Overview

Connect your on-premises network to the cloud over two connections that are terminated at two locations in the same region and use BGP routing so that your on-premises network can access the VPC.

Prerequisites

• Your on-premises network uses a single-mode fiber with a 1GE or 10GE optical module to connect to the access device in the cloud.
• Auto-negotiation for the port must be disabled. Port speed and full-duplex mode must be manually configured.
• 802.1Q VLAN encapsulation is supported on your network.
• Your device supports BGP and does not use ASN 64512, which is used by HUAWEI CLOUD.

Typical Topology

Your on-premises network is connected to a VPC in the CN North-Beijing4 region over two connections, with one terminated at Beijing-Zhongjin and the other one terminated at Langfang-Huawei Base. For details about how to create a VPC, see the Virtual Private Cloud User Guide.

CIDR blocks used in this solution are planned as below.

Table 1 CIDR blocks

Item	CIDR Block
Your on-premises network	10.1.123.0/24
Remote and local gateways (addresses for interconnection)	10.0.0.0/30 and 10.0.0.4/30
VPC	192.168.0.0/16

Figure 1 Accessing a VPC over two connections that use BGP routing

Operation process

Procedure

1. Create two connections.
   1. Log in to the management console.
   2. On the console homepage, click in the upper left corner and select the desired region and project.
   3. Hover on to display Service List and choose Networking > Direct Connect.
   4. In the navigation pane on the left, choose Direct Connect > Connections.
   5. Click Create Connection. Select Self Service Installation.
   6. On the Create Connection page, enter information about the equipment room and select the Direct Connect location and port based on Table 2.
      Figure 2 Creating a connection
      

      Table 2 Parameter description

      Parameter	Description	Example Value
      Region	Specifies the region where the connection resides. You can also change the region in the upper left corner of the console.	CN North-Beijing4
      Connection Name	Specifies the name of your connection.	dc-connect1
      Location	Specifies the Direct Connect location where your leased line can be connected to.	Beijing-Yizhuang-Centrin
      Carrier	Specifies the carrier that provides the leased line.	China Telecom
      Port Type	Specifies the type of the port used by the connection. There are two types of ports: 1GE single-mode optical port and 10GE single-mode optical port.	1GE
      Leased Line Bandwidth	Specifies the bandwidth of the connection in the unit of Mbit/s. This is the bandwidth of the leased line you bought from the carrier.	1,000 Mbit/s
      Your Equipment Room Address	Specifies the address of your equipment room. The address must be specific to the floor on which your equipment room is located, for example, XX Equipment Room, XX Building, No. XX, Huajing Road, Pudong District, Shanghai.	-
      Description	Provides supplementary information about the connection.	-
      Billing Mode	Specifies the billing model of the connection. Currently, only Yearly/Monthly is supported.	Yearly/Monthly
      Required Duration	Specifies how long the connection will be used.	5 months
      Auto-renew	Specifies whether to automatically renew the subscription to ensure service continuity. For example, if the required duration is three months, the system automatically renews the subscription for another three months.	5 months
      Contact Person/Phone Number/Email	Specifies information about the person who is responsible for your connection. If the contact information is not provided, your account information will be queried. This will increase the review period.	Tom +086 13912345678 (Chinese mainland) Tom@mail.com

   7. Click Next.
   8. Confirm the order and click Pay.
   9. Click Pay.
   10. Repeat steps 4 to 9 to create connection dc-connect2 and select Langfang-Huawei Base as its location.

2. Create a virtual gateway.
   1. In the navigation pane on the left, choose Direct Connect > Virtual Gateways.
   2. Click Create Virtual Gateway.
   3. Configure the parameters based on Table 3.
      Figure 3 Creating a virtual gateway
      

      Table 3 Parameter description

      Parameter	Description	Example Value
      Name	Specifies the virtual gateway name. The name can contain 1 to 64 characters.	vgw-test
      VPC	Specifies the VPC to be associated with the virtual gateway.	VPC-001
      Local Subnet	Specifies the CIDR blocks of the subnets in the VPC to be accessed using Direct Connect. You can add one or more CIDR blocks. Separate every entry with a comma (,) if there are multiple CIDR blocks.	192.168.0.0/16
      Description	Provides supplementary information about the virtual gateway.	-

   4. Click OK.

3. Create two virtual interfaces.
   Create virtual interfaces vif-test1 and vif-test2 and associate them with virtual gateway vgw-test. Associate virtual interface vif-test1 with connection dc-connect1 and virtual interface vif-test2 with connection dc-connect2.

   1. In the navigation pane on the left, choose Direct Connect > Virtual Interfaces.
   2. Click Create Virtual Interface.
   3. Configure the parameters based on Table 3.
      Figure 4 Create Virtual Interface
      

      Table 4 Parameter description

      Parameter	Description	Example Value
      Region	Specifies the region where the connection resides. You can also change the region in the upper left corner of the console.	CN North-Beijing4
      Name	Specifies the virtual interface name. The name can contain 1 to 64 characters.	vif-test1
      Connection	Specifies the connection you can use to connect your environment to HUAWEI CLOUD.	dc-connect1
      Virtual Gateway	Specifies the virtual gateway to which the virtual interface connects.	vgw-test
      VLAN	Specifies the ID of the VLAN in which the virtual interface works. You need to configure the VLAN if you create a connection through self-service. The VLAN of the virtual interface of the hosting private line uses the VLAN allocated by the carrier or partner for the hosting private line. You do not need to configure the VLAN.	30
      Bandwidth	Specifies the bandwidth that can be used by the virtual interface in the unit of Mbit/s. The bandwidth cannot exceed that of the connection.	1,000 Mbit/s
      Local Gateway	Specifies the IP address for connecting to the cloud.	10.0.0.1/30
      Remote Gateway	Specifies the IP address for connecting to your network. The remote gateway must be in the same IP address range as the local gateway. Generally, a subnet with a 30-bit mask is recommended.	10.0.0.2/30
      Remote Subnet	Specifies the subnets and masks of your network. If there are multiple subnets, use commas (,) to separate them.	10.1.123.0/24
      Routing Mode	Specifies the routing mode. Two options are available, static routing and BGP routing. If there are two connections or you want to have another connection in the future, select BGP routing.	BGP
      BGP ASN	Specifies the ASN of the BGP peer. This parameter is required when BGP routing is selected.	64510
      BGP MD5 Authentication Key	Specifies the password used to authenticate the BGP peer using MD5. This parameter is required when BGP routing is selected.	Qaz12345678
      Description	Provides supplementary information about the virtual interface.	-

   4. Click Create Now.
   5. Repeat steps 1 to 4 to create virtual interface vif-test2.
      

      When you create virtual interface vif-test2, select connection dc-connect2, and set Local Gateway to 10.0.0.5/30 and Remote Gateway to 10.0.0.6/30.

4. Wait for route advertisement on the cloud.

   The Direct Connect device automatically advertises the routes after network connectivity is established.

5. Advertise the routes on your device.

   Example configuration (on a Huawei device):

   bgp 64510
   peer 10.0.0.1 as-number 64512
   peer 10.0.0.1 password simple Qaz12345678
   peer 10.0.0.5 as-number 64512
   peer 10.0.0.5 password simple Qaz12345678
   network 10.1.123.0 255.255.255.0

Active/Standby Connections

By default, the BGP protocol automatically selects the active and standby links. You can specify as-path and local-preference to configure the connection terminated at Beijing-Zhongjin as the active one.

The following is an example configuration:

bgp 64510
peer 10.0.0.1 as-number 64512
peer 10.0.0.1 password simple Qaz12345678
peer 10.0.0.5 as-number 64512
peer 10.0.0.5 password simple Qaz12345678
peer  10.0.0.5 route-policy slave_direct_in import
peer 10.0.0.5 route-policy slave_direct_out export
network 10.1.123.0 255.255.255.0
route-policy  slave_direct_in  permit node 10
apply local-preference 90
route-policy  slave_direct_out  permit node 10
apply as-path 64510 additive

Verification

Ping a VM in the on-premises data center from an ECS on the cloud.

Helpful Links

• For details about how to troubleshoot connection faults, see Network and Connectivity and Routing.
• For common problems about establishing network connectivity using Direct Connect, see Leased Line Construction.
• For common problems about Direct Connect interconnection, see Interconnection with Cloud.