Help Center> Cloud Connect> Best Practices> Connecting Multiple VPCs Across Regions
View PDF

Connecting Multiple VPCs Across Regions

Background

Resources in the VPCs in different regions can use EIPs or VPN connections to communicate with each other. However, EIPs and VPN connections rely on the Internet, which can be unstable, and if you use EIPs, data cannot be encrypted. To ensure stable network quality and prevent data breach, you can use Cloud Connect to connect the VPCs.

Scenarios

You have four VPCs, two in the CN East-Shanghai1 region, one in the CN-Hong Kong region, and one in the AF-Johannesburg region. The two VPCs in the CN East-Shanghai1 region each have two subnets. You can use Cloud Connect to connect the VPCs in the three regions to build a network that features high performance, high availability, and low latency. The following figure shows a typical scenario where Cloud Connect is used to enable communications among VPCs in different regions.

Figure 1 Cross-region multi-VPC communications

When you configure Cloud Connect, note that:

  • Subnet CIDR blocks of the VPCs cannot overlap or conflict with each other.
  • Existing routes, including those you add for VPC Peering, Direct Connect, or VPN, cannot conflict with the routes of subnets that you load to the cloud connection.

Prerequisites

  • You have created the VPCs and subnets that need to communicate with each other across regions.
  • Your account balance is sufficient to purchase bandwidth packages.
  • You have applied for a cross-border permit from China Unicom. In this practice, there are two VPCs outside the Chinese mainland. In accordance with the regulations of the Ministry of Industry and Information Technology (MIIT), before you purchase bandwidth packages, you need to apply for a cross-border permit from China Unicom.

    If you do not need cross-border network communications, you can ignore the last item.

Procedure

  1. Apply for a cross-border permit.

    1. In the navigation pane on the left, choose Cross-Border Permit.
      Figure 2 Cross-border permit
    2. Click Download Materials to download the materials and examples.
      Figure 3 Download Materials
    3. Click Submit Application. Enter all required information and upload the prepared materials.
      Figure 4 Applying for a cross-border permit

    4. Click Submit and wait for approval, which requires one working day.

  2. Create a cloud connection.

    1. Log in to the management console.
    2. Hover on the upper left corner to display Service List and choose Networking > Cloud Connect.
      Figure 5 Accessing the Cloud Connect console
    3. On the Cloud Connections page, click Create Cloud Connection.
      Figure 6 Create Cloud Connection
    4. Configure the parameters and click OK.
      Figure 7 Configuring the parameters

      Table 1 describes the parameters.

      Table 1 Parameter description

      Parameter

      Description

      Example Value

      Name

      Specifies the cloud connection name. The name can contain only letters, digits, underscores (_), hyphens (-), and periods (.).

      CloudConnect

      Enterprise Project

      Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.

      default

      Description

      Provides supplementary information about the cloud connection. The description can contain a maximum of 255 characters.

      A Cloud Connect instance for Demo
    5. Click OK.

  3. Load network instances.

    Load the VPCs to the created cloud connection.

    1. In the cloud connection list, locate the cloud connection you just created and click its name, for example, CloudConnect in the following figure.
      Figure 8 Cloud connection
      On the displayed page, you can view details about the cloud connection, such as its name, ID, status, time when the cloud connection was created, and description. There are also four tabs: Network Instances, Bound Bandwidth Packages, Inter-Region Bandwidths, and Route Information.
      Figure 9 Cloud connection details
    2. Under Network Instances, click Load Network Instance.
      Figure 10 Load Network Instance
    3. Select CN East-Shanghai1 for Region and VPC for Instance Type, select the VPC and its subnets, and click OK.
      Figure 11 Loading a network instance
    4. Repeat the preceding steps to load the other VPC in the CN East-Shanghai1 region, the VPC in the CN-Hong Kong region, and the VPC in the AF-Johannesburg region to the cloud connection.

      The four VPCs in the three regions are now on the same network. You can view the routes of each region on the Route Information tab page.

  4. Buy a bandwidth package.

    By default, the system allocates 10 kbit/s of bandwidth for testing network connectivity across regions.

    To ensure normal network communications, you need to purchase a bandwidth package and bind the package to the cloud connection.

    1. Locate the created cloud connection and click its name to go to the details page. Under Bound Bandwidth Packages, click Buy Bandwidth Package.
      Figure 12 Buy Bandwidth Package
    2. On the Buy Bandwidth Package page, configure the name, billing mode, bandwidth package applicability, geographic region, bandwidth size, and required duration, and determine whether to enable auto renewal and directly bind the bandwidth package to the cloud connection. Select Across Geographic Region for Applicability because the four VPCs are in three geographic regions.
      1. To enable network communications between the CN East-Shanghai1 and the CN-Hong Kong regions, select Chinese mainland and Asia Pacific as geographic regions and set the bandwidth to 30 Mbit/s.
      2. To enable network communications between the CN East-Shanghai1 and AF-Johannesburg regions, select Chinese mainland and Southern Africa as geographic regions and set the bandwidth to 2 Mbit/s.

      Click Bind now, select the cloud connection you just created, and click Buy Now.

    3. Confirm the information and click Pay Now.
    4. Click Pay.

      Go back to the bandwidth package list, locate the bandwidth package, and verify that its status is Normal.

      On the Bandwidth Packages page, you can view the purchased bandwidth package and its details, including the billing mode, order information, the cloud connection it is bound to, used bandwidth, and remaining bandwidth. You can also modify, unbind, renew, and unsubscribe from the bandwidth package.

  5. Assign inter-region bandwidths.

    On the cloud connection details page, assign bandwidths for network communications between regions.

    1. Locate the created cloud connection and click its name to go to the details page. Under Inter-Region Bandwidths, click Assign Inter-Region Bandwidth.
      Figure 13 Assign Inter-Region Bandwidth
    2. Select CN East-Shanghai1 and CN-Hong Kong for Regions. The bandwidth package that you have purchased is displayed. Set the bandwidth to 30 Mbit/s.

      Repeat the preceding steps to assign 2 Mbit/s of bandwidth for network communications between CN East-Shanghai1 and AF-Johannesburg.

    3. View the assigned bandwidths on the Inter-Region Bandwidths tab page.

      Now, the four VPCs can communicate with each other.

      The default security group rule denies all the inbound traffic. Ensure that security group rules in both directions are correctly configured for resources in the regions to ensure normal communications.