Help Center/ Cloud Connect/ Best Practices/ Connecting VPCs Across Regions Using a Cloud Connection and a VPC Peering Connection
Updated on 2024-09-29 GMT+08:00
View PDF
Share

Connecting VPCs Across Regions Using a Cloud Connection and a VPC Peering Connection

Scenarios

This practice provides detailed operations for you to enable communication between VPCs in different regions using a VPC Peering connection and a cloud connection.

For details about the regions where cloud connections are available, see Region Availability.

In the following figure, CN East-Shanghai1 and CN South-Guangzhou each have three VPCs, one production VPC, one office VPC, and one transit VPC:

  • The production VPC in CN East-Shanghai1 needs to communicate with the production VPC in CN South-Guangzhou.
  • The office VPC in CN East-Shanghai1 needs to communicate with the office VPC in CN South-Guangzhou.
  • The production VPC and the office VPC cannot communicate with each other.
Figure 1 Network topology
Table 1 Service configuration

Cloud Service

Scenario

Description

Related Operations

VPC Peering

Two VPCs are in the same region.

Create a VPC peering connection to connect two VPCs in the same region. The two VPCs can be in the same account or in different accounts.

Creating a VPC Peering Connection to Connect Another VPC in the Same Account

Creating a VPC Peering Connection to Connect a VPC in Another Account

Cloud connection

VPCs are in different regions.

Create a cloud connection to connect the VPCs across regions. The VPCs can be in the same account or in different accounts.

Using a Cloud Connection to Connect VPCs in Different Regions

To connect the VPCs using a VPC Peering connection and a cloud connection, ensure that the subnets in the VPCs do not overlap or conflict.

Prerequisites

  • You have a Huawei Cloud account, and the Huawei Cloud account has been configured with operation permissions of related services.
  • The account balance is sufficient to purchase the required resources, such as bandwidth packages and ECSs.
  • The VPCs and subnets that need to communicate with each other have been created.

Procedure

  1. Configure VPC Peering.

    1. Create a VPC peering connection.
      1. Go to the VPC Peering Connections page.
      2. In the upper right corner of the page, click Create VPC Peering Connection.

        The Create VPC Peering Connection page is displayed.

      3. Configure the parameters based on Table 2. Select My account.
        Figure 2 Creating a VPC peering connection
      Table 2 Parameters required for creating a VPC Peering connection

      Parameter

      Description

      Name

      Specifies the name of the VPC peering connection.

      The name contains a maximum of 64 characters and consists of letters, digits, hyphens (-), and underscores (_).

      Local VPC

      Specifies the VPC you want to connect over the VPC peering connection.

      Local VPC CIDR Block

      Specifies the CIDR block for the local VPC.

      Account

      Specifies whether the VPC to be peered with are from your account or from another account.

      • My account: The VPC is from your account.
      • Another account: The VPC is from another account.

      Peer Project

      Specifies the peer project name. The name of the current project is used by default.

      Peer VPC

      Specifies the other VPC you want to connect. You can select one from the drop-down list if the VPC peering connection is created between two VPCs in your own account.

      Peer VPC CIDR Block

      Specifies the CIDR block for the peer VPC.

      The local and peer VPCs cannot have identical or overlapping CIDR blocks. Otherwise, the routes added for the VPC peering connection may not take effect.

      Description

      (Optional) Provides supplementary information about the VPC peering connection.

      The description can contain no more than 255 characters and cannot contain angle brackets (<>).
      1. Click OK.
    2. Add routes for the VPC peering connection.

      If you request a VPC peering connection with another VPC in your own account, the system automatically accepts the request. You still need to add local and peer routes on the Route Tables page for the VPC peering connection.

      1. Go to the VPC console.
      2. In the navigation pane on the left, choose Route Tables.
      3. Search for or create a route table for the local VPC and add routes for the local VPC. Table 3 describes the parameters.
        Figure 3 Adding local route
        Table 3 Parameters required for adding routes for the VPC peering connection

        Parameter

        Description

        Destination

        Specifies the CIDR block for the peer VPC.

        Next Hop Type

        Specifies the next hop type. Select VPC peering connection.

        Next Hop

        Specifies the next hop address. Select the created VPC peering connection.

        Description

        (Optional) Provides supplementary information about the route.

        The description can contain no more than 255 characters and cannot contain angle brackets (<>).
      4. Search for or create a route table for the peer VPC and add routes for the peer VPC.
        Table 4 Parameters required for adding routes for the VPC peering connection

        Parameter

        Description

        Destination

        Specifies the CIDR block for the local VPC.

        Next Hop Type

        Specifies the next hop type. Select VPC peering connection.

        Next Hop

        Specifies the next hop address. Select the created VPC peering connection.

        Description

        (Optional) Provides supplementary information about the route.

        The description can contain no more than 255 characters and cannot contain angle brackets (<>).
      5. Repeat the above steps to create a VPC peering connection between the office VPC and the transit VPC in CN East-Shanghai1 and add local and peer routes.

        Repeat the above operations to create two VPC peering connections in CN South-Guangzhou, with one connecting the production VPC to the transit VPC and the other connecting the office VPC to the transit VPC.

        In the above steps, you can visit the route table module directly from the navigation pane on the left.

  1. Create a cloud connection.

    1. Create a cloud connection.
      1. Go to the Cloud Connections page.
      2. In the upper right corner of the page, click Create Cloud Connection.
      3. Configure the parameters based on Table 5.
        Figure 4 Create Cloud Connection
        Table 5 Parameters for creating a cloud connection

        Parameter

        Description

        Name

        Specifies the cloud connection name.

        Enterprise Project

        Specifies the enterprise project for managing the cloud connection.

        An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is default.

        For details about creating and managing enterprise projects, see the Enterprise Management User Guide.

        Scenario

        Specifies whether the cloud connection is used to connect VPCs or enterprise routers.

        If you select VPC here, only VPCs or virtual gateways can use this cloud connection.

        Tag

        Identifies the cloud connection. A tag consists of a key and a value. You can add 20 tags to a cloud connection.

        NOTE:

        If you have configured tag policies for Cloud Connect, add tags to cloud connections based on the tag policies. If you add a tag that does not comply with the tag policies, cloud connections may fail to be created. Contact your administrator to learn more about tag policies.

        Description

        (Optional) Provides supplementary information about the cloud connection.

        The description can contain no more than 255 characters and cannot contain angle brackets (<>).
      4. Click OK.
    2. Load network instances.

      Load the transit VPC in CN East-Shanghai1 to the created cloud connection.

      1. In the cloud connection list, click the name (CloudConnect) of the cloud connection.

        On the displayed page, you can view details about the cloud connection, such as its name, ID, status, time when the cloud connection was created, and description. There are also four tabs: Network Instances, Bandwidth Packages, Inter-Region Bandwidths, and Route Information.

        Figure 5 Cloud connection details
      1. Click Network Instances.
      2. Click Load Network Instance.
      1. Configure the parameters.
        Figure 6 Network instance details

        To communicate with the production VPC and the office VPC in CN East-Shanghai1, you need to set the CIDR blocks of the two VPCs as custom CIDR blocks.

      2. Click OK.
      3. Repeat the above steps to load the transit VPC in CN South-Guangzhou to the cloud connection and set the CIDR block of the production VPC and the CIDR block of the office VPC in CN South-Guangzhou as custom CIDR blocks.
        Figure 7 Loading another VPC

        After the VPCs are loaded, they are on the same network. You can view the routes of each VPC on the Route Information tab.

    3. Buy a bandwidth package.

      By default, a cloud connection provides 10 kbit/s of bandwidth for testing cross-region network connectivity.

      To ensure normal communication, you need to purchase a bandwidth package and bind it to the cloud connection.

      1. In the cloud connection list, click the name (CloudConnect) of the cloud connection.
      2. On the Bandwidth Packages tab, click Buy Bandwidth Package.
        Figure 8 Buy Bandwidth Package
      1. Configure the parameters.

        Because the two VPCs are in the Chinese mainland, select Single geographic region for Applicability and Chinese mainland for Geographic Region.

      1. Click Buy Now.
      2. Confirm the configuration and click Pay Now.
      3. Click OK.

        Go back to the bandwidth package list and locate the bandwidth package. If its status changes to Normal, you can bind the bandwidth package to the cloud connection.

        In the navigation pane, choose Bandwidth Packages. On the Bandwidth Packages package, you can view the purchased bandwidth package and its details, such as the billing mode, order information, the cloud connection, used bandwidth, and remaining bandwidth. You can also modify, unbind, renew, and unsubscribe from the bandwidth package.

    4. Assign an inter-region bandwidth.

      Assign bandwidth from the purchased bandwidth package for communication between the VPCs.

      1. In the cloud connection list, click the name (CloudConnect) of the cloud connection.
      2. On the Inter-Region Bandwidths tab, click Assign Inter-Region Bandwidth.
        Figure 9 Assigning inter-region bandwidth
      3. Configure the parameters.

        Select CN South-Guangzhou and CN East-Shanghai1 for Regions. The system automatically displays the bandwidth package bound to the cloud connection. Set the bandwidth based on your requirements, for example, 1 Mbit/s.

      4. View the assigned bandwidth on the Inter-Region Bandwidths tab.

Verification

  • Check the route table of the transit VPC in CN East-Shanghai1.
    Figure 10 Route table of the transit VPC in CN East-Shanghai1
  • Check the route table of the production VPC in CN East-Shanghai1.
    Figure 11 Route table of the production VPC in CN East-Shanghai1
  • Check the route table of the office VPC in CN East-Shanghai1.
    Figure 12 Route table of the office VPC in CN East-Shanghai1
  • Check the route table of the transit VPC in CN South-Guangzhou.
    Figure 13 Route table of the transit VPC in CN South-Guangzhou
  • Check the route table of the production VPC in CN South-Guangzhou.
    Figure 14 Route table of the production VPC in CN South-Guangzhou
  • Check the route table of the office VPC in CN South-Guangzhou.
    Figure 15 Route table of the office VPC in CN South-Guangzhou
  • Ping an ECS in the production VPC in CN South-Guangzhou from an ECS in the production VPC in CN East-Shanghai1.
    Figure 16 Pinging two ECSs
  • Ping an ECS in the office VPC in CN South-Guangzhou from an ECS in the office VPC in CN East-Shanghai1.
    Figure 17 Pinging two ECSs