Help Center> Cloud Connect> Best Practices> Connecting Multiple VPCs in Different Regions
Updated on 2023-05-09 GMT+08:00
View PDF

Connecting Multiple VPCs in Different Regions

Background

Instances in the VPCs in different regions can use EIPs or VPN connections to communicate with each other. However, EIPs and VPN connections are not so reliable because they are over the Internet, and if you use EIPs, data cannot be encrypted. To ensure stable and encrypted transmission, you can use Cloud Connect to connect the VPCs.

Scenarios

You have four VPCs, two in the CN East-Shanghai1 region, one in the CN-Hong Kong region, and one in the AF-Johannesburg region. You can use Cloud Connect to connect the VPCs in the three regions to build a network that features high performance, high availability, and low latency. The following figure shows a typical scenario where Cloud Connect is used to enable communications among these VPCs in different regions.

Figure 1 Cross-region multi-VPC communications

When you configure Cloud Connect, note that:

  • Subnet CIDR blocks of the VPCs cannot overlap or conflict with each other.
  • The routes for the subnets in the VPCs cannot conflict with existing routes, including those added for VPC Peering, Direct Connect, or VPN.

Prerequisites

  • The VPCs and subnets that need to communicate with each other across regions have been created.
  • The account balance is sufficient to purchase bandwidth packages.
  • A cross-border permit has been obtained from China Unicom. In this practice, there are two VPCs outside the Chinese mainland. In accordance with the regulations of the Ministry of Industry and Information Technology (MIIT), before you purchase bandwidth packages, you need to apply for a cross-border permit from China Unicom.

    If you do not need cross-border network communications, you can ignore the last item.

Procedure

  1. Apply for a cross-border permit.

    Skip this step if you do not require cross-border communications.

    Apply for a cross-border permit only when a VPC to be connected is outside the Chinese mainland and other VPCs are inside the Chinese mainland.

    1. Log in to the management console.
    2. Hover on to display Service List and choose Networking > Cloud Connect.
    3. In the navigation pane on the left, choose Cloud Connect > Bandwidth Packages.
    4. On the displayed page, click apply now.

      The Cross-Border Service Application System page is displayed.

    5. On the application page, set related parameters and upload related materials.
      Table 1 Online cross-border permit application

      Parameter

      Applicant Name

      Huawei Cloud UID

      Type of Product

      Bandwidth (M)

      Start Date

      Termination Date

      Customer Type

      Country of the Customer

      Contact Name

      Contact Number

      Type of ID

      ID Number

      Scope of Business

      Number of Employees

      Per Capita Bandwidth

      Branch Location Country
      Huawei Cloud ID is your account ID. You can take the following steps to obtain your account ID.
      1. Log in to the management console.
      2. Click the username and select My Credentials from the drop-down list.
        Figure 2 My credentials
      3. On the API Credentials page, view the Account ID.
        Figure 3 Obtaining an account ID
      Table 2 Required materials

      Material

      Signature

      Seal

      Description

      A scanned copy of your company's business license

      -

      See the template Huawei Cloud provides for the position of the seal.

      A scanned copy of Huawei Cloud Cross-Border Circuit Service Agreement

      • Sign the material on the signature block.
      • Stamp the seal over the signature.

      A scanned copy of China Unicom Letter of Commitment to Information Security of the Cross-Border Circuit Service

      • Sign the material on the signature block.
      • Stamp the seal over the signature.
      • Specify the bandwidth you estimated and your company name.
    6. Click Submit.

  2. Create a cloud connection.

    1. Log in to the management console.
    2. Hover on to display Service List and choose Networking > Cloud Connect.

    3. On the Cloud Connections page, click Create Cloud Connection.
      Figure 4 Create Cloud Connection
    4. Configure the parameters based on Table 3.
      Table 3 Parameters required for creating a cloud connection

      Parameter

      Description

      Name

      Specifies the cloud connection name. The name can contain only letters, digits, underscores (_), hyphens (-), and periods (.).

      Enterprise Project

      Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.

      Scenario

      VPC: VPCs or virtual gateways can use this cloud connection.

      Enterprise router: Only enterprise routers can use the cloud connection.

      Tag

      Identifies the cloud connection. A tag consists of a key and a value. You can add 10 tags to a cloud connection.

      Tag keys and values must meet the requirements listed in Table 4.

      NOTE:

      If a predefined tag has been created on TMS, you can directly select the corresponding tag key and value.

      For details about predefined tags, see Predefined Tags.

      Description

      Provides supplementary information about the cloud connection. The description can contain a maximum of 255 characters.
      Table 4 Tag key and value requirements

      Parameter

      Requirements

      Key
      • Cannot be left blank.
      • Must be unique for each resource.
      • Can contain a maximum of 36 characters.
      • Can contain only letters, digits, hyphens, and underscores.

      Value
      • Can be left blank.
      • Can contain a maximum of 43 characters.
      • Can contain only letters, digits, period, hyphens, and underscores.
    5. Click OK.

  3. Load network instances.

    Load the VPCs to the created cloud connection.

    1. In the cloud connection list, locate the cloud connection you just created and click its name, CloudConnect.
    2. Under Network Instances, click Load Network Instance.
    3. Select CN East-Shanghai1 for Region and VPC for Instance Type, select the VPC and its subnets, and click OK.
      Figure 5 Loading a network instance
    4. Repeat the preceding steps to load the other VPC in the CN East-Shanghai1 region, the VPC in the CN-Hong Kong region, and the VPC in the AF-Johannesburg region to the cloud connection.

      The four VPCs in the three regions are now on the same network. You can view the routes of each region on the Route Information tab page.

  4. Buy bandwidth packages.

    By default, the system allocates 10 kbit/s of bandwidth for testing network connectivity across regions. To ensure normal network communications, you need to purchase a bandwidth package and bind it to the cloud connection.

    Because there are three geographic regions, we need to buy two bandwidth packages, one for communications between the Chinese mainland and Hong Kong, and the other one for communications between the Chinese mainland and Southern Africa.

    1. Locate the created cloud connection and click its name to go to the details page. Under Bound Bandwidth Packages, click Buy Bandwidth Package.
    2. On the Buy Bandwidth Package page, configure the name, billing mode, applicability, geographic regions, bandwidth size, and required duration, enable auto renewal (if required), and them bind the bandwidth package to the cloud connection. Select Across Geographic Region for Applicability because the four VPCs are in three geographic regions.
      1. To enable communications between the CN East-Shanghai1 and the CN-Hong Kong regions, select Chinese mainland and Asia Pacific as geographic regions and set the bandwidth to 30 Mbit/s.
      2. To enable communications between the CN East-Shanghai1 and AF-Johannesburg regions, select Chinese mainland and Southern Africa as geographic regions and set the bandwidth to 2 Mbit/s.

      Click Bind now, select the cloud connection you just created, and click Buy Now.

    3. Confirm the information and click Pay Now.
    4. Click Pay.

      Go back to the bandwidth package list, locate the bandwidth package, and verify that its status is Normal.

      On the Bandwidth Packages page, you can view the purchased bandwidth package and its details, including the billing mode, order information, the cloud connection bound to, used bandwidth, and remaining bandwidth. You can also modify, unbind, renew, and unsubscribe from the bandwidth package.

  5. Assign inter-region bandwidths.

    On the cloud connection details page, assign bandwidths for network communications between regions.

    1. Locate the created cloud connection and click its name to go to the details page. Under Inter-Region Bandwidths, click Assign Inter-Region Bandwidth.
    2. Select CN East-Shanghai1 and CN-Hong Kong for Regions. The bandwidth package that you have purchased is displayed. Set the bandwidth to 30 Mbit/s.

      Repeat the preceding steps to assign 2 Mbit/s of bandwidth for communications between CN East-Shanghai1 and AF-Johannesburg.

    3. View the assigned bandwidths on the Inter-Region Bandwidths tab page.

      Now, the four VPCs can communicate with each other.

      The default security group rule denies all the inbound traffic. Ensure that security group rules in both directions are correctly configured for resources in the regions to ensure normal communications.