Network and Resource Planning

To use enterprise routers and a central network to connect VPCs across regions, you need:

Network Planning: Plan the central network, VPCs and their subnets, VPC route tables, and enterprise router route tables.
Resource Planning: Plan the quantity, names, and other parameters of the central network, VPCs, ECSs, and enterprise routers.

Network Planning

Figure 1 shows the network planning for communications among VPCs across regions.

In this example, one VPC is created and attached to an enterprise router in each region. Make the plan based on your service requirements.

Figure 1 Cross-region VPC network planning

**Table 1** Network traffic flows
Path	Description
Request traffic: from VPC-A to VPC-B	In the route table of VPC-A, there are routes with the next hop set to enterprise router ER-A to forward traffic from VPC-A to ER-A. In the route table of enterprise router ER-A, there is a route with the next hop set to the peering connection attachment and destination to 192.168.0.0/16 to forward traffic from ER-A to enterprise router ER-B. In the route table of enterprise router ER-B, there is a route with the next hop set to the VPC-B attachment to forward traffic from ER-B to the VPC-B.
Response traffic: from VPC-B to VPC-A	In the route table of VPC-B, there are routes with the next hop set to enterprise router ER-B to forward traffic from VPC-B to ER-B. In the route table of enterprise router ER-B, there is a route with the next hop set to the peering connection attachment and destination to 172.16.0.0/16 to forward traffic from ER-B to enterprise router ER-A. In the route table of enterprise router ER-A, there is a route with the next hop set to the VPC-A attachment to forward traffic from ER-A to VPC-A.

**Table 2** Description for cross-region VPC communications
Resource	Description
VPCs	The CIDR blocks of the VPCs to be connected cannot overlap with each other. In this example, the CIDR blocks of the VPCs are propagated to the enterprise router route table as the destination in routes. The CIDR blocks cannot be modified and overlapping CIDR blocks may cause route conflicts. If your existing VPCs have overlapping CIDR blocks, do not use propagated routes. Instead, you need to manually add static routes to the route table of the enterprise router. The destination can be VPC subnet CIDR blocks or smaller ones. Each VPC has a default route table. The routes in the default route table are described as follows: Local: a system route for communications between subnets in a VPC. ER: automatically added routes with 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations for routing traffic from a VPC subnet to the enterprise router. See Table 3 for details.
Central Network	Enterprise routers in different regions are added to the central network as attachments. Global connection bandwidths are required for assigning cross-site connection bandwidths to communicate across regions.
Enterprise routers	The network configuration for the enterprise router in the three regions is the same. Table 4 lists all routes required by the enterprise router. When a central network is set up to connect the enterprise routers, you must enable Default Route Table Association and Default Route Table Propagation for the enterprise routers. In this way, when an instance is added to an enterprise router, a route pointing to attachment will be automatically added for the enterprise router.
ECSs	An ECS is created in each VPC. If the ECSs are in different security groups, add rules to the security groups to allow access to each other.

**Table 3** VPC route table
Destination	Next Hop	Route Type
10.0.0.0/8	Enterprise router	Static route (custom)
172.16.0.0/12	Enterprise Router	Static route (custom)
192.168.0.0/16	Enterprise Router	Static route (custom)

If you enable Auto Add Routes when creating a VPC attachment, you do not need to manually add static routes to the VPC route table. Instead, the system automatically adds routes (with this enterprise router as the next hop and 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations) to all route tables of the VPC.
If an existing route in the VPC route tables has a destination to 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16, the routes will fail to be added. In this case, do not enable Auto Add Routes. After the attachment is created, manually add routes.
Do not set the destination of a route (with an enterprise router as the next hop) to 0.0.0.0/0 in the VPC route table. If an ECS in the VPC has an EIP bound, the VPC route table will have a policy-based route with 0.0.0.0/0 as the destination, which has a higher priority than the route with the enterprise router as the next hop. In this case, traffic is forwarded to the EIP and cannot reach the enterprise router.

**Table 4** Enterprise router route table
Enterprise Router	Destination	Next Hop	Route Type
Region A: ER-A	VPC-A CIDR block: 172.16.0.0/16	VPC attachment: er-attach-VPC-A	Propagated
	VPC-B CIDR block: 192.168.0.0/16	Peering connection attachment: region-A-region-B	Propagated
	VPC-C CIDR block: 10.0.0.0/16	Peering connection attachment: region-A-region-C	Propagated
Region B: ER-B	VPC-B CIDR block: 192.168.0.0/16	VPC-B attachment: er-attach-VPC-B	Propagated
	VPC-A CIDR block: 172.16.0.0/16	Peering connection attachment: region-B-region-A	Propagated
	VPC-C CIDR block: 10.0.0.0/16	Peering connection attachment: region-B-region-C	Propagated
Region C: ER-C	VPC-C CIDR block: 10.0.0.0/16	VPC-C attachment: er-attach-VPC-C	Propagated
	VPC-A CIDR block: 172.16.0.0/16	Peering connection attachment: region-C-region-A	Propagated
	VPC-B CIDR block: 192.168.0.0/16	Peering connection attachment: region-C-region-B	Propagated

Resource Planning

Each region has an enterprise router, VPCs, and ECSs. They can be in different availability zones (AZs).

The following resource planning is only for your reference.

**Table 5** Resource planning for cross-region VPC communications
Resource	Quantity	Description
VPC	3	A service VPC is required in each region for running workloads. Name: Set it based on site requirements. In this example, the names are as follows: Region A: VPC-A Region B: VPC-B Region C: VPC-C IPv4 CIDR block: The CIDR blocks of VPCs must be unique. Plan the CIDR blocks based on site requirements. In this example, the CIDR blocks are as follows: VPC-A: 172.16.0.0/16 VPC-B: 192.168.0.0/16 VPC-C: 10.0.0.0/16 Subnet: The subnet CIDR blocks that need to communicate with each other must be unique. Plan the subnets based on site requirements. In this example, the subnets are as follows: subnet-A01: 172.16.0.0/24 subnet-B01: 192.168.0.0/24 subnet-C01: 10.0.0.0/24
Enterprise router	3	An enterprise router is required in each region. The VPC in each region is attached to the corresponding enterprise router, and a peering connection attachment is created between every two enterprise routers. Name: Set it based on site requirements. Region A: ER-A Region B: ER-B Region C: ER-C ASN: Set different ASNs for enterprise routers. In this example, the ASNs are as follows: ER-A: 64512 ER-B: 64513 ER-C: 64514 Default Route Table Association: Enable Default Route Table Propagation: Enable Auto Accept Shared Attachments: Set it based on site requirements. In this example, enable this option. Attachment: Three attachments are required for each enterprise router. In this example, the attachments are as follows: ER-A: VPC attachment er-attach-VPC-A: connects the network between VPC-A and ER-A. Peering connection attachment region-A-region-B: connects the network between ER-A and ER-B. Peering connection attachment region-A-region-C: connects the network between ER-A and ER-C. ER-B: VPC attachment er-attach-VPC-B: connects the network between VPC-B and ER-B. Peering connection attachment region-B-region-A: connects the network between ER-B and ER-A. Peering connection attachment region-B-region-C: connects the network between ER-B and ER-C. ER-C: VPC attachment er-attach-VPC-C: connects the network between VPC-C and ER-C. Peering connection attachment region-C-region-A: connects the network between ER-C and ER-A. Peering connection attachment region-C-region-B: connects the network between ER-C and ER-B. NOTICE: When a central network is set up to connect the enterprise routers, you must enable Default Route Table Association and Default Route Table Propagation for the enterprise routers.
Central network	1	A central network is required, with all enterprise routers are added to it as attachments. Name: Set it based on site requirements. In this example, the name is gcn-A-B-C. Policy: Region A: enterprise router ER-A Region B: enterprise router ER-B Region C: enterprise router ER-C Cross-region connection bandwidths: Region A-Region B: 10 Mbit/s Region A-Region C: 5 Mbit/s Region B-Region C: 20 Mbit/s
Global connection bandwidth	3	In this example, you need to purchase three global connection bandwidths to connect the cloud backbone networks in different regions. Name: Set it based on site requirements. In this example, the names are as follows: Global connection bandwidth for communications between region A and region B: bandwidth-A-B Global connection bandwidth for communications between region A and region C: bandwidth-A-C Global connection bandwidth for communications between region B and region C: bandwidth-B-C Bandwidth Type: Set it based on site requirements. In this example, select Geographic-region because the regions are in the same geographic region. Geographic region: Set it based on site requirements. In this example, select Chinese Mainland. Connect regions: Select the regions based on site requirements.
ECS	3	Create an ECS in each VPC to verify network connectivity. Name: Set it based on site requirements. In this example, the names are as follows: Region A: ECS-A Region B: ECS-B Region C: ECS-C Image: Select an image based on site requirements. In this example, a public image (CentOS 8.2 64bit) is used. Network: Select the VPC and subnet based on site requirements. In this example, the VPCs and subnets are as follows: ECS-A: VPC-A, subnet-A01 ECS-B: VPC-B, subnet-B01 ECS-C: VPC-C, subnet-C01 Security Group: Select a security group based on site requirements. In this example, the security group sg-demo uses a general-purpose web server template. Private IP addresses: ECS-A: 172.16.0.91 ECS-B: 192.168.0.5 ECS-C: 10.0.0.29

Parent topic: Connecting VPCs Across Regions Using Enterprise Router and Central Network

Previous topic: Overview

Next topic: Process of Connecting VPCs Across Regions Using Enterprise Router and Central Network

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot