Updated on 2024-01-16 GMT+08:00

Overview

An enterprise router is a high-specification, high-bandwidth, and high-performance router that connects virtual private clouds (VPCs) and on-premises networks to build a central hub network. Enterprise routers use the Border Gateway Protocol (BGP) to learn, dynamically select, or switch between routes, thereby significantly improving the network scalability and O&M efficiency and ensuring the service continuity.

You can use enterprise routers together with other Huawei Cloud services to flexibly construct different networks. This document provides best practices of typical networking for your reference.

Table 1 Scenario description

Networking

Scenario

Cloud Service

Description

Intra-region networking

Using Enterprise Router to Isolate VPCs in the Same Region

  • Enterprise Router
  • VPC
  • ECS
There are four VPCs in a region of Huawei Cloud, with service A, service B, and service C respectively in VPC 1, VPC 2, and VPC 3, and common service in VPC 4. The network requirements are as follows:
  1. VPC 1, VPC 2, and VPC 3 need to be isolated from each other.
  2. VPC 1, VPC 2, and VPC 3 need to communicate with VPC 4.

Intra-region networking

Using Enterprise Router and NAT Gateway to Allow VPCs in the Same Region to Share an EIP to Access the Internet

  • Enterprise Router
  • NAT Gateway
  • Elastic IP
  • VPC
  • ECS

There are four VPCs in region A on Huawei Cloud. VPC 1, VPC 2, and VPC 3 need to communicate with each other, and share an EIP through an SNAT rule of a NAT gateway in VPC 4 to access the Internet.

Intra-region networking

Using a Third-Party Firewall to Protect VPCs Connected by Enterprise Routers

  • Enterprise Router
  • VPC
  • ECS

There are three VPCs in a region of Huawei Cloud, with service A and service B respectively in VPC 1 and VPC 2, and the third-party firewall in VPC 3. For security purposes, the traffic to service A and service B must be filtered by the firewall in VPC 3.

Hybrid cloud networking

Using Enterprise Router and a Transit VPC to Allow an On-premises Data Center to Access Service VPCs

  • Enterprise Router
  • Direct Connect
  • VPN
  • VPC
  • ECS

You can use enterprise routers to build a central network and to simplify the network architecture. There are two typical networking schemes. One is to attach the service VPCs to the enterprise router. The other is to use a transit VPC to build a network, together with VPC Peering and Enterprise Router. Compared with scheme 1, scheme 2 costs less and eliminates some restrictions.

Hybrid cloud networking

Using Enterprise Router and Direct Connect to Allow Communications Between an On-Premises Data Center and VPCs

  • Enterprise Router
  • Direct Connect
  • VPC
  • ECS

There are two VPCs in region A. The two VPCs need to access each other and share the same Direct Connect connection to access an on-premises data center.

To do this, we can create an enterprise router in region A, and attach the two VPCs and the virtual gateway of the Direct Connect connection to the enterprise router. The enterprise router can forward traffic among the attached VPCs and the virtual gateway, and the two VPCs can share the Direct Connect connection.

Hybrid cloud networking

Allowing Direct Connect and VPN to Work in an Active and Standby Pair to Link an On-Premises Data Center to the Cloud

  • Enterprise Router
  • Direct Connect
  • VPN
  • VPC
  • ECS
To improve the reliability of a hybrid cloud networking, your enterprise uses both Direct Connect and VPN connections to connect your on-premises data center to the VPCs. The Direct Connect connection works as the active connection and the VPN connection works as the standby one. If the active connection is faulty, services are automatically switched to the standby one, reducing the impact of network interruptions on services.
  • VPC 1, VPC 2, and the Direct Connect connection are attached to the enterprise router. VPC1 and VPC 2 can communicate with each other. They communicate with the on-premises data center through the Direct Connect connection.
  • The VPN connection is also attached to the enterprise router. If the Direct Connect connection is faulty, VPC 1 and VPC 2 can communicate with the on-premises data center through the VPN connection.

Network migration

Using an Enterprise Router to Replace VPC Peering Connections

  • Enterprise Router
  • VPC
  • ECS

VPC-A, VPC-B, and VPC-C are in region A and connected over VPC peering connections. To improve network scalability and reduce O&M costs, you can use an enterprise router to connect the three VPCs.

Network migration

Migrating a Network from Direct Connect to Enterprise Router

  • Enterprise Router
  • Direct Connect
  • VPC
  • ECS

Your on-premises data center can access VPC-X in region A over a Direct Connect connection that has a virtual gateway (VGW-A) and two virtual interfaces (VIF-A01 and VIF-A02). To improve the reliability of your hybrid cloud network and reduce O&M costs, you can migrate the network by replacing Direct Connect with Enterprise Router.