Networking and Resource Planning

Plan required resources and networking before, during, and after the replacement.

Network Planning: Plan CIDR blocks of VPCs and their subnets, and route tables of VPCs and the enterprise router.
Resource Planning: Plan the quantity, names, and other parameters of cloud resources, including VPCs, ECSs, and the enterprise router.

Network Planning

During the replacement, in addition to adding routes for communications among enterprise router and VPCs, you also need to add routes for verification and temporary communications. After the replacement is complete, you can delete unnecessary routes. For details about the networking planning, see Table 1.

The following figures show the networking in different replacement phases.

Figure 1
Figure 2
Figure 3

The routes in the figures are only examples for your reference. You need to plan routes based on service requirements.

Figure 1 Networking topology before replacement

Figure 2 Networking topology during replacement

Figure 3 Networking topology after replacement

**Table 1** Networking planning for replacing VPC peering connections with an enterprise router
Route Table	Description
VPC route table	Table 2 lists the routes in this route table. Before the replacement, the destination of the route with next hop set to VPC peering connection is a CIDR block of a VPC subnet. This only connects specific subnets of VPCs. During the replacement, add routes as follows: The routes for temporary communications ensure that traffic is not interrupted when original routes added for VPC peering connections are deleted. The next hop of the routes can be any VPC peering connection of the VPC. The route destinations cannot be used by any other services. You can set the destinations to those that are rarely used. In this example, the destinations are 1.1.1.1/32, 1.1.1.2/32, and 1.1.1.3/32. The routes with destination set to a large CIDR block and next hop to the enterprise router is used for communications between the VPCs and enterprise router. The route destination must contain CIDR blocks of all VPCs that need to communicate with each other and cannot be used by any other services. In this example, the destination is 172.16.0.0/14, containing three VPC CIDR blocks, 172.16.0.0/16, 172.17.0.0/16, and 172.18.0.0/16. The routes with next hop set to the enterprise router are used for communications between the VPCs and enterprise router. The route destinations cannot contain CIDR blocks configured for VPC peering connections and are not used to allow communications through VPC peering connections. In this example, the destinations are 172.16.253.0/29, 172.17.253.0/29, and 172.18.253.0/29. NOTICE: The routes for temporary communications are necessary to ensure that traffic is not interrupted when original routes added for VPC peering connections are deleted. Traffic is not interrupted only for the replacement solution described in this document. Before your actual replacement, traffic may be interrupted. Contact customer service to evaluate the replacement solution. The routes with destination set to a large CIDR block must contain CIDR blocks of all VPCs that need to communicate with each other. If one large CIDR block cannot contain all VPC CIDR blocks, you can configure more large CIDR blocks. After the replacement, delete the routes for verification and temporary communications. NOTICE: After the replacement, you can continue to use the routes with destinations of large CIDR blocks or add routes with destinations that are the same as those of the original routes and then delete the routes with destinations of large CIDR blocks.
Enterprise router route table	Table 3 lists the routes in this route table. During the replacement, add routes that with destinations set to VPC CIDR blocks to allow communications among the enterprise router and VPCs. If Default Route Table Association and Default Route Table Propagation are enabled for the enterprise router, routes with destinations set to VPC CIDR blocks are automatically added when you attach the VPCs to the enterprise router. CAUTION: If the CIDR blocks of VPCs connected by a VPC peering connection overlap, do not enable Default Route Table Propagation for the enterprise router. This function adds routes with entire VPC CIDR blocks as destinations. If VPC CIDR blocks overlap, there will be route conflicts. In this case, you need to manually add routes with next hop set to VPC attachment to the route table of the enterprise router.

**Table 2** VPC route table details
VPC	VPC Route Table	Destination	Next Hop Type	Next Hop	Route Type	Route Function	Required
VPC-A	rtb-vpc-A	172.17.0.0/24	VPC peering connection	peer-AB	Custom	Destination: subnet-B01 in VPC-B Connects subnet-A01 to subnet-B01	Before/During replacement
		172.18.0.0/24	VPC peering connection	peer-AC	Custom	Destination: subnet-C01 in VPC-C Connects subnet-A01 to subnet-C01	Before/During replacement
		1.1.1.1/32	VPC peering connection	peer-AB	Custom	Destination: Any IP address that is not used by other services Ensures that traffic flowing through VPC peering connections is not interrupted during the replacement.	During replacement
		172.16.0.0/14	Enterprise router	er-ABC	Custom	Destination: A large CIDR block that can contain CIDR blocks of the three VPCs Connects VPC-A to er-ABC	During/After replacement
		172.17.253.0/29	Enterprise router	er-ABC	Custom	Destination: subnet-B02 in VPC-B Connects subnet-B02 to er-ABC	During replacement
		172.18.253.0/29	Enterprise router	er-ABC	Custom	Destination: subnet-C02 in VPC-C Connects subnet-C02 to er-ABC	During replacement
VPC-B	rtb-vpc-B	172.16.0.0/24	VPC peering connection	peer-AB	Custom	Destination: subnet-A01 in VPC-A Connects subnet-A01 to subnet-B01	Before/During replacement
		172.18.0.0/24	VPC peering connection	peer-BC	Custom	Destination: subnet-C01 in VPC-C Connects subnet-B01 to subnet-C01	Before/During replacement
		1.1.1.2/32	VPC peering connection	peer-AB	Custom	Destination: Any IP address that is not used by other services Ensures that traffic flowing through VPC peering connections is not interrupted during the replacement.	During replacement
		172.16.0.0/14	Enterprise router	er-ABC	Custom	Destination: A large CIDR block that can contain CIDR blocks of the three VPCs Connects VPC-B to er-ABC	During/After replacement
		172.16.253.0/29	Enterprise router	er-ABC	Custom	Destination: subnet-A02 in VPC-A Connects subnet-A02 to er-ABC	During replacement
		172.18.253.0/29	Enterprise router	er-ABC	Custom	Destination: subnet-C02 in VPC-C Connects subnet-C02 to er-ABC	During replacement
VPC-C	rtb-vpc-C	172.16.0.0/24	VPC peering connection	peer-AC	Custom	Destination: subnet-A01 in VPC-A Connects subnet-A01 to subnet-C01	Before/During replacement
		172.17.0.0/24	VPC peering connection	peer-BC	Custom	Destination: subnet-B01 in VPC-B Connects subnet-B01 to subnet-C01	Before/During replacement
		1.1.1.3/32	VPC peering connection	peer-AC	Custom	Destination: Any IP address that is not used by other services Ensures that traffic flowing through VPC peering connections is not interrupted during the replacement.	During replacement
		172.16.0.0/14	Enterprise router	er-ABC	Custom	Destination: A large CIDR block that can contain CIDR blocks of the three VPCs Connects VPC-C to er-ABC	During/After replacement
		172.16.253.0/29	Enterprise router	er-ABC	Custom	Destination: subnet-A02 in VPC-A Connects subnet-A02 to er-ABC	During replacement
		172.17.253.0/29	Enterprise router	er-ABC	Custom	Destination: subnet-B02 in VPC-B Connects subnet-B02 to er-ABC	During replacement

**Table 3** Details of the enterprise router route table
Enterprise Router	Route Table	Destination	Next Hop	Attached Resource	Route Type	Route Function	Required
er-ABC	defaultRouteTable	172.16.0.0/16	er-attach-A	VPC-A	Propagated	Destination: VPC-A Connects VPC-A to er-ABC	During/After replacement
		172.17.0.0/16	er-attach-B	VPC-B	Propagated	Destination: VPC-B Connects VPC-B to er-ABC	During/After replacement
		172.18.0.0/16	er-attach-C	VPC-C	Propagated	Destination: VPC-C Connects VPC-C to er-ABC	During/After replacement

Resource Planning

Table 4 lists the enterprise router and also resources that are temporarily required and can be deleted after the replacement.

The following resource planning details are only examples for your reference. You need to plan resources based on actual service requirements.

**Table 4** Resource planning for replacing VPC peering connections with an enterprise router
Resource	Description
VPC	Table 5 shows details about the required VPCs. Before the replacement, there are three VPCs. Each VPC has a subnet that is associated with the default VPC route table. During the replacement, create one more subnet that is not used by any services in each VPC. These subnets cannot communicate with each other through VPC peering connections and are used for communications between the VPCs and enterprise router. After the replacement, delete the subnets that are used for verifying communications.
VPC peering connection	Table 6 shows details about the required VPC peering connections. After the replacement, delete the VPC peering connections.
ECS	Table 7 shows details about the required ECSs. Before the replacement, there are three ECSs that are running services. During the replacement, create one more ECS in each verification subnet for communications between the VPCs and enterprise router. After the replacement, delete the ECSs in verification subnets.
Enterprise router	The enterprise router and the VPC peering connections are in the same region. Table 8 shows details about the enterprise router. During the replacement, create an enterprise router and three VPC attachments. Table 9 shows details about the VPC attachments. Enable Default Route Table Association and Default Route Table Propagation when you create the enterprise router to automatically add routes. CAUTION: If the CIDR blocks of VPCs connected by a VPC peering connection overlap, do not enable Default Route Table Propagation for the enterprise router. This function adds routes with entire VPC CIDR blocks as destinations. If VPC CIDR blocks overlap, there will be route conflicts. In this case, you need to manually add routes with next hop set to VPC attachment to the route table of the enterprise router. Do not enable Auto Add Routes when you create the three VPC attachments. If this option is enabled, Enterprise Router automatically adds routes (with this enterprise router as the next hop and 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations) to all route tables of the VPC. During the replacement, manually add routes with destinations set to the large CIDR block to the VPC route tables.

**Table 5** VPC details
VPC Name	VPC CIDR Block	Subnet Name	Subnet CIDR Block	Association Route Table	Subnet Is Used to	Required
VPC-A	172.16.0.0/16	subnet-A01	172.16.0.0/24	Default route table	Deploy services.	During/After replacement
VPC-A	172.16.0.0/16	subnet-A02	172.16.253.0/29	Default route table	Verify the communications between the VPC and the enterprise router.	During replacement
VPC-B	172.17.0.0/16	subnet-B01	172.17.0.0/24	Default route table	Deploy services.	During/After replacement
VPC-B	172.17.0.0/16	subnet-B02	172.17.253.0/29	Default route table	Verify the communications between the VPC and the enterprise router.	During replacement
VPC-C	172.18.0.0/16	subnet-C01	172.18.0.0/24	Default route table	Deploy services.	During/After replacement
VPC-C	172.18.0.0/16	subnet-C02	172.18.253.0/29	Default route table	Verify the communications between the VPC and the enterprise router.	During replacement

**Table 6** VPC peering connection details
Connection Name	Local VPC	Peer VPC	Connection Is Used to	Required
peer-AB	VPC-A	VPC-B	Connect subnet-A01 in VPC-A to subnet-B01 in VPC-B.	Before/During replacement
peer-AC	VPC-A	VPC-C	Connect subnet-A01 in VPC-A to subnet-C01 in VPC-C.	Before/During replacement
peer-BC	VPC-B	VPC-C	Connect subnet-B01 in VPC-B to subnet-C01 in VPC-C.	Before/During replacement

**Table 7** ECS details
ECS	VPC	Subnet	Private IP Address	Image	Security Group	ECS Is Used to	Required
ecs-A01	VPC-A	subnet-A01	172.16.0.139	Public image: CentOS 8.2 64bit	sg-demo (general-purpose web server)	Run services.	Before/During/After replacement
ecs-A02	VPC-A	subnet-A02	172.16.253.3			Verify the communications between the VPC and the enterprise router.	During replacement
ecs-B01	VPC-B	subnet-B01	172.17.0.93			Run services.	Before/During/After replacement
ecs-B02	VPC-B	subnet-B02	172.17.253.4			Verify the communications between the VPC and the enterprise router.	During replacement
ecs-C01	VPC-C	subnet-C01	172.18.0.220			Run services.	Before/During/After replacement
ecs-C02	VPC-C	subnet-C02	172.18.253.5			Verify the communications between the VPC and the enterprise router.	During replacement

**Table 8** Enterprise router details
Name	ASN	Default Route Table Association	Default Route Table Propagation	Auto Accept Shared Attachments	Association Route Table	Attachment	Required
er-ABC	64512	Enabled	Enabled If your VPC CIDR blocks overlap, do not enable this function.	Disabled If you want to connect VPCs of different accounts using an enterprise router, enable this function. For details, see Sharing Overview.	Default route table	er-attach-A	During/After replacement
						er-attach-B
						er-attach-C

**Table 9** VPC attachment details
Name	Type	VPC	Subnet	Auto Add Routes	Required
er-attach-A	VPC	VPC-A	subnet-A01	Disabled	During/After replacement
er-attach-B		VPC-B	subnet-B01
er-attach-C		VPC-C	subnet-C01

Parent topic: Using an Enterprise Router to Replace VPC Peering Connections

Previous topic: Overview

Next topic: Replacing VPC Peering with Enterprise Router

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel