relay_Network is only a physical plane and never communicates externally.

    2. The EIP is manually allocated to the VMS based on service requirements. The internal public IP address of the External_Relay_Network is allocated by the system. Each VMS and each system component has an internal public IP address.

    3. Important traffic that must be communicated but cannot be directly communicated is transmitted. The traffic can be directly communicated without passing through the physical firewall.

So, EIP is an external network. What about External_Relay_Network?

Of course it is an external network. This can be observed on the OC.


Finally, how does he control the traffic passing through the intranet? This is actually very simple to understand using the network method. Set the required traffic of interest.

Well, now we've got two more secrets from Captain T.

Captain T's Secret Book #8: How to Understand the Internal Network.

1.The internal network is an "external network" that is never external.

2. The implementation of the internal public network is to convert traffic to ensure that the traffic to be accessed is not disordered.

3. Common services, such as NAT, DNS, control component API communication, NOVA, CINDER, etc.

Captain T's Secret Book #9: What can be configured on the internal public network?

1.Communication on the internal public network cannot be configured. We only need to understand which traffic passes through the internal public network.

2. For traffic that needs to be communicated but is not converted on the internal public network, use the previous method to permit traffic between planes, or convert traffic to EIPs and then permit traffic.

  • x
  • convention:

Admin Created Apr 11, 2022 01:52:19

View more
  • x
  • convention:

Created Apr 11, 2022 06:33:21

Interesting to know.
View more
  • x
  • convention:

Created Apr 12, 2022 01:26:39

Thank you for the recognition
View more
  • x
  • convention:

Created Apr 12, 2022 01:27:05

Thank you
View more
  • x
  • convention:

Admin Created Apr 12, 2022 06:30:21

Thanks for your sharing!
View more
  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.