Connecting Two VPCs in Different Regions

Solution Overview

Scenarios

A company has two branches, one in Beijing and the other in Hong Kong. There are two VPCs available, one in the CN North-Beijing4 region, and the other in the CN-Hong Kong region. To enable the two branches to communicate with each other over private network connections, a cloud connection is used to link the two VPCs in different regions.

Solution Architecture

1. Create a cloud connection.
2. Load the two VPCs to the cloud connection.
3. Buy a bandwidth package and assign inter-region bandwidths.
4. Confirm whether the two VPCs can communicate with each other through the cloud connection.

For details, see Figure 1.

Figure 1 Communications between VPCs in different regions

Advantages

• Ease of use: In just four simple steps, you can build cross-region connectivity between VPCs.

• High performance: Cloud Connect leverages the global network infrastructure of Huawei to provide high-quality, low-latency connectivity with bandwidth that can be flexibly adjusted to meet changing service requirements.

Constraints and Limitations

• A cloud connection cannot be created between VPCs that have overlapping CIDR blocks, or network communications will fail.
• If you load a VPC to a cloud connection created using the same account, you cannot enter loopback addresses, multicast addresses, or broadcast addresses for the custom CIDR block.
• If a NAT gateway has been created for any VPC you have loaded to a cloud connection, a custom CIDR block needs to be added and set to 0.0.0.0/0.

Resource Planning

The following table describes the resource planning in the best practice.

Cross-Region VPC Communication Process

In this scenario, to enable communication between the VPC in the CN-North Beijing4 region and the VPC in the CN-Hong Kong region, you need to apply for a cross-border permit to ensure data transmission security. Then, you need to create a cloud connection and load the two VPCs, purchase a bandwidth package, and configure the inter-region bandwidth.

Figure 2 Process for connecting VPCs in different regions using a cloud connection

Procedure

1. Apply for a cross-border permit.

   Skip this step if you do not require cross-border communications.

   Apply for a cross-border permit only when a VPC to be connected is outside the Chinese mainland and other VPCs are inside the Chinese mainland.

   1. Log in to the management console.
   2. Hover on to display Service List and choose Networking > Cloud Connect.
   3. In the navigation pane on the left, choose Cloud Connect > Bandwidth Packages.
   4. On the displayed page, click apply now.

      The Cross-Border Service Application System page is displayed.

   5. On the application page, set related parameters and upload related materials.

      Table 2 Online cross-border permit application

      Parameter
      Applicant Name
      Huawei Cloud UID
      Type of Product
      Bandwidth (M)
      Start Date
      Termination Date
      Customer Type
      Country of the Customer
      Contact Name
      Contact Number
      Type of ID
      ID Number
      Scope of Business
      Number of Employees
      Per Capita Bandwidth
      Branch Location Country

      

      Huawei Cloud ID is your account ID. You can take the following steps to obtain your account ID.

      1. Log in to the management console.
      2. Click the username and select My Credentials from the drop-down list.
         Figure 3 My credentials
         
      3. On the API Credentials page, view the Account ID.
         Figure 4 Obtaining an account ID
         

      Table 3 Required materials

      Material	Signature	Seal	Description
      A scanned copy of your company's business license	-	√	See the template Huawei Cloud provides for the position of the seal.
      A scanned copy of Huawei Cloud Cross-Border Circuit Service Agreement	√	√	Sign the material on the signature block. Stamp the seal over the signature.
      A scanned copy of China Unicom Letter of Commitment to Information Security of the Cross-Border Circuit Service	√	√	Sign the material on the signature block. Stamp the seal over the signature. Specify the bandwidth you estimated and your company name.

   6. Click Submit.

2. Create a cloud connection.
   1. Log in to the management console.
   2. Hover on the upper left corner to display Service List and choose Networking > Cloud Connect.
   3. In the navigation pane on the left, choose Cloud Connect > Cloud Connections.
   4. Click Create Cloud Connection.
   5. On the displayed Create Cloud Connection dialog box, configure the parameters and click OK.
      Figure 5 Create Cloud Connection
      

3. Load network instances.
   1. Locate the cloud connection, cloudconnect-001, and click its name.
   2. Click Network Instances.
   3. Click Load Network Instance.
   4. Configure parameters based on Table 4 and then click OK.

      Table 4 Parameters required for loading network instances

      Parameter	Description
      Account	Specifies whether network instances will be loaded across accounts. Select Current account.
      Region	Specifies the region where the VPC you want to connect is located.
      Instance Type	Specifies the type of the network instance. Two options are available, VPC and Virtual gateway. You can only load VPCs across accounts. Select VPC. NOTE: If you select Enterprise router for Scenario, the network instance type is enterprise router by default.
      VPC	Specifies the VPC you want to load to the cloud connection. This parameter is mandatory if you have set Instance Type to VPC.
      VPC CIDR Block	Specifies the subnets of the VPC you want to load and the custom CIDR blocks. If you have set Instance Type to VPC, configure the following two parameters: Subnet: Select one or all subnets of the VPC. Other CIDR Block: Add one or more custom CIDR blocks as needed.

      Figure 6 Loading a network instance
      
   5. In the dialog box indicating that the loading is successful, click Load Another Instance, configure the parameters based on Table 4, and then click OK.

4. Buy a bandwidth package.
   By default, the system allocates 10 kbit/s of bandwidth for testing network connectivity across regions. To ensure normal network communications between regions in the same geographic region or across geographic regions, you need to purchase a bandwidth package and bind it to a cloud connection.

   1. Hover on the upper left corner to display Service List and choose Networking > Cloud Connect.
   2. In the navigation pane on the left, choose Cloud Connect > Bandwidth Packages.
   3. Click Buy Bandwidth Package.
   4. Configure the parameters and click Buy Now.

      Table 5 Parameters required for buying a bandwidth package

      Parameter	Description
      Billing Mode	Specifies how you want the bandwidth package to be billed. You can purchase it by year or month as needed.
      Name	Specifies the bandwidth package name. The name can contain 1 to 64 characters, including only digits, letters, hyphens (-), underscores (_), and periods (.).
      Billed By	Specifies by what you want the bandwidth package to be billed.
      Applicability	Specifies whether you want to use the bandwidth package for network communications within a geographic region or between geographic regions. Two options are available: Single Geographic Region: Use the bandwidth package between regions in the same geographic region. Across Geographic Regions: Use the bandwidth package between regions in different geographic regions.
      Geographic Region	Specifies the geographic region.
      Bandwidth	Specifies the bandwidth you require for network communications across regions. The sum of all inter-region bandwidths cannot exceed the bandwidth of the bandwidth package. Assign the bandwidth based on your network plan. Unit: Mbit/s
      Tag	Identifies the bandwidth package. A tag consists of a key and a value. You can add a maximum of 10 tags to a bandwidth package. Tag keys and values must meet the requirements listed in Table 6. NOTE: If a predefined tag has been created on TMS, you can directly select the corresponding tag key and value. For details about predefined tags, see Predefined Tags.
      Required Duration	Specifies how long you require the bandwidth package for. Auto renewal is supported.
      Cloud Connection	Specifies the cloud connection you want to bind the bandwidth package to. Two options are available, Bind now and Bind later.

      Table 6 Tag key and value requirements

      Parameter	Requirements
      Key	Cannot be left blank. Must be unique for each resource. Can contain a maximum of 36 characters. Can contain only letters, digits, hyphens, underscores, and Unicode characters from \u4e00 to \u9fff.
      Value	Can be left blank. Can contain a maximum of 43 characters. Can contain only letters, digits, period, hyphens, underscores, and Unicode characters from \u4e00 to \u9fff.

   5. Confirm the information and click Pay Now.
   6. Click Pay.

      Go back to the bandwidth package list and locate the bandwidth package. If its status changes to Normal, you can bind the bandwidth package to a cloud connection.

5. Assign inter-region bandwidth.
   1. Log in to the management console.
   2. Hover on the upper left corner to display Service List and choose Networking > Cloud Connect.
   3. In the navigation pane on the left, choose Cloud Connect > Cloud Connections.
   4. In the cloud connection list, locate the cloud connection and click its name.
   5. Click Inter-Region Bandwidths.
   6. Click Assign Inter-Region Bandwidth and configure the parameters based on Table 7.

      Table 7 Parameters required for assigning inter-region bandwidth

      Parameter	Description
      Regions	Specifies the two regions between which network communications are required.
      Bandwidth Package	Specifies the bandwidth package you want to bind to the cloud connection.
      Bandwidth	Specifies the bandwidth you require for communications between regions, in Mbit/s. The sum of all inter-region bandwidths you assign cannot exceed the total bandwidth of the bandwidth package. Plan the bandwidth in advance.

   7. Click OK.

      After the inter-region bandwidth is configured, branch offices in Beijing and Hong Kong can communicate with each other. You can check the routing information to verify the configuration.