Help Center/ Cloud Connect/ Best Practices/ Connecting VPCs in Different Geographic Regions/ Using a Cloud Connection to Connect VPCs in Three Geographic Regions
Updated on 2025-01-15 GMT+08:00
View PDF
Share

Using a Cloud Connection to Connect VPCs in Three Geographic Regions

Background

Instances in the VPCs in different regions can use EIPs or VPN connections to communicate with each other. However, EIPs and VPN connections are not so reliable because they are over the Internet, and if you use EIPs, data cannot be encrypted. To ensure stable and encrypted transmission, you can use Cloud Connect to connect the VPCs.

Scenarios

You have four VPCs, two in the CN East-Shanghai1 region, one in the CN-Hong Kong region, and one in the AF-Johannesburg region. You can use a cloud connection to connect the VPCs in the three regions to build a network that features high performance, high availability, and low latency. The following figure shows a typical scenario where a cloud connection is used to enable communication among these VPCs in different regions.

For details about the regions where cloud connections are available, see Region Availability.

Figure 1 Connecting VPCs in multiple geographic regions

When you configure a cloud connection, note that:

  • Subnet CIDR blocks of the VPCs cannot overlap or conflict with each other.
  • The routes for the subnets in the VPCs cannot conflict with existing routes, including those added for VPC Peering, Direct Connect, or VPN.

Prerequisites

  • The VPCs and subnets that need to communicate with each other across regions have been created.
  • The account balance is sufficient to purchase bandwidth packages.
  • A cross-border permit has been obtained from China Unicom. In this practice, there are two VPCs outside the Chinese mainland. In accordance with the regulations of the Ministry of Industry and Information Technology (MIIT), before you purchase bandwidth packages, you need to apply for a cross-border permit from China Unicom.

    If cross-border communication is not required, you can ignore the last item.

Step 1: Apply for a Cross-Border Permit

If a VPC you want to connect is outside the Chinese mainland, you need to apply for a cross-border permit.

Skip this step if cross-border communication is not required.

  1. Go to the Bandwidth Packages page.
  2. On the displayed page, click apply now.

    If the registered address of your business entity is in the Chinese mainland, click here to go to the Cross-Border Service Application System page.

    If the registered address of your business entity is outside the Chinese mainland, click here to go to the Cross-Border Service Application System page.

    Select the address for applying for the cross-border permit based on the registration address of your business entity.

  3. On the displayed page, select an applicant type, configure the parameters as prompted, and upload the required materials.

    Prepare and upload the materials required on the application page.

    Table 1 Online cross-border permit application

    Parameter

    Description

    Applicant Name

    This name must be the same as the company name in the Letter of Commitment to Information Security.

    Huawei Cloud UID
    The account ID to log in to the management console. You can take the following steps to obtain your account ID.
    1. Log in to the management console.
    2. Click the username in the upper right corner and select My Credentials from the drop-down list.
    3. On the API Credentials page, view the Account ID.

    Bandwidth (Mbit/s)

    For reference only

    Start Date

    For reference only

    Termination Date

    For reference only

    Customer Type

    Select a type based on the actual situation.

    Country of the Customer

    Country where the applicant is located.

    Contact Name

    -

    Contact Number

    -

    Type of ID

    -

    ID Number

    -

    Scope of Business

    Briefly describe the main business.

    Number of Employees

    For reference only

    Branch Location Country

    Country where the applicant branch is located. Set this parameter based on the actual situation.

    Table 2 Required materials

    Parameter

    Description

    Required Material

    Signature

    Company Seal

    Business License

    Upload a photo of the business license with the official seal.

    For the position of the seal, see the template.

    A scanned copy of your company's business license

    -

    Service Agreement

    Download the Huawei Cloud Cross-Border Circuit Service Agreement, fill in the blank, upload the copy of agreement with the signature and official seal.

    • Sign the material on the signature block.
    • Stamp the seal over the signature.

    A scanned copy of the Huawei Cloud Cross-Border Circuit Service Agreement

    Letter of Commitment to Information Security

    Download the China Unicom Letter of Commitment to Information Security of the Cross-Border Circuit Service, fill in the blank, and upload the copy of the letter with the signature and seal.

    • Sign the material on the signature block.
    • Stamp the seal over the signature.
    • Specify the bandwidth you estimated and your company name.

    A scanned copy of the China Unicom Letter of Commitment to Information Security of the Cross-Border Circuit Service

  4. Click Submit.

Step 2: Create a Cloud Connection

  1. Go to the Cloud Connections page.
  2. In the upper right corner of the page, click Create Cloud Connection.
  3. Configure the parameters based on Table 3.

    Figure 2 Create Cloud Connection
    Table 3 Parameters for creating a cloud connection

    Parameter

    Example Value

    Description

    Name

    		   

    Specifies the cloud connection name.

    The name can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.

    Enterprise Project

    		   

    Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.

    Scenario

    		   

    VPC: VPCs or virtual gateways can use this cloud connection.

    Tag

    		   

    Identifies the cloud connection. A tag consists of a key and a value. You can add 20 tags to a cloud connection.

    NOTE:

    If a predefined tag has been created on Tag Management Service (TMS), you can directly select the corresponding tag key and value.

    For details about predefined tags, see Predefined Tags.

    Description

    		   

    Provides supplementary information about the cloud connection.

    The description can contain no more than 255 characters.

  4. Click OK.

Step 3: Load Network Instances

Load the VPCs that need to communicate with each other to the created cloud connection.

  1. Locate the created cloud connection from the cloud connection list. Click its name to go to the Basic Information tab.
  2. On the Network Instances tab, click Load Network Instance.
  3. Select CN East-Shanghai1 for Region and VPC for Instance Type, select the VPC and its subnets, and click OK.
  4. Repeat the preceding steps to load the other VPC in CN East-Shanghai1, the VPC in CN-Hong Kong, and the VPC in AF-Johannesburg to the cloud connection.

    After the VPCs are connected over the cloud connection, they are on the same network. You can view the routes of each VPC on the Route Information tab.

Step 4: Buy Bandwidth Packages

By default, Cloud Connect provides 10 kbit/s of bandwidth for testing cross-region network connectivity.

To ensure normal communication, you need to purchase two bandwidth packages and bind them to the cloud connection.

  1. In the cloud connection list, click the name (CloudConnect) of the cloud connection.
  2. On the Bandwidth Packages tab, click Buy Bandwidth Package.
  3. On the displayed page, configure the name, billing mode, applicability, geographic regions, bandwidth size, and required duration, enable auto renewal (if required), and then bind the bandwidth package to the cloud connection. Select Across Geographic Region for Applicability because the four VPCs are in three geographic regions.

    1. To enable communication between CN East-Shanghai1 and CN-Hong Kong, select Chinese mainland and Asia Pacific as geographic regions and set the bandwidth to 30 Mbit/s.
    2. To enable communication between CN East-Shanghai1 and AF-Johannesburg, select Chinese mainland and Southern Africa as geographic regions and set the bandwidth to 2 Mbit/s.

    Click Bind now, select the cloud connection you just created, and click Buy Now.

  4. Confirm the configuration and click Pay Now.
  5. Click OK.

    View the bandwidth package in the bandwidth package list. If the status changes to Normal, the purchase is successful.

    On the Bandwidth Packages tab, you can view the purchased bandwidth packages and their details, such as the billing mode, order information, the cloud connection, used bandwidth, and remaining bandwidth. You can also modify, unbind, renew, and unsubscribe from the bandwidth packages.

Step 5: Assign Inter-Region Bandwidths

Assign bandwidth from each purchased bandwidth package for communication between the VPCs.

  1. Click the name of the created cloud connection to go to the details page. On the Inter-Region Bandwidths tab, click Assign Inter-Region Bandwidth.
  2. Select CN East-Shanghai1 and CN-Hong Kong for Regions. The bandwidth package that you have purchased is displayed. Set the bandwidth to 30 Mbit/s.

    Repeat the steps to assign 2 Mbit/s of bandwidth for communication between CN East-Shanghai1 and AF-Johannesburg.

  3. View the assigned bandwidth on the Inter-Region Bandwidths tab.

    Now, the VPCs can communicate with each other.

    The default security group rules deny all the inbound traffic. Ensure that security group rules in both directions are correctly configured for resources in the regions to ensure normal communication.