Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
Help Center/ API Gateway/ Best Practices/ Version Migration/ Migrating Shared Gateway to a Dedicated Gateway

Migrating Shared Gateway to a Dedicated Gateway

Updated on 2025-03-06 GMT+08:00

Scenario

The shared gateway will soon be discontinued. To prevent services from being affected, you can migrate existing resources from the shared gateway to the dedicated gateway.

Restrictions

  • The shared gateway using KooGallery cannot be migrated.
  • The shared gateway using cross-user authorization cannot be migrated.
  • The shared gateway using a VPC channel of ELB type cannot be migrated.
  • The shared resources created by DataArts need to be migrated using DataArts.

If the preceding scenarios are involved, submit a service ticket to contact technical support for assistance.

Possible Impact of Migration

  1. Changes in public inbound and outbound access

    Dedicated gateways have separate public inbound and outbound IP addresses, unique from those of the shared gateway. If there are security policies configured for upstream and downstream services (server and client), they will need to be updated to allow access to these new IP addresses.

  2. Changes in private inbound and outbound access

    Each dedicated gateway has an inbound private IP address and multiple outbound private IP addresses in the VPC. The basic, professional, enterprise, and platinum editions of a dedicated gateway have 3, 5, 6, and 7 private IP addresses, respectively. A platinum X requires 4 more private IP addresses than the previous edition. Network security policies need to be adjusted for upstream and downstream services (servers and clients) to ensure connectivity. If cross-VPC access is required for downstream services, connect the VPC endpoint service to the VPC endpoint of a dedicated gateway to ensure network connectivity. For details, see Procedure.

  3. Changes in the debugging domain name

    The group debugging domain name {group-id}.apig.{region-id}.huaweicloudapis.com of the shared gateway will be changed to {group-id}.apic.{region-id}.huaweicloudapis.com. Any API calls made using the debugging domain name will need corresponding updates.

General Procedure

  1. Pre-migration check

    Check the usage of the shared gateway and the dedicated gateway specifications to see if the migration is allowed.

  2. Create a dedicated gateway

    Purchase a dedicated gateway that meets the requirements of the shared gateway based on the check result.

  3. Apply for migration

    Contact technical support engineers or the customer manager to apply for migrating the shared gateway.

  4. Verify and switch traffic

    Verify the migration result and implement the traffic switching.

Implementation Procedure

Pre-migration check

  1. Check whether the user uses KooGallery.

    Log in to the APIG console. In the upper right corner of the Overview page, click Access Shared Gateway.
    • In the navigation pane, choose API Publishing > API Groups. If the statuses of all groups are Not listed, KooGallery is not used and the shared gateway can be migrated. Otherwise, submit a service ticket to contact technical support.

    • In the navigation tree on the left, choose API Calling > Purchased APIs to view the purchased APIs. If the list of purchased APIs is empty, KooGallery is not used and the shared gateway can be migrated. Otherwise, submit a service ticket to contact technical support.

  2. View API authorization information.

    1. In the navigation pane, choose API Publishing > APIs.
    2. Click the name of the target API.
    3. Click the Authorization tab to view the authorized apps. If the authorized app is not the user's own app, the shared gateway cannot be migrated. Submit a service ticket to contact technical support.

  3. Check the VPC channel type.

    In the navigation pane, choose API Publishing > VPC Channels. If ELB channel type exists, the shared gateway cannot be migrated.Submit a service ticket to contact technical support.

  4. Check whether the resources created by DataArts exist.

    In the navigation pane, choose API Publishing > API Groups. If the group name starts with dlm_default_ and the description contains default api group created by dlm, the group resource is created by the DataArts service. Contact DataArts service personnel to migrate these resources. Other resources can be migrated.

  5. View the number of recent API calls, sum up the numbers, estimate the current QPS, and determine the specification of the dedicated gateway to be purchased.

    1. In the navigation pane, choose API Publishing > APIs.
    2. Click the name of the target API.
    3. On the Dashboard tab, view the Requests (count) metric and calculate the QPS.

Creating a dedicated gateway

  1. Select an edition based on the estimated QPS. For details, see Specifications.
  2. Buy a gateway. For details, see Buying a Gateway.

    • Select the VPC where the backend server resides to simplify network configuration.
    • Determine whether to enable the public network inbound and outbound access based on service needs.

Apply for migration

Contact technical support engineers or the customer manager to apply for migrating the shared gateway and provide the following information:

Migration Account Name

XXXXX

Migration Information

Project ID

Dedicated Gateway ID

Region

XXX

XXX

XXX

Verifying and switching traffic

  1. After the migration is complete, perform debugging on the dedicated gateway to verify whether the resource functions are normal.

    • You can debug the API to test whether it functions properly. For details, see Debugging an API.
    • You can use the group debugging domain name to test API functions. For details, see Calling an API.

  2. After the verification is complete, perform traffic switching in the following scenarios:

    • Public network access using an independent domain name

      Change the CNAME record of the custom domain name from the subdomain name of the shared gateway to the domain name {instance-id}.apic.{region-id}.huaweicloudapis.com of the dedicated gateway.

    • Private network access in the same VPC using an independent domain name

      Change the CNAME record of the custom domain name from the subdomain name of the shared gateway to the domain name {instance-id}.apic.{region-id}.huaweicloudapis.com of the dedicated gateway.

    • Cross-VPC private network access using an independent domain name
      1. Establish a cross-VPC network connection using VPC endpoint service. For details, see Endpoint Overview and Managing Endpoints.
      2. Change the CNAME record of the custom domain name from the subdomain name of the shared gateway to the domain name of the new VPC endpoint created in 2.a.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback