Help Center/ Virtual Private Cloud/ User Guide/ VPC and Subnet/ VPC Connectivity Options/ Connecting VPCs to On-Premises Data Centers
Updated on 2024-08-07 GMT+08:00
View PDF

Connecting VPCs to On-Premises Data Centers

Connecting a Single VPC to an On-Premises Data Center

You can use Direct Connect or VPN to connect a VPC to an on-premises data center.

Connecting VPCs to an On-Premises Data Center provides details about different network services.

Before connecting a VPC to an on-premises data center, you need to plan their CIDR blocks in advance to ensure that the VPC CIDR block does not overlap with the on-premises CIDR block, or communications may fail.

VPN provides an encrypted, Internet-based channel that connects an on-premises data center and the cloud.

For details, see Configuring Enterprise Edition S2C VPN to Connect an On-premises Data Center to a VPC.

In Figure 1, some workloads have been migrated to a VPC (VPC-A), and some workloads are still running on on-premises servers. With a VPN connection, on-premises servers can quickly access the cloud resources in the VPC. Compared with Direct Connect, VPN is easier to configure and cost-effective.
Figure 1 Connecting a VPC to an on-premises data center using VPN

Direct Connect establishes a dedicated network connection between an on-premises data center and the cloud.

For details, see Accessing a VPC over a Direct Connect Connection and Using BGP to Route Traffic.

In Figure 2, some workloads are running in a VPC (VPC-A) on the cloud, and some are running in the on-premises data center. A Direct Connect connection connects the on-premises data center to the cloud. Direct Connect connections are faster and more stable than VPN connections.
Figure 2 Connecting a VPC to an on-premises data center using Direct Connect

Connecting Multiple VPCs in the Same Region to an On-Premises Data Center

To connect multiple VPCs in a region to an on-premises data center, you can use Direct Connect or VPN to connect the data center to a VPC, and then use VPC Peering or Enterprise Router to connect all VPCs. In this way, the on-premises data center can access all the VPCs.

Compared with VPN, Direct Connect establishes a dedicated connection that enables faster, more secure data transmission. VPN is more cost-effective. To reduce network costs, you can use VPN instead of Direct Connect. Connecting VPCs to an On-Premises Data Center provides details about different network services.
To connect VPCs to an on-premises data center, you need to plan their CIDR blocks in advance. Note the following:
  • Ensure that the VPC CIDR blocks do not overlap with the on-premises CIDR block, or communications may fail.
  • Ensure that the VPC CIDR blocks do not overlap, or communications may fail.

With VPC Peering, you can peer two VPCs in the same region, no matter whether they are in the same account or different accounts. VPC Peering can work with Direct Connect or VPN to enable your on-premises data center to access multiple VPCs.

For details, see Connecting an On-Premises Data Center to Multiple VPCs that Need to Communicate with Each Other.

In Figure 3, some workloads are running in two VPCs (VPC-A and VPC-B) in a region, and some workloads are running in the on-premises data center. The on-premises data center connects to a VPC (VPC-B) over a Direct Connect connection, and VPC-A and VPC-B are connected over a VPC peering connection. In this way, the on-premises data center can access both VPC-A and VPC-B.

Figure 3 Connecting an on-premises data center to VPCs using Direct Connect and VPC Peering
Parent Topic: VPC Connectivity Options