Updated on 2023-08-18 GMT+08:00

Step 3: Access OBS

Scenarios

This section describes how to access OBS using a VPN or Direct Connect connection.

Prerequisites

Your on-premises data center has been connected to your VPC using a VPN or Direct Connect connection.
  • The VPC subnet that needs to communicate with the on-premises data center over the VPN gateway must include the OBS CIDR block. For details about how to obtain the OBS CIDR block, submit a service ticket or contact the OBS customer manager.

    For details about how to create a VPN connection, see the Virtual Private Network User Guide.

  • The VPC subnet that needs to communicate with the on-premises data center over the Direct Connect gateway must include the OBS CIDR block. For details about how to obtain the OBS CIDR block, submit a service ticket or contact the OBS customer manager.

    For details on how to enable Direct Connect, see Enabling Direct Connect.

Procedure

  1. In the VPC endpoint list, locate the target VPC endpoint and click the ID of the endpoint to view its details.
  2. Add DNS records on the DNS server at your on-premises data center to forward requests for resolving OBS domain names to the VPC endpoint for accessing DNS.

    The methods of configuring DNS forwarding rules vary depending on OSs. For details, see the DNS software operation guides.

    This step uses Bind, a common DNS software, as an example to configure forwarding rules in the UNIX.

    Method 1: In file /etc/named.conf, add the DNS forwarder configuration and set forwarders to the private IP address of the VPC endpoint for accessing DNS.

    options {
    forward only;
    forwarders{ xx.xx.xx.xx;};
    };

    Method 2: In file /etc/named.rfc1912.zones, add the following content, and set forwarders to the private IP address of the VPC endpoint for accessing DNS.

    zone "obs.xxxx.myhuaweicloud.com" {
    type forward;
    forward only;
    forwarders{ xx.xx.xx.xx;};
    };
    zone "obs.xxxx.myhuaweicloud.com" {
    type forward;
    forward only;
    forwarders{ xx.xx.xx.xx;};
    };
    • If no DNS server is available at your on-premises data center, add the private IP address of the VPC endpoint in file /etc/resolv.conf.
    • obs.na-mexico-1.myhuaweicloud.com indicates the OBS endpoint in the LA-Mexico City1 region.
    • obs.lz01.na-mexico-1.myhuaweicloud.com indicates the address of the lz01 cluster where the OBS bucket is deployed.
    • xx.xx.xx.xx is the VPC endpoint IP address obtained in 1.
  3. Configure a DNS route from your on-premises data center to the VPN gateway or Direct Connect gateway.

    To access DNS over a VPN or Direct Connect connection, ensure that traffic from your on-premises data center to DNS is directed to the VPN gateway or Direct Connect gateway.

    Configure a permanent route at your on-premises data center and specify the IP address of the Direct Connect or VPN gateway as the next hop for accessing DNS. The following is the example command for configuring such a route:

    route -p add xx.xx.xx.xx mask 255.255.255.255 xxx.xxx.xxx.xxx
    • xx.xx.xx.xx is the VPC endpoint IP address obtained in 1.
    • xxx.xxx.xxx.xxx indicates the IP address of the Direct Connect or VPN gateway created at your on-premises data center.
    • The route command format varies depending on the OS. Use the route command format corresponding to the actual OS.
  4. Configure an OBS route from the on-premises data center to the VPN or Direct Connect gateway.

    The CIDR block of the VPC endpoint for accessing OBS is 100.125.0.0/16. To access OBS over a VPN or Direct Connect connection, ensure that traffic from your on-premises data center to OBS is directed to the VPN gateway or Direct Connect gateway.

    Configure a permanent route at your on-premises data center and specify the Direct Connect or VPN gateway as the next hop for accessing OBS. The following is the example command for configuring such a route:

    route -p add 100.125.0.0 mask 255.255.0.0 xxx.xxx.xxx.xxx
    • xxx.xxx.xxx.xxx indicates the IP address of the Direct Connect or VPN gateway created at your on-premises data center.
    • The route command format varies depending on the OS. Use the route command format corresponding to the actual OS.
  5. At the on-premises data center, run the following command to verify the connectivity with OBS:
    telnet bucket.endpoint

    In the command:

    • bucket: indicates the bucket name.
    • endpoint: indicates the OBS endpoint.