Help Center> Cloud Connect> Getting Started> Network Communications Among VPCs Across Regions> Network Communications Among VPCs of Different Accounts
View PDF

Network Communications Among VPCs of Different Accounts

Process Description

To enable network communications among VPCs that belong to different regions and are in different regions, create a cloud connection, ask other users to authorize their VPCs to you, and load the VPCs to the cloud connection. Then, purchase a bandwidth package and assign bandwidths between regions so that VPCs in these regions can communicate with each other. If a VPC is outside the Chinese mainland, you need to apply for a cross-border permit before you purchase bandwidth packages.

Figure 1 shows an example.

Figure 1 Network communications among VPCs under different accounts and in different regions

Figure 2 illustrates how you can enable network communications among VPCs that are under different accounts and in different regions.

Figure 2 Process for enabling network communications among VPCs

Procedure

  1. Apply for a cross-border permit.

    Skip this step if you do not require cross-border communications in your network plan.

    If a VPC to be connected is outside the Chinese mainland, you need to apply for a cross-border permit.

    Prepare required materials.

    1. Log in to the management console.
    2. Hover on the upper left corner to display Service List and choose Networking > Cloud Connect.
    3. In the navigation pane on the left, choose Cloud Connect > Cross-Border Permit.
    4. Click Download Materials.
    5. Print and sign the Cloud Connect Cross-Border Circuit Service Agreement, Letter of Authorization for Representative, and China Unicom Letter of Commitment to Information Security of the Cross-Border Circuit Service, and stamp your company's official seal.
    6. Prepare a scanned copy of your company's business license, of the representative's ID card, of the Cloud Connect Cross-Border Circuit Service Agreement, of the Letter of Authorization for Representative, and of the China Unicom Letter of Commitment to Information Security of the Cross-Border Circuit Service. Ensure that all materials are stamped with your company's official seal.

    Submit an application.

    1. Log in to the management console.
    2. Hover on the upper left corner to display Service List and choose Networking > Cloud Connect.
    3. In the navigation pane on the left, choose Cloud Connect > Cross-Border Permit.
    4. Click Submit Application.
    5. Fill in the enterprise and representative information, and upload the prepared materials.
    6. Click Submit.

      After you submit the application, the status will change to Pending approval. The review takes about one working day. When the status changes to Approved, you can buy bandwidth packages.

  2. Create a cloud connection.

    1. Log in to the management console.
    2. Hover on the upper left corner to display Service List and choose Networking > Cloud Connect.
    3. On the Cloud Connections page, click Create Cloud Connection.
    4. Configure the parameters based on Table 1.
      Table 1 Parameter description

      Parameter

      Description

      Example Value

      Name

      Specifies the cloud connection name.

      The name can contain 1 to 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

      CC_01

      Enterprise Project

      Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.

      default

      Description

      Provides supplementary information about the cloud connection.

      The description can contain a maximum of 255 characters.

      N/A
    5. Click OK.

  3. Ask others to authorize their VPCs to you.

    If your network needs to communicate with the VPCs of other users, ask them to authorize their VPCs to you and then load their VPCs to your cloud connection. The following are steps that other users can follow to authorize their VPCs to you:

    1. In the navigation pane, choose Cloud Connect > Cross-Account Authorization.
    2. Click Network Instances Authorized by Me.
    3. Click Authorize Network Instance.
      Configure the parameters based on Table 2.
      Table 2 Parameter description

      Parameter

      Description

      Example Value

      Region

      Specifies the region where the VPC is located.

      CN East-Shanghai1

      VPC

      Specifies the VPC to be authorized.

      VPC-w2

      Peer Account ID

      Specifies the ID of the other user's account.

      N/A

      Peer Cloud Connection ID

      Specifies the ID of the other user's cloud connection to which your VPCs are to be loaded.

      N/A

      Remarks

      Provides supplementary information about cross-account authorization, if any.

      N/A
    4. Click OK.

  4. Load network instances.

    Load the VPCs that need to communicate with each other to the cloud connection based on your network plan. To load a VPC that has been authorized to you, perform the following steps:

    1. Log in to the management console
    2. In the cloud connection list, locate the cloud connection and click its name.
    3. Under Network Instances, click Load Network Instance.
    4. Select Peer account for Account, select the other user's account ID, project ID, and the VPC, and specify the CIDR blocks.
      For details, see Table 3.
      Table 3 Parameter description

      Parameter

      Description

      Example Value

      Account

      Specifies whether network instances are from the current account or another account.

      Peer account

      Peer Account ID

      Specifies the project ID of the peer account's VPC.

      N/A

      Region

      Specifies the region where the VPC you want to connect is located.

