Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
On this page

Network and Resource Planning

Updated on 2025-02-27 GMT+08:00
Plan the network and required resources before, during, and after the migration.
  • Network Planning: Plan the VPC and enterprise router route tables.
  • Resource Planning: Plan the quantity, names, and parameters of cloud resources, such as cloud connection, central network, global connection bandwidth, ECS, and enterprise router.

Network Planning

During the migration, you need to add routes to the VPC and enterprise router route tables. For details, see Table 1.

The following figures show the network in different phases.

NOTE:

The routes in the figures are only examples for your reference. You need to plan routes based on service requirements.

Figure 1 Networking diagram before migration (cross-region VPC connectivity established using a cloud connection)
Figure 2 Networking diagram after migration (cross-region VPC connectivity established using enterprise routers and a central network)
Table 1 Network planning details

Route Table

Description

VPC route tables

Table 2 lists all the routes in the route tables.
  1. Before the migration, there are routes pointing to the cloud connection in the VPC route tables. The routes are used for communications between VPCs over the cloud connection.
  2. During the migration, to prevent route conflicts, you need to add routes in each VPC route table:
    1. A route is used for communications between the VPC and the enterprise router in the same region, with the destination set to a large CIDR block and next hop to the enterprise router.

      The route destination must include the VPC CIDR block and cannot be used by other services. In this example, the large CIDR block is 192.168.0.0/14, which includes three VPC CIDR blocks: 192.168.0.0/16, 192.169.0.0/16, and 192.170.0.0/16.

      NOTICE:

      The large CIDR block must include the CIDR blocks of all VPCs that need to communicate with each other. If one large CIDR block cannot include all VPC CIDR blocks, you can configure more large CIDR blocks.

    2. A route is used to verify that the VPCs can communicate with each other through the central network and enterprise routers. After the verification is complete, the route can be deleted.

      The route destination can be the IP address of an ECS in the VPC to be connected.

  3. During the migration, when you remove a VPC from the cloud connection, the route pointing to the cloud connection will be deleted from the corresponding VPC route table.
    NOTICE:

    After the migration, you can continue to use the routes with the destination set to the large CIDR block. You can also add routes with destinations that are the same as those of the original routes and then delete the routes with the destination set to the large CIDR block.

Enterprise router route tables

Table 3 lists all the routes in the route tables.

During the migration, add routes pointing to peering connection attachments in each enterprise router route table to forward traffic between VPCs through the enterprise routers and central network.

When a central network is set up to connect the enterprise routers, you must enable Default Route Table Association and Default Route Table Propagation for the enterprise routers. In this way, when an instance is added to an enterprise router, a route pointing to the attachment will be automatically added for the enterprise router.

Cloud connection route table

Table 4 lists the routes in the cloud connection route table.

After the migration is complete, the routes will be deleted when you delete the cloud connection.

Table 2 VPC route tables

VPC

Route Table

Destination

Next Hop Type

Next Hop

Route Type

Description

Phase

VPC-A

rtb-vpc-A

192.169.0.0/24

Cloud connection

CC-A-B-C

System

The route is destined for a subnet of VPC-B and is used to connect VPC-B using the cloud connection.

  • Before migration
  • During migration

192.170.0.0/24

Cloud connection

CC-A-B-C

System

The route is destined for a subnet of VPC-C and is used to connect VPC-C using the cloud connection.

  • Before migration
  • During migration

192.168.0.0/14

Enterprise router

ER-A

Custom

The route is destined for a large CIDR block and is used for VPC communications through the central network and enterprise routers.

  • During migration
  • After migration

192.169.0.148/32

Enterprise router

ER-A

Custom

The route is destined for an ECS in VPC-B to check whether VPC-A can communicate with VPC-B through the enterprise routers and central network.

During migration

192.170.0.131/32

Enterprise router

ER-A

Custom

The route is destined for an ECS in VPC-C to check whether VPC-A can communicate with VPC-C through the enterprise routers and central network.

During migration

VPC-B

rtb-vpc-B

192.168.0.0/24

Cloud connection

CC-A-B-C

System

The route is destined for a subnet of VPC-A and is used to connect VPC-A using the cloud connection.

  • Before migration
  • During migration

192.170.0.0/24

Cloud connection

CC-A-B-C

System

The route is destined for a subnet of VPC-C and is used to connect VPC-C using the cloud connection.

  • Before migration
  • During migration

192.168.0.0/14

Enterprise router

ER-B

Custom

The route is destined for a large CIDR block and is used for VPC communications through the central network and enterprise routers.

  • During migration
  • After migration

192.168.0.37/32

Enterprise router

ER-B

Custom

The route is destined for an ECS in VPC-A to check whether VPC-B can communicate with VPC-A through the enterprise routers and central network.

During migration

192.170.0.131/32

Enterprise router

ER-B

Custom

The route is destined for an ECS in VPC-C to check whether VPC-B can communicate with VPC-C through the enterprise routers and central network.

During migration

VPC-C

rtb-vpc-C

192.168.0.0/24

Cloud connection

CC-A-B-C

System

The route is destined for a subnet of VPC-A and is used to connect VPC-A using the cloud connection.

  • Before migration
  • During migration

192.169.0.0/24

Cloud connection

CC-A-B-C

System

The route is destined for a subnet of VPC-B and is used to connect VPC-B using the cloud connection.

  • Before migration
  • During migration

192.168.0.0/14

Enterprise router

ER-C

Custom

The route is destined for a large CIDR block and is used for VPC communications through the central network and enterprise routers.

  • During migration
  • After migration

192.168.0.37/32

Enterprise router

ER-C

Custom

The route is destined for an ECS in VPC-A to check whether VPC-C can communicate with VPC-A through the enterprise routers and central network.

During migration

192.169.0.148/32

Enterprise router

ER-C

Custom

The route is destined for an ECS in VPC-B to check whether VPC-C can communicate with VPC-B through the enterprise routers and central network.

During migration

Table 3 Enterprise router route tables

Enterprise Router

Route Table

Destination

Next Hop

Attached Resource

Route Type

Description

Phase

ER-A

defaultRouteTable

192.168.0.0/16

er-attach-VPC-A

VPC-A

Propagated

The route is destined for the CIDR block of VPC-A and is used for communications between VPC-A and enterprise router ER-A.

  • During migration
  • After migration

192.169.0.0/16

region-A-region-B

ER-B

Propagated

The route is destined for the CIDR block of VPC-B and is used for VPC communications through the central network and enterprise routers.

  • During migration
  • After migration

192.170.0.0/16

region-A-region-C

ER-C

Propagated

The route is destined for the CIDR block of VPC-C and is used for VPC communications through the central network and enterprise routers.

  • During migration
  • After migration

ER-B

defaultRouteTable

192.169.0.0/16

er-attach-VPC-B

VPC-B

Propagated

The route is destined for the CIDR block of VPC-B and is used for communications between VPC-B and enterprise router ER-B.

  • During migration
  • After migration

192.168.0.0/16

region-B-region-A

ER-A

Propagated

The route is destined for the CIDR block of VPC-A and is used for VPC communications through the central network and enterprise routers.

  • During migration
  • After migration

192.170.0.0/16

region-B-region-C

ER-C

Propagated

The route is destined for the CIDR block of VPC-C and is used for VPC communications through the central network and enterprise routers.

  • During migration
  • After migration

ER-C

defaultRouteTable

192.170.0.0/16

er-attach-VPC-C

VPC-C

Propagated

The route is destined for the CIDR block of VPC-C and is used for communications between VPC-C and enterprise router ER-C.

  • During migration
  • After migration

192.168.0.0/16

region-C-region-A

ER-A

Propagated

The route is destined for the CIDR block of VPC-A and is used for VPC communications through the central network and enterprise routers.

  • During migration
  • After migration

192.169.0.0/16

region-C-region-B

ER-B

Propagated

The route is destined for the CIDR block of VPC-B and is used for VPC communications through the central network and enterprise routers.

  • During migration
  • After migration
Table 4 Cloud connection route table

Cloud Connection

Destination

Network Instance

Description

Phase

CC-A-B-C

192.168.0.0/16

VPC-A

The route is destined for a subnet of VPC-A and is used to connect VPC-A using the cloud connection.

  • Before migration
  • During migration

192.169.0.0/16

VPC-B

The route is destined for a subnet of VPC-B and is used to connect VPC-B using the cloud connection.

  • Before migration
  • During migration

192.170.0.0/16

VPC-C

The route is destined for a subnet of VPC-C and is used to connect VPC-C using the cloud connection.

  • Before migration
  • During migration

Resource Planning

During the migration, you need to create cloud resources such as enterprise routers, a central network, and global connection bandwidths. After the migration is complete, you can delete the cloud connection. Table 5 describes all required resources in this practice.

NOTE:

The following resource planning details are only examples for your reference. You need to plan resources based on service requirements.

Table 5 Resource planning details

Resource

Quantity

Description

Phase

VPC

3

Three service VPCs are required for running workloads.

  • Name: Set it based on site requirements. In this example, the names are as follows:
    • Region A: VPC-A
    • Region B: VPC-B
    • Region C: VPC-C
  • IPv4 CIDR block: The CIDR blocks of VPCs must be unique. Plan the CIDR blocks based on site requirements. In this example, the CIDR blocks are as follows:
    • VPC-A: 192.168.0.0/16
    • VPC-B: 192.169.0.0/16
    • VPC-C: 192.170.0.0/16
  • Subnet: The subnet CIDR blocks that need to communicate with each other must be unique. Plan the subnets based on site requirements. In this example, the subnets are as follows:
    • subnet-A01: 192.168.0.0/24
    • subnet-B01: 192.169.0.0/24
    • subnet-C01: 192.170.0.0/24
  • Before migration
  • During migration
  • After migration

Enterprise router

3

An enterprise router is required in each region. The VPC in each region is attached to the corresponding enterprise router, and a peering connection attachment is created between every two enterprise routers.

  • Name: Set it based on site requirements. In this example, the names are as follows:
    • Region A: ER-A
    • Region B: ER-B
    • Region C: ER-C
  • ASN: Set different ASNs for enterprise routers. In this example, the ASNs are as follows:
    • ER-A: 64512
    • ER-B: 64513
    • ER-C: 64514
  • Default Route Table Association: Enable
  • Default Route Table Propagation: Enable
  • Auto Accept Shared Attachments: Set it based on site requirements. In this example, this option is enabled.
  • Attachment: Three attachments are required for each enterprise router. In this example, the attachments are as follows:
    ER-A
    • VPC attachment er-attach-VPC-A: connects the network between VPC-A and ER-A.
    • Peering connection attachment region-A-region-B: connects the network between ER-A and ER-B.
    • Peering connection attachment region-A-region-C: connects the network between ER-A and ER-C.
    ER-B
    • VPC attachment er-attach-VPC-B: connects the network between VPC-B and ER-B.
    • Peering connection attachment region-B-region-A: connects the network between ER-B and ER-A.
    • Peering connection attachment region-B-region-C: connects the network between ER-B and ER-C.
    ER-C
    • VPC attachment er-attach-VPC-C: connects the network between VPC-C and ER-C.
    • Peering connection attachment region-C-region-A: connects the network between ER-C and ER-A.
    • Peering connection attachment region-C-region-B: connects the network between ER-C and ER-B.
NOTICE:
  • When a central network is set up to connect the enterprise routers, you must enable Default Route Table Association and Default Route Table Propagation for the enterprise routers.
  • Do not enable Auto Add Routes when you create the VPC attachment.

    If this option is enabled, Enterprise Router automatically adds routes (with this enterprise router as the next hop and 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations) to all route tables of the VPC. During the migration, manually add routes with destinations set to the large CIDR block in the VPC route table.

  • During migration
  • After migration

Cloud connection

1

One cloud connection is required, and the three VPCs are loaded to it.

  • Name: Set it based on site requirements. In this example, CC-A-B-C is used.
  • Scenario: VPC
  • Load the three VPCs to the created cloud connection:
    • Region A: VPC-A
    • Region B: VPC-B
    • Region C: VPC-C
  • Before migration
  • During migration

Central network

1

A central network is required, and the three enterprise routers are added to it as attachments.
  • Name: Set it based on site requirements. In this example, GCN-A-B-C is used.
  • Policy:
    • Region A: enterprise router ER-A
    • Region B: enterprise router ER-B
    • Region C: enterprise router ER-C
  • Cross-site connection bandwidths: You are advised to set the bandwidths the same as original bandwidths. You can also change the bandwidths based on site requirements.
    • Region A-Region B: 10 Mbit/s
    • Region A-Region C: 5 Mbit/s
    • Region B-Region C: 20 Mbit/s
  • During migration
  • After migration

Global connection bandwidth

3

Three global connection bandwidths are required to connect the cloud backbone networks in different regions.

  • Name: Set it based on site requirements. In this example, the names are as follows:
    • Global connection bandwidth for communications between region A and region B: bandwidth-A-B
    • Global connection bandwidth for communications between region A and region C: bandwidth-A-C
    • Global connection bandwidth for communications between region B and region C: bandwidth-B-C
  • Bandwidth Type: Set it based on site requirements. In this example, select Geographic-region because the three regions are in the same geographic region.
  • Geographic region: Set it based on site requirements. In this example, select Chinese Mainland.
  • Connect regions: Select the regions based on site requirements.
  • During migration
  • After migration

ECS

3

Create an ECS in each VPC to verify network connectivity.
  • Name: Set it based on site requirements. In this example, the names are as follows:
    • Region A: ECS-A
    • Region B: ECS-B
    • Region C: ECS-C
  • Image: Select an image based on site requirements. In this example, a public image (CentOS 7.9 64bit) is used.
  • Network: Select the VPC and subnet based on site requirements. In this example, the VPCs and subnets are as follows:
    • ECS-A: VPC-A, subnet-A01
    • ECS-B: VPC-B, subnet-B01
    • ECS-C: VPC-C, subnet-C01
  • Security Group: Select a security group based on site requirements. In this example, the security group sg-demo uses a general-purpose web server template.
  • Private IP addresses:
    • ECS-A: 192.168.0.37
    • ECS-B: 192.169.0.148
    • ECS-C: 192.170.0.131
  • Before migration
  • During migration
  • After migration

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback