Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
On this page

Network and Resource Planning

Updated on 2024-11-21 GMT+08:00
Plan the network and required resources before, during, and after the migration.
  • Network Planning: Plan CIDR blocks of VPCs and their subnets, and route tables of VPCs and the enterprise router.
  • Resource Planning: Plan the quantity, names, and other parameters of cloud resources, including VPCs, ECSs, and the enterprise router.

Network Planning

During the migration, in addition to routes for communications among enterprise router and VPCs, you also need to add routes for verification and temporary communications. After the migration is complete, you can delete unnecessary routes. For details about the network planning, see Table 1.

The following figures show the network in different phases.

NOTE:

The routes in the figures are only examples for your reference. You need to plan routes based on service requirements.

Figure 1 Networking topology before migration
Figure 2 Networking topology during migration
Figure 3 Networking topology after migration
Table 1 Network planning details

Route Table

Description

VPC route table

Table 2 lists the routes in this route table.
  1. Before the migration, the destination of the route with next hop set to VPC peering connection is a CIDR block of a VPC subnet. This only connects specific subnets of VPCs.
  2. During the migration, add routes as follows:
    • The routes for temporary communications ensure that traffic is not interrupted when original routes added for VPC peering connections are deleted.

      The next hop of the routes can be any VPC peering connection of the VPC. The route destinations cannot be used by any other services. You can set the destinations to those that are rarely used. In this example, the destinations are 1.1.1.1/32, 1.1.1.2/32, and 1.1.1.3/32.

    • The routes are used for communications between the enterprise router and VPCs, with the destination set to a large CIDR block and next hop to the enterprise router.

      The route destination must include the CIDR blocks of all VPCs that need to communicate with each other and cannot be used by any other services. In this example, the destination is 172.16.0.0/14, which includes the CIDR blocks of three VPCs, 172.16.0.0/16, 172.17.0.0/16, and 172.18.0.0/16.

    • Routes with the next hop set to the enterprise router are used for communications between the VPCs and enterprise router.

      The route destinations cannot be the CIDR blocks configured for VPC peering connections and are not used to allow communications through VPC peering connections. In this example, the destinations are 172.16.253.0/29, 172.17.253.0/29, and 172.18.253.0/29.

    NOTICE:
    • The routes for temporary communications are necessary to ensure that traffic is not interrupted when original routes added for VPC peering connections are deleted. If you use the migration solution provided in this practice, traffic will not be interrupted. However, if traffic is interrupted in the migration process, contact customer service to evaluate your migration solution.
    • The large CIDR block must include the CIDR blocks of all VPCs that need to communicate with each other. If one large CIDR block cannot include the CIDR blocks of all VPCs, you can configure more large CIDR blocks.
  3. After the migration, delete the routes for verification and temporary communications.
    NOTICE:

    After the migration, you can continue to use the routes with the destination set to the large CIDR block. You can also add routes with destinations that are the same as those of the original routes and then delete the routes with the destination set to the large CIDR block.

Enterprise router route table

Table 3 lists the routes in this route table.

During the migration, add routes that with destinations set to VPC CIDR blocks to allow communications among the enterprise router and VPCs.

If Default Route Table Association and Default Route Table Propagation are enabled for the enterprise router, routes with destinations set to VPC CIDR blocks are automatically added when you attach the VPCs to the enterprise router.

CAUTION:

If the CIDR blocks of VPCs connected by a VPC peering connection overlap, do not enable Default Route Table Propagation for the enterprise router. This function adds routes with entire VPC CIDR blocks as destinations. If VPC CIDR blocks overlap, there will be route conflicts. In this case, you need to manually add routes with next hop set to VPC attachment to the route table of the enterprise router.

Table 2 VPC route table details

VPC

VPC Route Table

Destination

Next Hop Type

Next Hop

Route Type

Route Function

Phase

VPC-A

rtb-vpc-A

172.17.0.0/24

VPC peering connection

peer-AB

Custom

  • Destination: subnet-B01 in VPC-B
  • Connects subnet-A01 to subnet-B01

Before/During migration

172.18.0.0/24

VPC peering connection

peer-AC

Custom

  • Destination: subnet-C01 in VPC-C
  • Connects subnet-A01 to subnet-C01

Before/During migration

1.1.1.1/32

VPC peering connection

peer-AB

Custom

  • Destination: Any IP address that is not used by other services
  • Ensures that traffic flowing through VPC peering connections is not interrupted during the migration.

During migration

172.16.0.0/14

Enterprise router

er-ABC

Custom

  • Destination: A large CIDR block that can include the CIDR blocks of the three VPCs
  • Connects VPC-A to er-ABC

During/After migration

172.17.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-B02 in VPC-B
  • Connects subnet-B02 to er-ABC

During migration

172.18.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-C02 in VPC-C
  • Connects subnet-C02 to er-ABC

During migration

VPC-B

rtb-vpc-B

172.16.0.0/24

VPC peering connection

peer-AB

Custom

  • Destination: subnet-A01 in VPC-A
  • Connects subnet-A01 to subnet-B01

Before/During migration

172.18.0.0/24

VPC peering connection

peer-BC

Custom

  • Destination: subnet-C01 in VPC-C
  • Connects subnet-B01 to subnet-C01

Before/During migration

1.1.1.2/32

VPC peering connection

peer-AB

Custom

  • Destination: Any IP address that is not used by other services
  • Ensures that traffic flowing through VPC peering connections is not interrupted during the migration.

During migration

172.16.0.0/14

Enterprise router

er-ABC

Custom

  • Destination: A large CIDR block that can include the CIDR blocks of the three VPCs
  • Connects VPC-B to er-ABC

During/After migration

172.16.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-A02 in VPC-A
  • Connects subnet-A02 to er-ABC

During migration

172.18.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-C02 in VPC-C
  • Connects subnet-C02 to er-ABC

During migration

VPC-C

rtb-vpc-C

172.16.0.0/24

VPC peering connection

peer-AC

Custom

  • Destination: subnet-A01 in VPC-A
  • Connects subnet-A01 to subnet-C01

Before/During migration

172.17.0.0/24

VPC peering connection

peer-BC

Custom

  • Destination: subnet-B01 in VPC-B
  • Connects subnet-B01 to subnet-C01

Before/During migration

1.1.1.3/32

VPC peering connection

peer-AC

Custom

  • Destination: Any IP address that is not used by other services
  • Ensures that traffic flowing through VPC peering connections is not interrupted during the migration.

During migration

172.16.0.0/14

Enterprise router

er-ABC

Custom

  • Destination: A large CIDR block that can include CIDR blocks of the three VPCs
  • Connects VPC-C to er-ABC

During/After migration

172.16.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-A02 in VPC-A
  • Connects subnet-A02 to er-ABC

During migration

172.17.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-B02 in VPC-B
  • Connects subnet-B02 to er-ABC

During migration

Table 3 Details of the enterprise router route table

Enterprise Router

Route Table

Destination

Next Hop

Attached Resource

Route Type

Route Function

Phase

er-ABC

defaultRouteTable

172.16.0.0/16

er-attach-A

VPC-A

Propagated

  • Destination: VPC-A
  • Connects VPC-A to er-ABC

During/After migration

172.17.0.0/16

er-attach-B

VPC-B

Propagated

  • Destination: VPC-B
  • Connects VPC-B to er-ABC

During/After migration

172.18.0.0/16

er-attach-C

VPC-C

Propagated

  • Destination: VPC-C
  • Connects VPC-C to er-ABC

During/After migration

Resource Planning

Table 4 lists the enterprise router and also resources that are temporarily required and can be deleted after the migration.

NOTE:

The following resource planning details are only examples for your reference. You need to plan resources based on service requirements.

Table 4 Resource planning for replacing VPC peering connections with an enterprise router

Resource

Description

VPC

Table 5 shows details about the required VPCs.
  • Before the migration, there are three VPCs. Each VPC has a subnet that is associated with the default VPC route table.
  • During the migration, create one more subnet that is not used by any services in each VPC. These subnets cannot communicate with each other through VPC peering connections and are used for communications between the VPCs and enterprise router.
  • After the migration, delete the subnets that are used for verifying communications.

VPC peering connection

Table 6 shows details about the required VPC peering connections.

After the migration, delete the VPC peering connections.

ECS

Table 7 shows details about the required ECSs.
  • Before the migration, there are three ECSs that are running services.
  • During the migration, create one more ECS in each verification subnet for communications between the VPCs and enterprise router.
  • After the migration, delete the ECSs in verification subnets.

Enterprise router

The enterprise router and the VPC peering connections are in the same region. Table 8 shows details about the enterprise router.

During the migration, create an enterprise router and three VPC attachments. Table 9 shows details about the VPC attachments.

  • Enable Default Route Table Association and Default Route Table Propagation when you create the enterprise router to automatically add routes.
    CAUTION:

    If the CIDR blocks of VPCs connected by a VPC peering connection overlap, do not enable Default Route Table Propagation for the enterprise router. This function adds routes with entire VPC CIDR blocks as destinations. If VPC CIDR blocks overlap, there will be route conflicts. In this case, you need to manually add routes with next hop set to VPC attachment to the route table of the enterprise router.

  • Do not enable Auto Add Routes when you create the three VPC attachments.

    If this option is enabled, Enterprise Router automatically adds routes (with this enterprise router as the next hop and 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations) to all route tables of the VPC. During the migration, manually add routes with destinations set to the large CIDR block in the VPC route tables.

Table 5 VPC details

VPC

VPC CIDR Block

Subnet

Subnet CIDR Block

Association Route Table

Subnet Is Used to

Phase

VPC-A

172.16.0.0/16

subnet-A01

172.16.0.0/24

Default route table

Deploy services.

During/After migration

subnet-A02

172.16.253.0/29

Default route table

Verify the communications between the VPC and the enterprise router.

During migration

VPC-B

172.17.0.0/16

subnet-B01

172.17.0.0/24

Default route table

Deploy services.

During/After migration

subnet-B02

172.17.253.0/29

Default route table

Verify the communications between the VPC and the enterprise router.

During migration

VPC-C

172.18.0.0/16

subnet-C01

172.18.0.0/24

Default route table

Deploy services.

During/After migration

subnet-C02

172.18.253.0/29

Default route table

Verify the communications between the VPC and the enterprise router.

During migration

Table 6 VPC peering connection details

Connection Name

Local VPC

Peer VPC

Connection Is Used to

Phase

peer-AB

VPC-A

VPC-B

Connect subnet-A01 in VPC-A to subnet-B01 in VPC-B.

Before/During migration

peer-AC

VPC-A

VPC-C

Connect subnet-A01 in VPC-A to subnet-C01 in VPC-C.

Before/During migration

peer-BC

VPC-B

VPC-C

Connect subnet-B01 in VPC-B to subnet-C01 in VPC-C.

Before/During migration

Table 7 ECS details

ECS

VPC

Subnet

Private IP Address

Image

Security Group

ECS Is Used to

Phase

ecs-A01

VPC-A

subnet-A01

172.16.0.139

Public image:

CentOS 8.2 64bit

sg-demo

(general-purpose web server)

Run your workloads.

Before/During/After migration

ecs-A02

VPC-A

subnet-A02

172.16.253.3

Verify the communications between the VPC and the enterprise router.

During migration

ecs-B01

VPC-B

subnet-B01

172.17.0.93

Run your workloads.

Before/During/After migration

ecs-B02

VPC-B

subnet-B02

172.17.253.4

Verify the communications between the VPC and the enterprise router.

During migration

ecs-C01

VPC-C

subnet-C01

172.18.0.220

Run your workloads.

Before/During/After migration

ecs-C02

VPC-C

subnet-C02

172.18.253.5

Verify the communications between the VPC and the enterprise router.

During migration

Table 8 Enterprise router details

Name

ASN

Default Route Table Association

Default Route Table Propagation

Auto Accept Shared Attachments

Association Route Table

Attachment

Phase

er-ABC

64512

Enabled

Enabled

If your VPC CIDR blocks overlap, do not enable this function.

Disabled

If you want to connect VPCs of different accounts using an enterprise router, enable this function. For details, see Sharing Overview.

Default route table

er-attach-A

During/After migration

er-attach-B

er-attach-C

Table 9 VPC attachment details

Name

Type

VPC

Subnet

Auto Add Routes

Phase

er-attach-A

VPC

VPC-A

subnet-A01

Disabled

During/After migration

er-attach-B

VPC-B

subnet-B01

er-attach-C

VPC-C

subnet-C01

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback