Updated on 2024-01-16 GMT+08:00

Overview

Scenario

Direct Connect establishes a dedicated, secure, and stable network connection between your on-premises data center and VPCs. It can work together with an enterprise router to build a large-scale hybrid cloud network.

VPN establishes a secure, encrypted communications tunnel between your on-premises data center and your VPC. Compared with Direct Connect, VPN is cost-effective and can be quickly deployed.

To achieve high reliability of hybrid cloud networking and control costs, you can attach both Direct Connect and VPN connections to an enterprise router to enable the connections to work in an active and standby way. If the active connection is faulty, services are automatically switched to the standby one, reducing the risk of service interruptions.

Architecture

To improve the reliability of a hybrid cloud networking, your enterprise uses both Direct Connect and VPN connections to connect your on-premises data center to the VPCs. The Direct Connect connection works as the active connection and the VPN connection works as the standby one. If the active connection is faulty, services are automatically switched to the standby one, reducing the impact of network interruptions on services.
  • VPC 1, VPC 2, and the Direct Connect connection are attached to the enterprise router. VPC1 and VPC 2 can communicate with each other. They communicate with the on-premises data center through the Direct Connect connection.
  • The VPN connection is also attached to the enterprise router. If the Direct Connect connection is faulty, VPC 1 and VPC 2 can communicate with the on-premises data center through the VPN connection.
Figure 1 Network diagram of Direct Connect and VPN connections working in an active/standby pair

Advantages

An enterprise router allows automatic switchover between active and standby Direct Connect and VPN connections. You do not need to manually switch between them. This prevents service loss and reduces maintenance costs.

Notes and Constraints

The subnet CIDR blocks of VPCs and the on-premises data center cannot overlap.