      N/A

      Peer Project ID

      Specifies the project ID of the peer account's VPC.

      N/A

      Instance Type

      Specifies the type of the network instance to be loaded.

      Currently, you can load only VPCs across accounts.

      VPC

      Peer VPC

      Specifies the VPC you want to load.

      N/A

      VPC CIDR Block

      Specifies the subnets of the VPC you want to load and the custom CIDR blocks.

      N/A

      Remarks

      Provides supplementary information about the network instances.

      N/A
    5. Click OK.

    6. In the dialog box indicating that the VPC has been loaded, if you want to load another VPC, click Load Another Instance. Then click the Network Instances tab to view the network instances you loaded.

    You can load a network instance to only one cloud connection.

    Each VPC and the associated virtual gateway can be loaded only once.

    You need to ask other users to authorize their network instances to you before you can load their network instances.

  5. Buy a bandwidth package and bind it to the created cloud connection.

    By default, the system allocates 10 kbit/s of bandwidth for testing network connectivity across regions. To ensure normal network communications between regions in the same geographic region or across geographic regions, you need to purchase a bandwidth package and bind it to a cloud connection.

    A cloud connection can only have one bandwidth package regardless of if the cloud connection is used for communications within a geographic region or between geographic regions. For example, if network instances are in the Chinese mainland and Asia Pacific, your cloud connection can only have one bandwidth package.

    Buy a bandwidth package.

    1. In the navigation pane on the left, choose Cloud Connect > Bandwidth Packages.
    2. Click Buy Bandwidth Package.
    3. Configure the parameters based on Table 4 and click Buy Now.
      Table 4 Parameter description

      Parameter

      Description

      Example Value

      Billing Mode

      Specifies how you want the bandwidth package to be billed. Currently, only Yearly/Monthly is available.

      Yearly/Monthly

      Name

      Specifies the bandwidth package name.

      The name can contain 1 to 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

      daikuaibao1

      Billed By

      Specifies by what you want the bandwidth package to be billed.

      Bandwidth

      Applicability

      Specifies whether you want to use the bandwidth package for network communication within a geographic region or between geographic regions.

      Two options are available:

      • Single Geographic Region: The regions you assign inter-region bandwidths to are in the same geographic region.
      • Across Geographic Regions: The regions you assign inter-region bandwidths to are in different geographic regions.

      Single Geographic Region

      Geographic Region

      Specifies the geographic region where regions requiring inter-region bandwidths are located.

      Chinese mainland

      Bandwidth

      Specifies the bandwidth you require for network communications across regions, in Mbit/s. The sum of all inter-region bandwidths cannot exceed the bandwidth of the bandwidth package. Assign the bandwidth based on your network plan.

      Unit: Mbit/s

      50 Mbit/s

      Required Duration

      Specifies how long you require the bandwidth package for.

      Auto renewal is supported.

      1 month

      Enterprise Project

      Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.

      default

      Cloud Connection

      Specifies the cloud connection you want to bind the bandwidth package to.

      Two options are available, Bind now and Bind later.

      Bind now
      Figure 3 Buying a bandwidth package
    4. Confirm the information and click Pay Now.
    5. Click Pay.

      Go back to the bandwidth package list and locate the bandwidth package. If its status changes to Normal, you can bind the bandwidth package to the cloud connection.

    Bind the bandwidth package to the cloud connection.

    Bind the purchased bandwidth package to the created cloud connection to enable communication between network instances.

    1. In the cloud connection list, click the name of the created cloud connection.
    2. Click Bound Bandwidth Packages.
    3. Select the purchased bandwidth package and bind it to the cloud connection.

  6. Assign inter-region bandwidth.

    1. In the cloud connection list, click the name of the created cloud connection.
    2. Click Inter-Region Bandwidths.
    3. Click Assign Inter-Region Bandwidth and configure the parameters based on Table 5.
      Table 5 Parameter description

      Parameter

      Description

      Example Value

      Regions

      Specifies the two regions between which network communications are required.

      CN East-Shanghai1, CN North-Beijing4

      Bandwidth Package

      Specifies the bandwidth package you want to bind to the cloud connection.

      N/A

      Bandwidth

      Specifies the bandwidth you require for communications between regions, in Mbit/s.

      The sum of all inter-region bandwidths you assign based on the bandwidth package cannot exceed the bandwidth of the bandwidth package. Plan the bandwidth in advance.

      N/A
    4. Click OK.

      Now the VPCs in the two regions can communicate with each other.

      The default security group rule denies all the inbound traffic. Ensure that security group rules in both directions are correctly configured for resources in the regions to ensure normal communications.