Updated on 2024-06-27 GMT+08:00

Overview

Scenario

There are three VPCs in a region of Huawei Cloud, with service A and service B respectively in VPC 1 and VPC 2, and the third-party firewall in VPC 3. For security purposes, the traffic to service A and service B must be filtered by the firewall in VPC 3.

Figure 1 Protecting traffic for VPCs in the same region

You can share an enterprise router with different accounts to attach VPCs of these accounts to the same enterprise router for communications.

Operation Procedure

Figure 2 shows the procedure for using an enterprise router to scrub traffic for VPCs in the same region.

Figure 2 Flowchart for protecting VPC traffic in the same region
Table 1 Steps for protecting VPC traffic in the same region

No.

Procedure

Description

1

Network and Resource Planning

Plan required CIDR blocks and the number of resources.

2

Creating Resources

  1. Create an enterprise router.
  2. Create three VPCs and three ECSs.

3

Configuring Networks

  1. Create VPC attachments for the enterprise router:
    1. Attach the three VPCs to the enterprise router.
    2. Create two custom route tables for the enterprise router.
    3. Associate and propagate VPC attachments with the route tables of the enterprise router.
    4. In the route tables of the VPCs, add routes for traffic to route through the enterprise router.
  2. Configure kernel parameters and routes for ECS 3 to allow communications between NICs eth0 and eth1.

4

Verifying Network Connectivity and Traffic Scrubbing

Log in to an ECS and run the ping command to verify the network connectivity.