Help Center/ Direct Connect/ Best Practices/ Connecting an On-Premises Data Center to Multiple VPCs that Do Not Need to Communicate with Each Other

Updated on 2024-12-16 GMT+08:00

View PDF

Connecting an On-Premises Data Center to Multiple VPCs that Do Not Need to Communicate with Each Other

Scenario

Connect your on-premises network to two or more VPCs over one connection and use static routes to route traffic between your on-premises network and the VPCs. These VPCs do not need to communicate with each other. In this example, there are two VPCs.

Standard connections are used to provide dedicated ports for exclusive use.

Prerequisites

Your on-premises network must use a single-mode fiber with a 1GE, 10GE, 40GE, or 100GE optical module to connect to the access device in the cloud.
Auto-negotiation for the port must be disabled. Port speed and full-duplex mode must be manually configured.
802.1Q VLAN encapsulation is supported on your on-premises network.

Typical Topology

Your on-premises network is connected to two VPCs over a single connection.

For details on how to create a VPC, see the Creating a VPC.

The following table lists the CIDR blocks used in this example.

**Table 1** CIDR blocks
Item	CIDR Block
Your on-premises network	10.1.123.0/24
Local and remote gateways (addresses for interconnection)	10.0.0.0/30 and 10.0.0.4/30
VPCs	VPC-001: 192.168.0.0/16 VPC-002: 172.16.0.0/16

Figure 1 Accessing multiple VPCs over one connection
Click to enlarge

Procedure

Create a connection.

For details, see Connecting an On-Premises Data Center to a VPC over a Single Connection and Using Static Routing to Route Traffic.

Create two virtual gateways.

Associate one virtual gateway with VPC-001 and the other one with VPC-002.

Figure 2 Creating a virtual gateway
Click to enlarge

**Table 2** Parameters required for creating virtual gateway 1
Parameter	Example Value	Description
Name	vgw-test	Specifies the virtual gateway name. The name can contain 1 to 64 characters.
Enterprise Project	default	Specifies the enterprise project by which virtual gateways are centrally managed. Select an existing enterprise project.
VPC	VPC-001	Specifies the VPC to be associated with the virtual gateway.
Local Subnet	192.168.0.0/16	Specifies the CIDR blocks of the subnets in the VPC to be accessed using Direct Connect. You can add one or more CIDR blocks. If there are multiple CIDR blocks, separate every entry with a comma (,).
BGP ASN	64512	Specifies the BGP ASN of the virtual gateway.
Tag	-	Adds tags to help you identify your virtual gateway. You can change them after the virtual gateway is created.
Description	-	Provides supplementary information about the virtual gateway.

Figure 3 Creating a virtual gateway
Click to enlarge

**Table 3** Parameters required for creating virtual gateway 2
Parameter	Example Value	Description
Name	vgw-c413	Specifies the virtual gateway name. The name can contain 1 to 64 characters.
Enterprise Project	default	Specifies the enterprise project by which virtual gateways are centrally managed. Select an existing enterprise project.
VPC	VPC-001	Specifies the VPC to be associated with the virtual gateway.
Local Subnet	172.16.0.0/16	Specifies the CIDR blocks of the subnets in the VPC to be accessed using Direct Connect. You can add one or more CIDR blocks. If there are multiple CIDR blocks, separate every entry with a comma (,).
BGP ASN	64512	Specifies the BGP ASN of the virtual gateway.
Tag	-	Adds tags to help you identify your virtual gateway. You can change them after the virtual gateway is created.
Description	-	Provides supplementary information about the virtual gateway.

Create two virtual interfaces.

Connect each virtual interface with a virtual gateway so that your on-premises network can access VPC-001 through 10.0.0.0/30 and VPC-002 through 10.0.0.4/30.

Figure 4 Creating a virtual interface for your own account
Click to enlarge

**Table 4** Parameters required for creating virtual interface 1
Parameter	Example Value	Description
Virtual Interface Owner	Current account	Specifies the account that this virtual interface will be created for.
Region	EU-Dublin	Specifies the region where the connection resides. You can also change the region in the upper left corner of the console.
Name	vif-test	Specifies the virtual interface name. The name can contain 1 to 64 characters.
Virtual Interface Priority	-	Specifies whether the virtual interface will be used prior to other virtual interfaces. There are two options: Preferred and Standard. If multiple virtual interfaces are associated with one Direct Connect device, the load is balanced among virtual interfaces with the same priority, while virtual interfaces with different priorities are working in active/standby pairs.
Connection	dc-test12	Specifies the connection you can use to connect your on-premises network to Huawei Cloud.
Gateway	Virtual gateway	Specifies the gateway that the virtual interface connects to. You can select a virtual gateway or global DC gateway. In this example, select a virtual gateway.
Virtual Gateway	vgw-123	Specifies the virtual gateway that the virtual interface connects to. This parameter is mandatory when Gateway is set to Virtual gateway.
Global DC Gateway	dgw-123	Specifies the global DC gateway that the virtual interface connects to. This parameter is mandatory when Gateway is set to Global DC gateway.
VLAN	30	Specifies the ID of the VLAN for the virtual interface. Standard connections: You need to configure the VLAN. Hosted connections: The VLAN will be allocated by the carrier or partner. You do not need to configure the VLAN.
Bandwidth (Mbit/s)	500	Specifies the bandwidth that can be used by the virtual interface. The bandwidth cannot exceed that of the connection.
Enterprise Project	default	Specifies the enterprise project by which virtual interfaces are centrally managed. Select an existing enterprise project.
Tag	-	Adds tags to help you identify your virtual interface. You can change them after the virtual interface is created.
Local Gateway	10.0.0.1/30	Specifies the IP address used by the cloud to connect to your on-premises network. After you configure Local Gateway on the console, the configuration will be automatically delivered to the gateway used by the cloud.
Remote Gateway	10.0.0.2/30	Specifies the IP address used by the on-premises data center to connect to the cloud. After you configure Remote Gateway on the console, you need to configure the IP address on the interface of the on-premises device. CAUTION: The IP addresses of the local gateway and remote gateway must be in the same IP address range. Generally, an IP address range with a 30-bit mask is used. The IP addresses you plan cannot conflict with IP addresses used on your on-premises network. Plan an IP address range that will be used at both ends of the connection for network communication between your on-premises data center and the cloud.
Remote Subnet	10.1.123.0/24	Specifies the subnets and masks of your on-premises network. If there are multiple subnets, use commas (,) to separate them.
Routing Mode	Static	Specifies whether static routing or dynamic routing is used to route traffic between your on-premises network and the cloud network. If there are or will be two or more connections, select BGP routing for higher availability.
BGP ASN	-	Specifies the ASN of the BGP peer. This parameter is required when BGP routing is selected.
BGP MD5 Authentication Key	-	Specifies the password used to authenticate the BGP peer using MD5. This parameter can be set when BGP routing is selected, and the parameter values on both gateways must be the same. The key contains 8 to 255 characters and must contain at least two types of the following characters: Uppercase letters Lowercase letters Digits Special characters ~!,.:;-_"(){}[]/@#$%^&*+\\|=
Description	-	Provides supplementary information about the virtual interface.

Figure 5 Creating a virtual interface for your own account
Click to enlarge

**Table 5** Parameters required for creating virtual interface 2
Parameter	Example Value	Description
Virtual Interface Owner	Current account	Specifies the account that this virtual interface will be created for.
Region	EU-Dublin	Specifies the region where the connection resides. You can also change the region in the upper left corner of the console.
Name	vif-c413	Specifies the virtual interface name. The name can contain 1 to 64 characters.
Virtual Interface Priority	-	Specifies whether the virtual interface will be used prior to other virtual interfaces. There are two options: Preferred and Standard. If multiple virtual interfaces are associated with one Direct Connect device, the load is balanced among virtual interfaces with the same priority, while virtual interfaces with different priorities are working in active/standby pairs.
Connection	dc-test12	Specifies the connection you can use to connect your on-premises network to Huawei Cloud.
Gateway	Virtual gateway	Specifies the gateway that the virtual interface connects to. You can select a virtual gateway or global DC gateway. In this example, select a virtual gateway.
Virtual Gateway	vgw-123	This parameter is mandatory when Gateway is set to Virtual gateway. Specifies the virtual gateway that the virtual interface connects to.
Global DC Gateway	dgw-123	Specifies the global DC gateway that the virtual interface connects to. This parameter is mandatory when Gateway is set to Global DC gateway.
VLAN	31	Specifies the ID of the VLAN for the virtual interface. Standard connections: You need to configure the VLAN. Hosted connections: The VLAN will be allocated by the carrier or partner. You do not need to configure the VLAN.
Bandwidth (Mbit/s)	500	Specifies the bandwidth that can be used by the virtual interface. The bandwidth cannot exceed that of the connection.
Enterprise Project	default	Specifies the enterprise project by which virtual interfaces are centrally managed. Select an existing enterprise project.
Tag	-	Adds tags to help you identify your virtual interface. You can change them after the virtual interface is created.
Local Gateway	10.0.0.5/30	Specifies the IP address used by the cloud to connect to your on-premises network. After you configure Local Gateway on the console, the configuration will be automatically delivered to the gateway used by the cloud.
Remote Gateway	10.0.0.6/30	Specifies the IP address used by the on-premises data center to connect to the cloud. After you configure Remote Gateway on the console, you need to configure the IP address on the interface of the on-premises device. CAUTION: The IP addresses of the local gateway and remote gateway must be in the same IP address range. Generally, an IP address range with a 30-bit mask is used. The IP addresses you plan cannot conflict with IP addresses used on your on-premises network. Plan an IP address range that will be used at both ends of the connection for network communication between your on-premises data center and the cloud.
Remote Subnet	10.1.123.0/24	Specifies the subnets and masks of your on-premises network. If there are multiple subnets, use commas (,) to separate them.
Routing Mode	Static	Specifies whether static routing or dynamic routing is used to route traffic between your on-premises network and the cloud network. If there are or will be two or more connections, select BGP routing for higher availability.
BGP ASN	-	Specifies the ASN of the BGP peer. This parameter is required when BGP routing is selected.
BGP MD5 Authentication Key	-	Specifies the password used to authenticate the BGP peer using MD5. This parameter can be set when BGP routing is selected, and the parameter values on both gateways must be the same. The key contains 8 to 255 characters and must contain at least two types of the following characters: Uppercase letters Lowercase letters Digits Special characters ~!,.:;-_"(){}[]/@#$%^&*+\\|=
Description	-	Provides supplementary information about the virtual interface.

The default security group rule denies all the inbound traffic. Ensure that security group rules in both directions are correctly configured to ensure normal communications.

Wait for route delivery from the cloud.

Direct Connect automatically delivers the routes after a connection is established between your on-premises network and the cloud network.
Configure routes on your on-premises network device.

Example route (A Huawei-developed device is used an example.)
```
ip route-static 192.168.0.0 255.255.0.0 10.0.0.1
ip route-static 172.16.0.0 255.255.0.0 10.0.0.5
```