Help Center> Enterprise Router> Best Practices> Setting Up a Hybrid Cloud Network Using Enterprise Router, VPN, and Direct Connect (Virtual Gateway)> Overview
Updated on 2024-06-27 GMT+08:00
View PDF

Overview

Scenario

Direct Connect establishes a dedicated, secure, and stable network connection between your on-premises data center and VPCs. It can work together with an enterprise router to build a large-scale hybrid cloud network.

VPN establishes a secure, encrypted communication tunnel between your on-premises data center and your VPC. Compared with Direct Connect, VPN is cost-effective and can be quickly deployed.

To ensure high reliability of the hybrid cloud network and reduce costs, you can use Enterprise Router, Direct Connect, and VPN to connect the on-premises data center to the cloud, and use VPN to back up Direct Connect. If a Direct Connect connection becomes faulty, VPN automatically takes over, so there are no service interruptions.

You can share an enterprise router with different accounts to attach VPCs of these accounts to the same enterprise router for communications.

Virtual gateways can be attached to enterprise routers in the following regions: CN North-Beijing4, CN East-Shanghai1, CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.

Architecture

To improve the reliability of the hybrid cloud network, your enterprise uses both Direct Connect and VPN connections to connect your on-premises data center to the VPCs. The Direct Connect connection works as the active connection and a VPN connection works as the standby one. If the active connection becomes faulty, the standby connection automatically takes over, which eliminates network interruptions.
  • Two VPCs (VPC 1 and VPC 2), and the Direct Connect virtual gateway are attached to the enterprise router. VPC1 and VPC 2 can communicate with each other and communicate with the on-premises data center over the Direct Connect connection.
  • A VPN gateway is also attached to the enterprise router. If the Direct Connect connection becomes faulty, VPC 1 and VPC 2 can communicate with the on-premises data center over the VPN connection.
Figure 1 Network diagram of Direct Connect and VPN connections working in an active/standby pair

Advantages

An enterprise router enables automatic switchover between active and standby Direct Connect and VPN connections. This prevents service loss and reduces maintenance costs.

Notes and Constraints

The CIDR blocks of the VPCs and of the on-premises data center cannot overlap.