Using a Cloud Connection to Connect VPCs in Two Geographic Regions

Solution Overview

Scenario

A company has two branches, one in Beijing and the other in Hong Kong. There are two VPCs available, one in the CN North-Beijing4 region, and the other in the CN-Hong Kong region. To enable the two branches to communicate with each other over a private network, a cloud connection is used to link the two VPCs in different regions.

For details about the regions where cloud connections are available, see Region Availability.

Solution Architecture

1. Create a cloud connection.
2. Load the two VPCs to the cloud connection.
3. Buy a bandwidth package and assign an inter-region bandwidth.
4. Confirm whether the two VPCs can communicate with each other through the cloud connection.

For details, see Figure 1.

Figure 1 Communication between VPCs in different regions

Advantages

• Ease of use: In just four simple steps, you can build cross-region connectivity between VPCs.

• High performance: Cloud Connect leverages the global network infrastructure of the public cloud to provide high-quality, low-latency connectivity with bandwidth that can be flexibly adjusted to meet changing service requirements.

Constraints

• A cloud connection cannot be used to connect VPCs that have overlapping CIDR blocks, or communication will fail.
• If you load a VPC to a cloud connection created using the same account, you cannot enter loopback addresses, multicast addresses, or broadcast addresses for the custom CIDR block.
• If a NAT gateway has been created for any VPC you have loaded to a cloud connection, a custom CIDR block needs to be added and set to 0.0.0.0/0.

Resource Planning

The following table describes the resource planning in the best practice.

Procedure for Connecting VPCs in Beijing and Hong Kong

In this example, to connect the VPC in CN North-Beijing4 and the VPC in CN-Hong Kong, you need to apply for a cross-border permit to ensure data transmission security. Then, you need to create a cloud connection and load the two VPCs, purchase a bandwidth package, and assign inter-region bandwidths.

Figure 2 Process for connecting VPCs in different geographic regions using a cloud connection

Step 1: Apply for a Cross-Border Permit

If a VPC you want to connect is outside the Chinese mainland, you need to apply for a cross-border permit.

Skip this step if communication across geographic regions is not required.

1. Go to the Bandwidth Packages page.
2. On the displayed page, click apply now.

   If the registered address of your business entity is in the Chinese mainland, click here to go to the Cross-Border Service Application System page.

   If the registered address of your business entity is outside the Chinese mainland, click here to go to the Cross-Border Service Application System page.

   

   Select the address for applying for the cross-border permit based on the registration address of your business entity.

3. On the displayed page, select an applicant type, configure the parameters as prompted, and upload the required materials.
   

   Prepare and upload the materials required on the application page.

   Table 3 Online cross-border permit application

   Parameter	Description
   Applicant Name	The applicant name, which must be the same as the company name in the Letter of Commitment to Information Security.
   Huawei Cloud UID	The account ID to log in to the management console. You can take the following steps to obtain your account ID. Log in to the management console. Move you cursor over the username in the upper right corner and select My Credentials from the drop-down list. On the API Credentials page, obtain the Account ID.
   Bandwidth(M)	For reference only
   Start Date	For reference only
   Termination Date	For reference only
   Customer Type	Select a type based on the actual situation.
   Country of the Customer	Country where the applicant is located.
   Contact Name	-
   Contact Number	-
   Type of ID	-
   ID Number	-
   Scope of Business	Briefly describe the main business.
   Number of Employees	For reference only
   Branch Location Country	Country where the applicant branch is located. Set this parameter based on the actual situation.

   Table 4 Required materials

   Parameter	Description	Required Material	Signature	Seal
   Business License	Upload a photo of the business license with the official seal. For the position of the seal, see the template provided by Huawei Cloud.	A scanned copy of your company's business license	-	√
   Service Agreement	Download the Huawei Cloud Cross-Border Circuit Service Agreement, fill in the blank, upload the copy of agreement with the signature and official seal. Sign the material on the signature block. Stamp the seal over the signature.	A scanned copy of the Huawei Cloud Cross-Border Circuit Service Agreement	√	√
   Letter of Commitment to Information Security	Download the China Unicom Letter of Commitment to Information Security of the Cross-Border Circuit Service, fill in the blank, and upload the copy of the letter with the signature and seal. Sign the material on the signature block. Stamp the seal over the signature. Specify the bandwidth you estimated and your company name.	A scanned copy of the China Unicom Letter of Commitment to Information Security of the Cross-Border Circuit Service	√	√

4. Click Submit.
   

   After you submit the application, the status will change to Pending approval. The review takes about one working day. When the status changes to Approved, the cross-border permit is ready for use.

Step 2: Create a Cloud Connection

1. Go to the Cloud Connections page.
2. In the upper right corner of the page, click Create Cloud Connection.
3. Configure the parameters based on Table 5.

   Table 5 Parameters for creating a cloud connection

   Parameter	Description	Example Value
   Name	Specifies the cloud connection name. The name can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.	cc-test
   Enterprise Project	Specifies an enterprise project by which cloud resources and members are centrally managed.	default
   Scenario	VPC: Only VPCs or virtual gateways can use this cloud connection.	VPC
   Tag	Specifies the tag to identify the cloud connection. A tag consists of a key and a value. You can add up to 20 tags to a cloud connection. NOTE: If a predefined tag has been created on TMS, you can directly select the corresponding tag key and value. For details about predefined tags, see Predefined Tags.	-
   Description	Provides supplementary information about the cloud connection. The description can contain no more than 255 characters.	-

4. Click OK.

Step 3: Load Network Instances

Load the VPCs that need to communicate with each other to the cloud connection.

1. Go to the Cloud Connections page.
2. Click the name of the cloud connection to go to the Basic Information tab.
3. Click the Network Instances tab.
4. Click Load Network Instance.
5. Configure the parameters based on Table 6 and click OK.
   Figure 3 Loading a VPC
   

   Table 6 Parameters for loading network instances in the same account as the cloud connection

   Parameter	Description	Example Value
   Account	Specifies the account that provides the network instance.	Current account
   Region	Specifies the region where the VPC you want to load is located.	CN North-Beijing4
   Instance Type	Specifies the type of the network instance that needs to be loaded to the cloud connection. There are two options: VPC Virtual gateway	VPC
   VPC	Specifies the VPC you want to load to the cloud connection. This parameter is mandatory if you have set Instance Type to VPC.	VPC in Beijing
   VPC CIDR Block	Specifies the subnets in the VPC and custom CIDR blocks. If you have set Instance Type to VPC, you need to configure the following two parameters: Subnet Other CIDR Block: Add one or more custom CIDR blocks as needed.	Beijing Subnet
   Remarks	Provides supplementary information about the network instance.	-

6. In the displayed dialog box, click Continue Loading to load the VPC in CN-Hong Kong. Close the dialog box and view the loaded VPCs on the Network Instances tab.

Step 4: Buy a Bandwidth Package

By default, a cloud connection provides 10 kbit/s of bandwidth for testing cross-region network connectivity. To enable normal communication between regions in the same geographic region or different geographic regions, you need to purchase a bandwidth package and bind it to the cloud connection.

1. Click the name of the created cloud connection to go to the Basic Information page.
2. Click the Bandwidth Packages tab.
3. Click Buy Bandwidth Package. On the displayed page, configure parameters based on Table 7 and click Next.

   Table 7 Parameters for buying a bandwidth package

   Parameter	Description	Example Value
   Basic Information
   Billing Mode	The only option is Yearly/Monthly. You can purchase it by year or month as needed.	Yearly/Monthly
   Name	Specifies the bandwidth package name. The name can contain 1 to 64 characters. Only digits, letters, underscores (_), hyphens (-), and periods (.) are allowed.	bandwidthPackge-test
   Enterprise Project	Specifies an enterprise project by which cloud resources and members are centrally managed.	default
   Tag (Optional)	Specifies the tag to identify the bandwidth package. A tag consists of a key and a value. You can add 20 tags to a bandwidth package. NOTE: If a predefined tag has been created on TMS, you can directly select the corresponding tag key and value. For details about predefined tags, see Predefined Tags.	-
   Bandwidth Details
   Billed By	Specifies by what you want the bandwidth package to be billed.	Bandwidth
   Applicability	Specifies whether you want to use the bandwidth package for communication within a geographic region or between geographic regions. There are two options: Single geographic region: Use the bandwidth package for communication between regions in the same geographic region. Across geographic regions: Use the bandwidth package for communication between regions in different geographic regions.	Single geographic region
   Geographic Region	Specifies the geographic regions.	Chinese mainland
   Bandwidth (Mbit/s)	Specifies the bandwidth you require for communication between regions. The sum of all inter-region bandwidths you assign cannot exceed the total bandwidth of the bandwidth package. Assign the bandwidth based on your network plan. Unit: Mbit/s	10
   Required Duration	Specifies how long you require the bandwidth package for. Auto renewal is supported.	1
   Cloud Connection	Specifies the cloud connection you want to bind the bandwidth package to. There are two options: Bind now Bind later	Bind later

4. Confirm the configuration and submit your order.

   Go back to the bandwidth package list and locate the bandwidth package. If its status changes to Normal, you can bind the bandwidth package to the cloud connection.

Step 5: Assign an Inter-Region Bandwidth

By default, a cloud connection provides 10 kbit/s of bandwidth for testing cross-region network connectivity.

1. Click the name of the created cloud connection to go to the Basic Information page.
2. Click the Inter-Region Bandwidths tab.
3. Click Assign Inter-Region Bandwidth and configure the parameters based on Table 8.

   Table 8 Parameters required for assigning an inter-region bandwidth

   Parameter	Description	Example Value
   Regions	Specifies the regions of the network instances that need to communicate with each other. Select two regions.	CN North-Beijing4 CN-Hong Kong
   Bandwidth Package	Specifies the purchased bandwidth package that will be bound to the cloud connection.	bandwidthPackge-test
   Bandwidth (Mbit/s)	Specifies the bandwidth you require for communication between regions, in Mbit/s. The sum of all inter-region bandwidths you assign cannot exceed the total bandwidth of the bandwidth package. Plan the bandwidth in advance.	10

4. Click OK.

   Now the branches in Beijing and Hong Kong can communicate with each other. You can check the routing information to verify the configuration.