Network and Resource Planning
- Network Planning: Plan CIDR blocks of VPCs and their subnets, Direct Connect connection, and enterprise router, as well as the routes of these resources.
- Resource Planning: Plan the quantity, names, and settings of cloud resources, including VPCs, VPC peering connections, Direct Connect resources, and enterprise router.
Network Planning
Figure 1 shows the networking of allowing an on-premises data center to access the cloud by using an enterprise router, a transit VPC, and a Direct Connect connection. The VPCs communicate with each other over VPC peering connections. (Table 2 describes the resources for the networking.)
- The on-premises data center accesses the service VPCs over a Direct Connect connection and an enterprise router. For details, see Path 1 in Table 1.
- A VPC peering connection connects each service VPC to the transit VPC, so that the service VPCs can communicate with each other. For details, see Path 2 in Table 1.
No. |
Path |
Description |
---|---|---|
Path 1 |
Request traffic: from VPC-A to the on-premises data center |
|
Response traffic: from the on-premises data center to VPC-A |
|
|
Path 2 |
Request traffic: from VPC-B to VPC-A |
|
Response traffic: from VPC-A to VPC-B |
|
Cloud Service |
Description |
---|---|
VPC |
Two service VPCs are required to run your workloads. In this example, the two VPCs are VPC-A and VPC-B.
|
One transit VPC, which will be attached to the enterprise router. In this example, the transit VPC is VPC-Transit.
|
|
Direct Connect |
|
Enterprise Router |
Add attachments to the enterprise router and configure the required routes.
|
ECS |
There is an ECS in each service VPC. In this example, the two ECSs are used to verify network connectivity between service VPCs and between service VPCs and the on-premises data center. If you have multiple ECSs associated with different security groups, you need to add rules to the security groups to allow network access. |
VPC |
Destination |
Next Hop |
Route Type |
---|---|---|---|
VPC-A |
172.17.0.0/16 |
VPC peering connection: Peer-A-T |
Static route (custom) |
10.10.0.0/16 |
VPC peering connection: Peer-A-T |
Static route (custom) |
|
VPC-B |
172.16.0.0/16 |
VPC peering connection: Peer-B-T |
Static route (custom) |
10.10.0.0/16 |
VPC peering connection: Peer-B-T |
Static route (custom) |
|
VPC-Transit |
172.17.0.0/16 |
VPC peering connection: Peer-B-T |
Static route (custom) |
172.16.0.0/16 |
VPC peering connection: Peer-A-T |
Static route (custom) |
|
10.10.0.0/16 |
Enterprise router |
Static route (custom) |
When attaching a VPC to an enterprise router, do not enable Auto Add Routes. You need to manually add routes in the route table of VPC-Transit.
Destination |
Next Hop |
Route Type |
---|---|---|
VPC-A CIDR block: 172.16.0.0/16 |
VPC-Transit attachment: er-attach-VPCtransit |
Static route |
VPC-B CIDR block: 172.17.0.0/16 |
VPC-Transit attachment: er-attach-VPCtransit |
Static route |
Local and remote gateways: 10.0.0.0/30 |
Virtual gateway attachment: vgw-demo |
Propagated |
On-premises network CIDR block: 10.10.0.0/16 |
Virtual gateway attachment: vgw-demo |
Propagated |
Resource Planning
The following resource details are only examples. You can modify them if needed.
Resource |
Description |
---|---|
VPC |
Three VPCs are required. Table 6 describes the three VPCs and their settings.
NOTICE:
|
VPC peering connection |
Two VPC peering connections are required to connect VPC-A, VPC-B, and VPC-Transit. Table 7 describes the two VPC peering connections and their settings. |
Direct Connect connection |
A connection, a virtual gateway, and a virtual interface are required. Table 8 describes the required Direct Connect resources and their settings. |
Enterprise router |
An enterprise router is required and two network instances will be attached to the enterprise router. Table 9 describes the enterprise router and its settings. |
ECS |
Two ECSs are required, with one in each service VPC. Table 10 describes the two ECSs and their settings. |
VPC |
VPC CIDR Block |
Subnet |
Subnet CIDR Block |
Association Route Table |
VPC Description |
---|---|---|---|---|---|
VPC-A |
172.16.0.0/16 |
subnet-A01 |
172.16.1.0/24 |
Default route table |
Service VPC, not connected to the enterprise router |
VPC-B |
172.17.0.0/16 |
subnet-B01 |
172.17.1.0/24 |
Default route table |
Service VPC, not connected to the enterprise router |
VPC-Transit |
192.168.0.0/24 |
subnet-Transit |
192.168.0.0/24 |
Default route table |
Transit VPC, connected to the enterprise router |
VPC Peering Connection |
Local VPC |
Peer VPC |
Description |
---|---|---|---|
Peer-A-T |
VPC-A |
VPC-Transit |
Connects VPC-A and VPC-Transit. |
Peer-B-T |
VPC-B |
VPC-Transit |
Connects VPC-B and VPC-Transit. |
Resource |
Example Settings |
---|---|
Connection |
Create a connection based on site requirements. |
Virtual gateway |
|
Virtual interface |
|
Resource |
Example Settings |
---|---|
Enterprise router |
|
Attachments |
|
ECS |
VPC |
Subnet |
Private IP Address |
Image |
Security Group |
ECS Description |
---|---|---|---|---|---|---|
ECS-A |
VPC-A |
subnet-A01 |
172.16.1.25 |
Public image: CentOS 8.2 64bit |
sg-demo (general-purpose web server) |
This ECS is used to run workloads. |
ECS-B |
VPC-B |
subnet-B01 |
172.17.1.113 |
This ECS is used to run workloads. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.