Summary on Enterprise Router Best Practices
An enterprise router is a high-specification, high-bandwidth, and high-performance router that connects virtual private clouds (VPCs) and on-premises networks to build a central hub network. Enterprise routers use the Border Gateway Protocol (BGP) to learn, dynamically select, or switch between routes, thereby significantly improving the network scalability and O&M efficiency and ensuring the service continuity.
You can use enterprise routers together with other Huawei Cloud services to flexibly construct different networks. This document provides best practices of typical networking for your reference.
|
Networking |
Scenario |
Cloud Service |
Description |
|---|---|---|---|
|
Cross-region network |
Connecting VPCs Across Regions Using Enterprise Router and Central Network |
|
For nearby access, an enterprise runs workloads in regions A, B, and C. The VPCs in each region need to communicate with each other. To achieve this, you can:
|
|
Intra-region network |
|
There are four VPCs in a region of Huawei Cloud, with service A, service B, and service C respectively in VPC 1, VPC 2, and VPC 3, and common service in VPC 4. The network requirements are as follows:
|
|
|
Intra-region network |
Using a Third-Party Firewall to Protect VPCs Connected by Enterprise Routers |
|
There are three VPCs in a region of Huawei Cloud, with service A and service B respectively in VPC 1 and VPC 2, and the third-party firewall in VPC 3. For security purposes, the traffic to service A and service B must be filtered by the firewall in VPC 3. |
|
Hybrid cloud network |
Using Enterprise Router and a Transit VPC to Allow an On-Premises Data Center to Access Service VPCs |
|
You can use enterprise routers to build a central network and to simplify the network architecture. There are two typical networking schemes. One is to attach the service VPCs to the enterprise router. The other is to use a transit VPC to build a network, together with VPC Peering and Enterprise Router. Compared with scheme 1, scheme 2 costs less and eliminates some restrictions. |
|
Hybrid cloud network |
Setting Up a Hybrid Cloud Network Using Enterprise Router and Direct Connect Global DC Gateway |
|
Suppose your enterprise has deployed two VPCs in a region. The two VPCs need to communicate with each other and communicate with your on-premises data center through a global DC gateway. |
|
Hybrid cloud network |
|
Direct Connect establishes a dedicated, secure, stable, and high-speed network connection between your on-premises data center and VPCs. Direct Connect now provides global DC gateways that allow you to build a large-scale hybrid cloud network globally.
To improve the performance and reliability of the hybrid cloud network, your enterprise uses two Direct Connect connections to connect your on-premises data center to the VPCs. The two Direct Connect connections work in load balancing mode. When both connections are working normally, network transmission is greatly improved. If one connection is faulty, the other connection ensures the normal running of the hybrid cloud network and thereby prevents service interruptions caused by a single connection
|
|
|
Hybrid cloud network |
|
Direct Connect establishes a dedicated, secure, stable, and high-speed network connection between your on-premises data center and VPCs. Direct Connect now provides global DC gateways that allow you to build a large-scale hybrid cloud network globally. To improve the reliability of the hybrid cloud network and reduce costs, your enterprise uses a pair of active/standby Direct Connect connections to connect your on-premises data center to the VPCs. Both connections are associated with one enterprise router for automatic switchover. If the active connection becomes faulty, the standby one automatically takes over, which minimizes service interruptions. |
|
|
Hybrid cloud network |
|
Direct Connect establishes a dedicated, secure, stable, and high-speed network connection between your on-premises data center and VPCs. Direct Connect now provides global DC gateways that allow you to build a large-scale hybrid cloud network globally. VPN establishes a secure, encrypted communication tunnel between your on-premises data center and your VPC. Compared with Direct Connect, VPN is cost-effective and can be quickly deployed.
To improve the reliability of the hybrid cloud network, your enterprise uses both Direct Connect and VPN connections to connect your on-premises data center to the VPCs. The Direct Connect connection works as the active connection and a VPN connection works as the standby one. If the active connection becomes faulty, the standby connection automatically takes over, which eliminates network interruptions.
|
|
|
Hybrid cloud network |
Setting Up a Hybrid Cloud Network Using Enterprise Router and Direct Connect (Virtual Gateway) |
|
There are two VPCs in a region. The two VPCs need to access each other and share the same Direct Connect connection to communicate with an on-premises data center. For this to work, you can create an enterprise router in the region, and attach the two VPCs and the virtual gateway of the Direct Connect connection to the enterprise router. The enterprise router can forward traffic among the attached VPCs and the virtual gateway, and the two VPCs can share the Direct Connect connection. |
|
Hybrid cloud network |
|
To improve the performance and reliability of the hybrid cloud network, your enterprise uses two Direct Connect connections to connect your on-premises data center to the VPCs. The two Direct Connect connections work in load balancing mode. When both connections are working normally, network transmission is greatly improved. If one connection is faulty, the other connection ensures the normal running of the hybrid cloud network and thereby prevents service interruption caused by a single connection.
|
|
|
Hybrid cloud network |
Setting Up a Hybrid Cloud Network Using Enterprise Router, VPN, and Direct Connect (Virtual Gateway) |
|
To improve the reliability of the hybrid cloud network, your enterprise uses both Direct Connect and VPN connections to connect your on-premises data center to the VPCs. The Direct Connect connection works as the active connection and a VPN connection works as the standby one. If the active connection becomes faulty, the standby connection automatically takes over, which eliminates network interruptions.
|
|
Access to the public network from the cloud network |
Allowing VPCs to Share an EIP to Access the Internet Using Enterprise Router and NAT Gateway |
|
There are four VPCs in region A on Huawei Cloud. VPC 1, VPC 2, and VPC 3 need to communicate with each other, and share an EIP through an SNAT rule of a NAT gateway in VPC 4 to access the Internet. |
|
Network migration |
Using Enterprise Router to Migrate the Network Set Up Through VPC Peering |
|
There are three VPCs (VPC-A, VPC-B, and VPC-C) in region A and connected over VPC peering connections. To improve network scalability and reduce O&M costs, you can use an enterprise router to connect the three VPCs. |
|
Network migration |
Using Enterprise Router to Migrate the Network Set Up Through Direct Connect |
|
Your on-premises data center can access VPC-X in region A over a Direct Connect connection that has a virtual gateway (VGW-A) and two virtual interfaces (VIF-A01 and VIF-A02). To improve the reliability of your hybrid cloud network and reduce O&M costs, you can migrate the network by replacing Direct Connect with Enterprise Router. |
|
Network migration |
Using Enterprise Router and Central Network to Migrate the Network Set Up Through a Cloud Connection |
|
As shown in Figure 1, the VPCs in three regions (region A, region B, and region C) are connected over a cloud connection. To improve the network scalability and simplify maintenance, you can attach the VPCs to enterprise routers and add the enterprise routers to a central network as attachments, so that these VPCs can communicate with each other. |
If you need to set up a hybrid cloud network, it is recommended that you use Enterprise Router and Direct Connect Global DC Gateway.
From May 2024, Enterprise Router and Direct Connect Virtual Gateway cannot be used together to set up a hybrid cloud network. Existing networks that are set up using Enterprise Router and Direct Connect Virtual Gateway are not effected.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
