Help Center/ Direct Connect/ Best Practices/ Accessing a VPC over a Single Connection Through Static Routes
Updated on 2023-08-08 GMT+08:00

Accessing a VPC over a Single Connection Through Static Routes

Overview

Connect your on-premises network to the cloud over a single connection and use static routing to route traffic between your on-premises network and the VPC.

Prerequisites

  • Your on-premises network must use a single-mode fiber with a 1GE, 10GE, 40GE, or 100GE optical module to connect to the access device in the cloud.
  • Auto-negotiation for the port has been disabled. Port speed and full duplex mode have been manually configured.
  • 802.1Q VLAN encapsulation is supported on your on-premises network.

Typical Topology

Your on-premises network is connected to a VPC over a single connection.

For details on how to create a VPC, see the Creating a VPC.

Table 1 lists the CIDR blocks used in this example.

Table 1 CIDR blocks

Item

CIDR Block

Your on-premises network

10.1.123.0/24

Local and remote gateways (addresses for interconnection)

10.0.0.0/30

VPC

192.168.0.0/16

Figure 1 Accessing a VPC over a connection through static routes

Procedure

  1. Create a connection.

    1. Log in to the management console.
    2. On the console homepage, click in the upper left corner and select the desired region and project.
    3. Hover on to display Service List and choose Networking > Direct Connect.
    4. In the navigation pane on the left, choose Direct Connect > Connections.
    5. Click Create Connection.
    6. On the Create Connection page, enter the equipment room details and select the Direct Connect location and port based on Table 2.
      Table 2 Parameters required for creating a connection

      Parameter

      Description

      Billing Mode

      Specifies how you are charged for the connection. Currently, only Yearly/Monthly is supported.

      Region

      Specifies the region where the connection resides. You can also change the region in the upper left corner of the console.

      Connection Name

      Specifies the name of your connection.

      Location

      Specifies the Direct Connect location where your leased line can be connected to.

      Carrier

      Specifies the carrier that provides the leased line.

      Port Type

      Specifies the type of the port that the leased line is connected to. There are four types of ports: 1GE, 10GE, 40GE, and 100GE.

      Leased Line Bandwidth

      Specifies the bandwidth of the leased line in the unit of Mbit/s.

      Your Equipment Room Address

      Specifies the address of your equipment room. The address must be specific to the floor your equipment room is on, for example, XX Equipment Room, XX Building, No. XX, Huajing Road, Pudong District, Shanghai.

      Tag

      Identifies the connection. A tag consists of a key and a value. You can add 10 tags to a connection.

      Tag keys and values must meet the requirements listed in Table 3.

      NOTE:

      If a predefined tag has been created on TMS, you can directly select the corresponding tag key and value.

      For details about predefined tags, see Predefined Tag Overview.

      Description

      Provides supplementary information about the connection.

      Contact Person/Phone Number/Email

      Specifies who is responsible for your connection.

      If you do not provide any contact information, we will contact the person in your account information.

      Required Duration

      Specifies how long the connection will be used for.

      Auto-renew

      Specifies whether to automatically renew the subscription to ensure service continuity.

      For example, if you select this option and the required duration is three months, the system automatically renews the subscription for another three months.

      Enterprise Project

      Provides a cloud resource management mode where cloud resources and members are centrally managed by project.

      Table 3 Tag key and value requirements

      Parameter

      Requirements

      Key

      • Cannot be left blank.
      • Must be unique for each resource.
      • Can contain a maximum of 36 characters.
      • Can contain only letters, digits, hyphens, underscores, and Unicode characters from \u4e00 to \u9fff.

      Value

      • Can be left blank.
      • Can contain a maximum of 43 characters.
      • Can contain only letters, digits, period, hyphens, underscores, and Unicode characters from \u4e00 to \u9fff.
    7. Click Next.
    8. Confirm the connection information and click Pay Now.
    9. Confirm the order, select a payment method, and click Confirm.

  2. Create a virtual gateway.

    1. In the navigation pane on the left, choose Direct Connect > Virtual Gateways.
    2. Click Create Virtual Gateway.
    3. Configure the parameters based on Table 4.
      Table 4 Parameters required for creating a virtual gateway

      Parameter

      Description

      Name

      Specifies the virtual gateway name.

      The name can contain 1 to 64 characters.

      Enterprise Project

      Provides a cloud resource management mode where cloud resources and members are centrally managed by project.

      VPC

      Specifies the VPC to be associated with the virtual gateway.

      Local Subnet

      Specifies the CIDR blocks of the subnets in the VPC to be accessed using Direct Connect.

      You can add one or more CIDR blocks. If there are multiple CIDR blocks, separate every entry with a comma (,).

      Description

      Provides supplementary information about the virtual gateway.

    4. Click OK.

  3. Create a virtual interface.

    1. In the navigation pane on the left, choose Direct Connect > Virtual Interfaces.
    2. Click Create Virtual Interface.
    3. Configure the parameters based on Table 5.
      Table 5 Parameters required for creating a virtual interface

      Parameter

      Description

      Region

      Specifies the region where the connection resides. You can also change the region in the upper left corner of the console.

      Name

      Specifies the virtual interface name.

      The name can contain 1 to 64 characters.

      Virtual Interface Priority

      Specifies whether the virtual interface will be used prior to other virtual interfaces. There are two options: Preferred and Standard.

      If multiple virtual interfaces are associated with one Direct Connect device, load is balanced among virtual interfaces with the same priority, while virtual interfaces with different priorities are working in active/standby pairs.

      Connection

      Specifies the connection you can use to connect your on-premises network to Huawei Cloud.

      Virtual Gateway

      Specifies the virtual gateway that the virtual interface connects to.

      VLAN

      Specifies the ID of the VLAN for the virtual interface.

      • Standard connections: You need to configure the VLAN.
      • Hosted connections: The VLAN will be allocated by the carrier or partner. You do not need to configure the VLAN.

      Bandwidth

      Specifies the bandwidth that can be used by the virtual interface, in Mbit/s. The bandwidth cannot exceed that of the connection.

      Enterprise Project

      Provides a cloud resource management mode where cloud resources and members are centrally managed by project.

      Local Gateway

      Specifies the gateway on the Huawei Cloud network.

      Remote Gateway

      Specifies the gateway on your on-premises network.

      The remote gateway must be in the same IP address range as the local gateway. Generally, a subnet with a 30-bit mask is recommended.

      Remote Subnet

      Specifies the subnets and masks of your on-premises network. If there are multiple subnets, use commas (,) to separate them.

      Routing Mode

      Specifies whether static routing or dynamic routing is used to route traffic between your on-premises network and the cloud network.

      If there are or will be two or more connections, select BGP routing to achieve higher availability.

      BGP ASN

      Specifies the ASN of the BGP peer.

      This parameter is required when BGP routing is selected.

      BGP MD5 Authentication Key

      Specifies the password used to authenticate the BGP peer using MD5.

      This parameter is mandatory when BGP routing is selected, and the parameter values on both gateways must be the same.

      The key contains 8 to 255 characters and must contain at least two types of the following characters:

      • Uppercase letters
      • Lowercase letters
      • Digits
      • Special characters ~!, .:;-_"(){}[]/@#$ %^&*+\|=

      Description

      Provides supplementary information about the virtual interface.

    4. Click Create Now.

      The default security group rule denies all the inbound traffic. Ensure that security group rules in both directions are correctly configured for resources in the regions to ensure normal communications.

  4. Wait for route propagation on the cloud.

    Direct Connect automatically propagates the routes after a connection is established between your on-premises network and the cloud network.

  5. Configure a static route on your device.

    (Here is a static route on a Huawei device.)

    ip route-static 192.168.0.0 255.255.0.0 10.0.0.1