Overview

Huawei Cloud provides various network services for you to set up secure and scalable cloud networks. With these network services, you can connect VPCs in the same region or different regions, enable the instances (such as ECSs and RDS instances) in VPCs to access the public network, and enable on-premises data centers to access the VPCs. The following describes the function and highlights of each network service. You can flexibly configure VPC and other network services based on your network requirements:

Connecting VPCs
Connecting VPCs to the Public Network
Connecting VPCs to an On-Premises Data Center

Connecting VPCs

With the network services described in Table 1, you can flexibly connect VPCs in the same region, in different regions, or in different accounts.

**Table 1** Network services that can connect VPCs
Network Service	Function	Highlights
VPC Peering	With VPC Peering, you can peer two VPCs in the same region. The VPCs can be in the same account or different accounts.	VPC Peering is free. Routes can be configured on the console easily.
Enterprise Router	An enterprise router can connect multiple VPCs in the same account or different accounts to set up a hub-and-spoke network. Compared with VPC Peering, Enterprise Router is more suitable for complex networking where many VPCs need to be connected.	VPCs in the same region can be connected in minutes. Routes can be automatically added. Low latency and high speed Simple network topology and high scalability
VPN	You can use VPN connect VPCs in different regions, so that they can communicate with each other over the Internet.	Low costs Simple configuration Immediate use The network quality depends on the Internet.
Direct Connect	You can use Direct Connect to connect VPCs in different regions.	Dedicated connections with high security Low latency and high speed

Connecting VPCs to the Public Network

With the network services described in Table 2, you can connect VPCs to the public network so that instances in the VPCs can access the public network or provide services accessible on the public network.

**Table 2** Network services that allow VPCs to communicate with the public network
Network Service	Function	Highlights
EIP	An EIP is an independent public IP address. You can bind it to an instance, such as an ECS, a NAT gateway, or a load balancer, so that the instance can access the public network or provide services accessible from the public network.	EIPs can be bound to or unbound from instances if needed. Shared bandwidths can be used to lower costs. EIP bandwidth can be adjusted at any time.
NAT Gateway SNAT DNAT	NAT Gateway supports both source NAT (SNAT) and destination NAT (DNAT). SNAT enables multiple instances to share one or more EIPs to access the public network. ECSs in the same VPC sharing an EIP ECSs in different VPCs sharing an EIP DNAT enables port forwarding. It maps EIP ports to ECS ports so that the ECSs in a VPC can share the same EIP and bandwidth to provide Internet-accessible services. However, DNAT does not balance traffic.	Using shared EIPs to access the public network reduces the costs. EIPs of ECSs are not exposed to the public network, which improves security. Different specifications are available.
ELB	ELB evenly distributes incoming traffic to multiple backend servers. Together with EIPs, ELB allows a large number of users to access services deployed on cloud servers from the public network.	ELB can process both Layer 4 and Layer 7 requests and supports advanced forwarding policies and multiple protocols. ELB can eliminate single points of failure (SPOFs) for high availability.

Connecting VPCs to an On-Premises Data Center

If you have an on-premises data center and not all your workloads can be migrated to the cloud, you can use the network services described in Table 3 to connect your on-premises data center to the VPCs.

**Table 3** Network services that can connect VPCs to on-premises data centers
Network Service	Function	Highlights
VPN	VPN provides an encrypted, Internet-based channel that connects an on-premises data center and the cloud.	Low costs Simple configuration Immediate use The network quality depends on the Internet.
Direct Connect	Direct Connect establishes a dedicated network connection between an on-premises data center and the cloud.	Dedicated connections with high security Low latency and high speed
VPC Peering	With VPC Peering, you can peer two VPCs in the same region, no matter whether they are in the same account or different accounts. VPC Peering can work with Direct Connect or VPN to enable your on-premises data center to access multiple VPCs.	VPC Peering is free. Routes can be configured on the console easily.