Network and Resource Planning

To attach both Direct Connect connections to an enterprise router to allow them to work in load balancing mode, you need:

Network Planning: Plan CIDR blocks of VPCs and their subnets, Direct Connect connections, and enterprise router, as well as the routes of these resources.
Resource Planning: Plan the quantity, name, and other parameters of cloud resources, such as VPC, Direct Connect connection, and enterprise router.

Network Planning

Figure 1 shows the hybrid cloud network that you set up using two Direct Connect connections that work in load balancing mode.

Figure 1 Hybrid cloud network that you set up using an enterprise router, two Direct Connect connections, and two global DC gateways

Two Direct Connect connections work in load balancing mode and connect the on-premises data center to the VPCs. Table 1 describes the network traffic flows in detail.

**Table 1** Network traffic flows
Path	Description
Request traffic: from VPC-A to the on-premises data center	In the route table of VPC-A, there are routes with the next hop set to the enterprise router to forward traffic from VPC-A to the enterprise router. In the route table of the enterprise router, there are routes with the next hop set to the global DC gateway DGW-A attachment to forward traffic from the enterprise router to the global DC gateway. There are two routes with the next hop set to DGW-A. The destination of one route is 172.16.1.0/24, which is the on-premises network CIDR block. The destination of the other route is 10.0.0.0/30, which is the gateway address of virtual interface VIF-A. Th next hops of the routes destined for 172.16.1.0/24 are DGW-A and DGW-B. The two routes are equal-cost routes for load balancing. Traffic is sent over the connection selected based on the hash algorithm. In this example, connection DC-A with global DC gateway DGW-A is selected. Virtual interface VIF-A is connected to global DC gateway DGW-A. Traffic from the global DC gateway is forwarded to the connection through the remote gateway of the virtual interface. Traffic is forwarded to the on-premises data center over connection DC-A.
Response traffic: from the on-premises data center to VPC-A	Traffic is forwarded to virtual interface VIF-B over connection DC-B. In the on-premises data center, there are also two equal-cost routes that point to the cloud and are used for load balancing. Traffic is returned over the connection selected based on the hash algorithm. In this example, DC-B associated with global DC gateway DGW-B is selected. Virtual interface VIF-B is associated with global DC gateway DGW-B. Traffic from the virtual interface is forwarded to the global DC gateway through the local gateway of the virtual interface. Traffic is forwarded from the global DC gateway DGW-B attachment to the enterprise router. In the route table of the enterprise router, there is a route with the next hop set to the VPC-A attachment to forward traffic from the enterprise router to VPC-A.

**Table 2** Network planning details
Cloud Service/Resource	Description
VPC	A VPC is required to run your workloads and needs to be attached to the enterprise router. The CIDR blocks of the VPC and of the on-premises data center cannot overlap. The VPC has a default route table. Table 3 lists the routes in the default VPC route table. Three routes to fixed CIDR blocks: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. If Auto Add Routes is enabled when the VPC is attached to the enterprise router, static routes will be automatically configured in the VPC route table. If more than one VPC is attached to an enterprise router, traffic from one VPC to other VPCs can be forwarded to the enterprise router over these routes, and then to the next-hop network instance through the enterprise router. A route to the on-premises network: In addition to the automatically-added routes to the three VPC CIDR blocks, you need to add a route whose destination is the on-premises network CIDR block (172.16.1.0/24 in this example) and next hop is the enterprise router in the VPC route table. Traffic from the VPC is forwarded to the enterprise router and then to the next-hop network instance through the enterprise router. NOTICE: If an existing route in the VPC route table has a destination to 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16, the route that points to each CIDR block will fail to be added. In this case, do not enable Auto Add Routes. After the attachment is created, manually add the routes.
Direct Connect	Two connections work in load balancing mode. Both connections link your on-premises data center to the cloud. Each connection has a global DC gateway associated, and both global DC gateways are attached to the enterprise router. A virtual interface is required for connecting each global DC gateway to the connection. The two virtual interfaces work in load balancing mode.
Enterprise Router	After Default Route Table Association and Default Route Table Propagation are enabled and an attachment is created, Enterprise Router will automatically: VPC Associate the VPC attachment with the default route table of the enterprise router. Propagate the VPC attachment to the default route table of the enterprise router. The route table automatically learns the VPC CIDR block as the destination of the route. For details, see Table 4. Direct Connect Associate the two global DC gateway attachments with the default route table of the enterprise router. Propagate the global DC gateway attachments to the default route table of the enterprise router. The route table automatically learns the route information of the global DC gateway attachments. For details, see Table 4.
Route policy	If the on-premises BGP routes learned by the enterprise router through two global DC gateway attachments are equal-cost routes, load balancing is automatically implemented, and you do not need to create a route policy. In this example, the routes with 172.16.1.0/24 as the destination and DGW-A and DGW-B as the next hops are equal-cost routes. If the on-premises BGP routes learned by the enterprise router through two global DC gateway attachments are not equal-cost routes, load balancing cannot be implemented. In this case, you need to associate a route policy with the propagation of the two global DC gateway attachments. After the AS_Path is replaced, the routes from the enterprise router to the on-premises data center through the two global DC gateways will work as equal-cost routes. For this to work, you need to add two nodes to the route policy: Node 1 has a higher priority and matches BGP routes. The AS_Path of matched BGP routes is replaced with the BGP ASN of the global DC gateways. Node 2 has a lower priority and matches all routes, ensuring normal communication through non-BGP routes. For details, see Route Policies. NOTICE: Replace the AS_Path of the routes. The same AS_Path may cause network loops. Before configuring a route policy, check your network plan.
ECS	An ECS is deployed in the VPC to verify communications between the cloud and the on-premises data center. If you have multiple ECSs that are associated with different security groups, you need to add rules to the security groups to allow network access.
On-premises data center	Two equal-cost routes from the on-premises data center to the enterprise router for load balancing.

**Table 3** VPC route table
Destination	Next Hop	Route Type
Fixed CIDR block: 10.0.0.0/8	Enterprise router	Static route (custom)
Fixed CIDR block: 172.16.0.0/12	Enterprise router	Static route (custom)
Fixed CIDR block: 192.168.0.0/16	Enterprise router	Static route (custom)
On-premises network CIDR block: 172.16.1.0/24	Enterprise router	Static route (custom)

**Table 4** Enterprise router route table
Destination	Next Hop	Route Type
VPC-A CIDR block: 192.168.0.0/16	VPC-A attachment: er-attach-vpc-A	Propagated
VIF-A gateway: 10.0.0.0/30	DGW-A attachment: er-attach-dgw-A	Propagated
VIF-B gateway: 10.1.0.0/30	DGW-B attachment: er-attach-dgw-B	Propagated
On-premises network CIDR block: 172.16.1.0/24	Two equal-cost routes for the two connections to work in load balancing mode: DGW-A attachment: er-attach-dgw-A DGW-B attachment: er-attach-dgw-B	Propagated

Resource Planning

One enterprise router, two Direct Connect connections, one VPC, and one ECS are in the same region but can be in different AZs.

The following resource details are only examples. You can modify them if needed.

**Table 5** Details of required resources
Resource	Quantity	Description
VPC	1	A VPC is required to run your workloads and needs to be attached to the enterprise router. VPC name: Set it based on site requirements. In this example, VPC-A is used. VPC IPv4 CIDR block: The CIDR block must be different from that of the on-premises data center. Set it based on site requirements. In this example, 192.168.0.0/16 is used. Subnet name: Set it based on site requirements. In this example, subnet-A01 is used. Subnet IPv4 CIDR block: The CIDR block must be different from the on-premises network CIDR block. Set it based on site requirements. In this example, 192.168.0.0/24 is used.
Enterprise router	1	Name: Set it based on site requirements. In this example, ER-X is used. ASN: The ASN of the enterprise router cannot be the same as that of the on-premises data center. It is recommended that you set the ASN of the enterprise router to a value different from that of the global DC gateway. 64512 has been reserved for the global DC gateway. In this example, the ASN of the enterprise router is 64513. Default Route Table Association: Enable Default Route Table Propagation: Enable Auto Accept Shared Attachments: Set it based on site requirements. In this example, enable this option. Three attachments on the enterprise router: VPC-A attachment: er-attach-vpc-A DGW-A connection: er-attach-dgw-A DGW-B attachment: er-attach-dgw-B
Route policy	1	If the on-premises BGP routes learned by the enterprise router through two global DC gateway attachments are not equal-cost routes, load balancing cannot be implemented. If this happens, you need to configure a route policy and associate it with two global DC attachments. For this to work, you need to add two nodes to the route policy: Node 1 has a higher priority. The AS_Path of BGP routes is replaced, so the routes learned by the enterprise router through the two global DC gateway attachments can work as equal-cost routes. Node Number: A node with a smaller node number is executed first. The node number of node 1 must be smaller than that of node 2. Set it to 10. Action: Set it to Allow. Match Condition: Select Route type and then BGP. Policy Value 1: Select AS_Path. Action: Select Replace. The value of Replace must be the same as the BGP ASN of the global DC gateways. In this example, the value is 64512. Node 2 has a lower priority and matches all routes, ensuring normal communication through non-BGP routes. Node Number: Set a value greater than that of node 1. In this example, set it to 20. Action: Set it to Allow. Leave other parameters blank, indicating that other routes that do not match node 1 can match node 2. This ensures that the route policy allows all routes.
Direct Connect	2	Two connections are required. In this example, the two connections are DC-A and DC-B.
		A global DC gateway is required for each connection. Name: Set it based on site requirements. In this example, DGW-A and DGW-B are used. BGP ASN: It is recommended that you specify an ASN different from that of the enterprise router. In this example, it is set to 64512. IP Address Family: Set this parameter based on site requirements. In this example, it is set to IPv4.
		Two virtual interfaces are required. Name: In this example, the two virtual interfaces are VIF-A and VIF-B. Virtual Interface Priority: Select Preferred for both virtual interfaces, indicating that load balancing will be implemented. Connection: In this example, virtual interface VIF-A is associated with connection DC-A, and virtual interface VIF-B is associated with connection DC-B. Global DC Gateway: In this example, global DC gateway DGW-A is associated with virtual interface VIF-A, and DGW-B associated with VIF-B. Local Gateway: In this example, the local gateway IP address range for virtual interface VIF-A is 10.0.0.1/30, and that for VIF-B is 10.1.0.1/30. Remote Gateway: In this example, the remote gateway IP address range for virtual interface VIF-A is 10.0.0.2/30, and that for VIF-B is 10.1.0.2/30. Remote Subnet: In this example, the on-premises network CIDR block is 172.16.1.0/24. Routing Mode: Select BGP. BGP ASN: ASN of the on-premises data center, which must be different from the ASN of the global DC gateways on the cloud. In this example, 64555 is used.
ECS	1	An ECS is required in the VPC for verifying connectivity. ECS Name: Set it based on site requirements. In this example, ecs-A is used. Image: Select an image based on site requirements. In this example, a public image (CentOS 8.2 64bit) is used. Network VPC: Select the service VPC. In this example, select VPC-A. Subnet: Select the subnet that communicates with the on-premises data center. In this example, the subnet is subnet-A01. Security Group: Select a security group based on site requirements. In this example, the security group sg-demo uses a general-purpose web server template. Private IP address: 192.168.0.137

The two Direct Connect connections work in load balancing mode. To prevent network loops and form equal-cost routes, the ASN of the two global DC gateways must be the same. In this example, the ASN is 64512.
The ASN of the enterprise router cannot be the same as that of the on-premises data center. It is recommended that you set the ASN of the enterprise router to a value different from that of the global DC gateway. 64512 has been reserved for the global DC gateway. In this example, the ASN of the enterprise router is 64513.
The ASN of the on-premises data center must be different from that used on the cloud. Set this ASN of the on-premises data center based on site requirements. In this example, 64555 is used.

Parent topic: Setting Up a Hybrid Cloud Network Using Enterprise Router and a Pair of Direct Connect Connections (Global DC Gateway)

Previous topic: Overview

Next topic: Process of Setting Up a Hybrid Cloud Network Using Enterprise Router and a Pair of Direct Connect Connections (Global DC Gateway)

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot