Network and Resource Planning
- Network Planning: Plan CIDR blocks of VPCs and their subnets, and route tables of VPCs and the enterprise router.
- Resource Planning: Plan the quantity, names, and other parameters of cloud resources, including VPCs, ECSs, and the enterprise router.
Network Planning
Figure 1 shows the network planning for isolating VPCs in the same region.
Path |
Description |
---|---|
Request traffic: from VPC 1 to VPC 4 |
|
Response traffic: from VPC 4 to VPC 1 |
|
Resource |
Description |
---|---|
VPCs |
|
Enterprise router |
Disable the Default Route Table Association and Default Route Table Propagation, create two route tables, attach the four VPCs to the enterprise router, and configure the route tables as follows:
|
ECSs |
The four ECSs are in different VPCs. If the ECSs are in different security groups, add rules to the security groups to allow access to each other. |
Destination |
Next Hop |
Route Type |
---|---|---|
10.0.0.0/8 |
Enterprise router |
Static route (custom) |
172.16.0.0/12 |
Enterprise Router |
Static route (custom) |
192.168.0.0/16 |
Enterprise Router |
Static route (custom) |
- If you enable Auto Add Routes when creating a VPC attachment, you do not need to manually add static routes to the VPC route table. Instead, the system automatically adds routes (with this enterprise router as the next hop and 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations) to all route tables of the VPC.
- If an existing route in the VPC route tables has a destination to 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16, the routes will fail to be added. In this case, do not enable Auto Add Routes. After the attachment is created, manually add routes.
- Do not set the destination of a route (with an enterprise router as the next hop) to 0.0.0.0/0 in the VPC route table. If an ECS in the VPC has an EIP bound, the VPC route table will have a policy-based route with 0.0.0.0/0 as the destination, which has a higher priority than the route with the enterprise router as the next hop. In this case, traffic is forwarded to the EIP and cannot reach the enterprise router.
Destination |
Next Hop |
Route Type |
---|---|---|
VPC 4 CIDR block: 192.168.0.0/16 |
VPC 4 attachment: er-attach-share |
Propagated |
Destination |
Next Hop |
Route Type |
---|---|---|
VPC 1 CIDR block: 10.1.0.0/16 |
VPC 1 attachment: er-attach-isolation-01 |
Propagated |
VPC 2 CIDR block: 10.2.0.0/16 |
VPC 2 attachment: er-attach-isolation-02 |
Propagated |
VPC 3 CIDR block: 10.3.0.0/16 |
VPC 3 attachment: er-attach-isolation-03 |
Propagated |
Resource Planning
The following resource details are only examples. You can modify them if needed.
- One enterprise router. See details in Table 6.
Table 6 Enterprise router details Enterprise Router Name
ASN
Default Route Table Association
Default Route Table Propagation
Route Table
Attachment
er-test-01
64512
Disabled
Disabled
Two route tables:er-attach-isolation-01
er-attach-isolation-02
er-attach-isolation-03
er-attach-share
- Four VPCs that do not overlap with each other. See details in Table 9.
Table 9 VPC details VPC
VPC CIDR Block
Subnet
Subnet CIDR Block
Association Route Table
vpc-isolation-01
10.1.0.0/16
subnet-isolation-01
10.1.0.0/24
Default route table
vpc-isolation-02
10.2.0.0/16
subnet-isolation-02
10.2.0.0/24
Default route table
vpc-isolation-03
10.3.0.0/16
subnet-isolation-03
10.3.0.0/24
Default route table
vpc-share
192.168.0.0/16
subnet-share
192.168.0.0/24
Default route table
- Four ECSs, respectively, in four VPCs. See details in Table 10.
Table 10 ECS details ECS Name
Image
VPC
Subnet
Security Group
Private IP Address
ecs-isolation-01
Public image:
CentOS 7.5 64-bit
vpc-isolation-01
subnet-isolation-01
sg-demo
(general-purpose web server)
10.1.0.134
ecs-isolation-02
vpc-isolation-02
subnet-isolation-02
10.2.0.215
ecs-isolation-03
vpc-isolation-03
subnet-isolation-03
10.3.0.14
ecs-share
vpc-share
subnet-share
192.168.0.130
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.