Scenarios

If you have more than one on-premises data center and more than one VPC, you can use Direct Connect and Cloud Connect to connect all your on-premises data centers to the VPCs in different regions.

Figure 1 shows the networking topology

Figure 1 Networking topology

When you configure Cloud Connect, note that:

• Subnet CIDR blocks of the VPCs cannot overlap or conflict with each other.
• Existing routes, including those you add for VPC Peering, Direct Connect, or VPN, cannot conflict with the routes of subnets that you load to the cloud connection.

Prerequisites

• You have registered a HUAWEI CLOUD account and completed real-name authentication.
• Your account balance is sufficient to purchase the required resources, including Direct Connect connections, bandwidth packages, and ECSs.
• You have selected appropriate Direct Connect locations and completed the site survey of your on-premises data centers with the carrier. For details, see Preparations.
• You have created the VPCs and subnets that need to communicate with each other across regions.
• You have configured all VPC subnets for your on-premises data center.

Procedure

1. Configure Direct Connect.
   1. Create a Direct Connect connection.
      1. Log in to the Direct Connect console.
      2. On the console homepage, click in the upper left corner and select the desired region and project.
      3. Hover on to display Service List and choose Networking > Direct Connect.
      4. In the navigation pane on the left, choose Direct Connect > Connections.
      5. Click Create Connection.
      6. On the Create Connection page, configure the parameters based on Table 1.

         Table 1 Parameter description

         Parameter	Description	Example Value
         Region	Specifies the region where the connection is deployed. You can change the region here, or use the region selector in the upper left corner of the console.	CN South-Guangzhou
         Connection Name	Specifies the connection name. Enter a desired name.	dc-cc
         Location	Specifies the location that your leased line can access.	Guangzhou-Huangpu-Huaxinyuan
         Carrier	Specifies the carrier that provides the leased line.	China Telecom
         Port Type	Specifies the type of the port used by the connection. There are four types of ports: 1GE, 10GE, 40GE, and 100GE.	1GE single-mode optical port
         Leased Line Bandwidth	Specifies the bandwidth of the connection, in Mbit/s. Select a value from the drop-down list. This is the bandwidth of the leased line you have purchased from the carrier.	1,000
         Your Equipment Room Address	Specifies the address of your equipment room. The address must be specific to the floor on which your equipment room is located, for example, Equipment Room XX, Building XX, No. XX, Huajing Road, Fengdong District, Shanghai.	N/A
         Description	Provides supplementary information about the connection.	N/A
         Billing Mode	Specifies the billing model of the connection. Currently, only Yearly/Monthly is supported.	Yearly/Monthly
         Required Duration	Specifies the duration for which you require the connection.	5 months
         Auto-renew	Specifies whether to automatically renew the connection to ensure service continuity. It is recommended that you set the auto-renewal period to be the same as the required duration. If the required duration is three months, the system automatically renews the subscription for three months.	5 months
         Enterprise Project	Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.	default
         Contact Person/Phone Number/Contact Email	Specifies information about the person who is responsible for your connection. If you do not provide the contact information, your account information will be used. This will increase the review period.	Tom +086 13912345678 (Chinese mainland) Tom@mail.com

      7. Click Next
      8. Confirm the order and click Pay.
      9. Click Pay.
   2. Connect your data center to the location.
      1. After the payment is complete, switch back to the connection list. Locate the newly created connection, click Apply for LOA in the Operation column, and then enter information about the construction plan and equipment room LOA.
      2. Click Confirm to submit the LOA application, and wait for the approval. During this period, you can view the LOA.
      3. After the LOA is approved, request the carrier to complete the construction. Click Download LOA, save and print the LOA, and contact your carrier. The carrier and construction personnel must carry the LOA when entering the construction site.
      4. After the cabling is complete, obtain the line code and in-building cable label from your carrier and click Report Completion of Construction.
      5. Wait for HUAWEI CLOUD to complete the construction. HUAWEI CLOUD engineers will connect the leased line to the HUAWEI CLOUD gateway port.
      6. After the construction is completed, click Confirm Completion in the Operation column.
      7. Click Confirm. The connection status will change to Normal.
      

      LOA application, cabling by the carrier, and construction by HUAWEI CLOUD involve coordination with the equipment room operator, and the time for these activities depends on special situations such as holidays and national policies.

   3. Create a virtual gateway.

      After creating a connection, create a virtual gateway to associate it with the VPC in South China.

      1. Log in to the management console.
      2. On the console homepage, click in the upper left corner and select the desired region and project.
      3. Hover on to display Service List and choose Networking > Direct Connect.
      4. In the navigation pane on the left, choose Direct Connect > Virtual Gateways.
      5. Click Create Virtual Gateway.
      6. Configure the parameters based on Table 2.
         Figure 2 Create Virtual Gateway
         

         Table 2 Parameter description

         Parameter	Description	Example Value
         Name	Specifies the virtual gateway name. The name can contain 1 to 64 characters.	vgw-dc-cc
         VPC	Specifies the VPC associated with the virtual gateway.	VPC-GuangZhou
         Local Subnet	Specifies the CIDR blocks of subnets in the VPC to connect to the on-premises network.	192.168.1.0/24 192.168.3.0/24 192.168.5.0/24
         Description	Provides supplementary information about the virtual gateway. The description can contain a maximum of 128 characters.	-

         

         Add CIDR blocks of all VPC subnets that will communicate with the data center to ensure normal communications.

      7. Click OK.

         When the virtual gateway status changes Normal, the virtual gateway has been created.

   4. Create a virtual interface.

      After the connection and the virtual gateway are ready, you need to create a virtual interface so that your network can access the VPC in CN South-Guangzhou.

      1. Log in to the management console.
      2. On the console homepage, click in the upper left corner and select the desired region and project.
      3. Hover on to display Service List and choose Networking > Direct Connect.
      4. In the navigation pane on the left, choose Direct Connect > Virtual Interfaces.
      5. Click Create Virtual Interface.
      6. Configure the parameters based on Table 3.
         Figure 3 Create Virtual Interface
         

         Table 3 Parameter description

         Parameter	Description	Example Value
         Region	Specifies the region where the connection is deployed. You can change the region here, or use the region selector in the upper left corner of the console.	CN South-Guangzhou
         Name	Specifies the virtual interface name. The name can contain 1 to 64 characters.	vif-dc-cc
         Connection	Specifies the connection you use to connect your data center to the cloud.	dc-cc
         Virtual Gateway	Specifies the virtual gateway to which the virtual interface will connect.	vgw-dc-cc
         VLAN	Specifies the VLAN of the virtual interface. You need to configure the VLAN if you buy a self-service connection. The VLAN for a hosted connection will be allocated by the carrier or partner. In this scenario, you do not need to configure the VLAN.	25
         Enterprise Project	Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.	default
         Bandwidth	Specifies the bandwidth that can be used by the virtual interface, in Mbit/s. The bandwidth cannot exceed that of the connection.	500
         Local Gateway	Specifies the IP address of the network interface on the HUAWEI CLOUD side.	192.168.4.2/30
         Remote Gateway	Specifies the network IP address for connecting to your data center. The IP address of the remote gateway must be in the same network segment as that of the local gateway, and it is recommended that both IP addresses use a 30-bit mask.	192.168.4.1/30
         Remote Subnet	Specifies the subnets and masks of your network. If there are multiple subnets, use commas (,) to separate them.	172.16.1.0/24
         Routing Mode	Specifies the routing mode. Two options are available, static routing and BGP routing. If there are two or more connections, select BGP routing.	BGP
         BGP ASN	Specifies the ASN of the BGP peer. Enter a value from 1 to 65535, excluding 64512, which is reserved by HUAWEI CLOUD. This parameter is required if you select BGP routing.	12345
         BGP MD5 Authentication Key	Specifies the password used to authenticate the BGP peer using MD5. This parameter is mandatory if you select BGP routing, and you must ensure that the parameter values on both gateways are the same. The value contains 8 to 255 characters and must contain at least two types of the following characters: Uppercase letters Lowercase letters Digits Special characters ~!, .:;-_"(){}[]/@#$ %^&*+\|=	12345678
         Description	Provides supplementary information about the virtual interface. The description can contain a maximum of 128 characters.	N/A

      7. Click Submit. When the status of the virtual interface changes Normal, the virtual interface has been created.
      8. Ping a server in on-premises data center 1 from an ECS in the VPC in CN South-Guangzhou (VPC 1) to test network connectivity.
   5. Repeat 1.a to 1.d to establish network connectivity between on-premises data center 2 and the VPC in CN East-Shanghai1 (VPC 2).

2. Configure Cloud Connect.
   1. Create a cloud connection.
      1. Log in to the management console.
      2. Hover on to display Service List and choose Networking > Direct Connect.
         Figure 4 Cloud Connect
         

      3. In the navigation pane on the left, choose Cloud Connect > Cloud Connections.
      4. On the displayed page, click Create Cloud Connection.
         Figure 5 Create Cloud Connection
         
      5. Configure the parameters based on Table 4.

         Table 4 Parameter description

         Parameter	Description	Example Value
         Name	Specifies the cloud connection name. The name can contain 1 to 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).	CloudConnect
         Enterprise Project	Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.	default
         Description	Provides supplementary information about the cloud connection. The description can contain a maximum of 255 characters.	A cloud connection for demo

      6. Click OK.
   2. Load network instances.

      Load the network instances to the created cloud connection.

      1. In the cloud connection list, click the cloud connection named CloudConnect.
         

         On the displayed page, you can view details about the cloud connection, such as its name, ID, status, time when the cloud connection was created, and description. There are also four tabs: Network Instances, Bound Bandwidth Packages, Inter-Region Bandwidths, and Route Information.

         Figure 6 Cloud connection details
         
      2. Under Network Instances, click Load Network Instance.
         Figure 7 Load Network Instance
         
      3. Configure the parameters.

         

         

         To establish network communications with your on-premises data center, you need to add the subnet used in your on-premises data center as a custom CIDR block.

      4. Click OK. The VPC in the CN South-Guangzhou region is loaded to the cloud connection.
      5. Repeat the preceding steps to load the VPC in the CN East-Shanghai region to the cloud connection.
         Figure 8 Loading the other VPC
         
         

         After you load the VPCs, the VPCs in the two regions are on the same network. You can view the routes of each VPC on the Route Information tab page.

         Figure 9 Route Information
         
   3. Buy a bandwidth package.

      By default, the system allocates 10 kbit/s of bandwidth for testing network connectivity across regions.

      To ensure normal network communications, you need to purchase a bandwidth package and bind the package to the cloud connection.

      1. In the cloud connection list, click the cloud connection named CloudConnect.
      2. On the details page of the cloud connection, click Bound Bandwidth Packages and then Buy Bandwidth Package.
         Figure 10 Buy Bandwidth Package
         
      3. Configure the parameters.

         Because the two VPCs are in the Chinese mainland, select Single Geographic Region for Applicability and Chinese mainland for Geographic Region.

         Figure 11 Buying a bandwidth package
         
      4. Click Buy Now.
      5. Confirm the information and click Pay Now.
      6. Click Pay.

         Go back to the bandwidth package list, locate the bandwidth package, and verify that its status is Normal.

         

         In the navigation pane on the left, choose Bandwidth Packages. On the displayed page, locate the bandwidth package you just purchased. You can view its details, including the billing mode, order information, cloud connection to which it is bound, used bandwidth, and remaining bandwidth. You can also modify, unbind, renew, and unsubscribe from the bandwidth package.

   4. Assign an inter-region bandwidth.
      1. In the cloud connection list, click the cloud connection named CloudConnect.
      2. On the details page of the cloud connection, click Inter-Region Bandwidths and then Assign Inter-Region Bandwidth.
         Figure 12 Assign Inter-Region Bandwidth
         
      3. Configure the parameters.

         Select CN South-Guangzhou and CN East-Shanghai1 for Regions. The system automatically displays the bandwidth package bound to the cloud connection. Set the bandwidth based on your requirements, for example, 1 Mbit/s.

      4. View the assigned bandwidth on the Inter-Region Bandwidths tab page.
         

         The default security group rule denies all the inbound traffic. Ensure that security group rules in both directions are correctly configured for resources in the regions to ensure normal communications.

3. Configure local routes.
   • In on-premises data center 1, add routes to the VPC in CN East-Shanghai1 (192.168.1.0/24), the VPC in CN South-Guangzhou (192.168.3.0/24), and on-premises data center 2 (192.168.5.0/24).
   • In on-premises data center 2, add routes to the VPC in CN East-Shanghai1 (192.168.1.0/24), the VPC in CN South-Guangzhou (192.168.3.0/24), and on-premises data center 1 (172.16.1.0/24).

Verification

1. Ping an ECS in the CN East-Shanghai1 region and an ECS in each data center from an ECS in the CN South-Guangzhou region.

   

2. Ping an ECS in the CN South-Guangzhou region and an ECS in each data center from an ECS in the CN East-Shanghai1 region.

   

3. View the routes.