Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
Software Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
Help Center/ Enterprise Switch/ Best Practices/ Enabling Communications Between an On-Premises Data Center and the Cloud Using an Enterprise Switch/ Server-based Migration to the Cloud Without Business Interruption (VPN + Enterprise Switch)
Updated on 2024-10-25 GMT+08:00

Server-based Migration to the Cloud Without Business Interruption (VPN + Enterprise Switch)

Architecture

The simulated scenario is described as follows:

  • AP-Singapore: is used to simulate an on-premises data center. Workloads of department A are running on the ECSs with IP addresses 10.0.1.131 and 10.0.1.8 in subnet-1. The two ECSs form a cluster to provide services.
  • CN-Hong Kong: is used to simulate the cloud. On-premises workloads of department A will be migrated to the ECS with IP address 10.0.1.8 on the cloud.
The migration solution is as follows:
  1. Use VPN and an enterprise switch to connect subnets in AP-Singapore and CN-Hong Kong at Layer 2 and migrate the ECS with IP address 10.0.1.8 from the on-premises subnet to the cloud subnet.
  2. Delete the ECS with IP address 10.0.1.8 in the data center after the migration. The ECS with IP address 10.0.1.131 in the data center and the ECS with IP address 10.0.1.8 on the cloud can communicate with each other.
Figure 1 Networking of migration using enterprise switches (VPN + Enterprise Switch)

Resource and Cost Planning

Table 1 Resource and cost planning

Region

Resource

Resource Name

Description

Quantity

CN-Hong Kong:

Huawei Cloud (Local)

VPC

vpc- hongkong

CIDR block: 10.0.0.0/16

1

Subnet

subnet-1

CIDR block: 10.0.1.0/24

Layer 2 connection subnet on Huawei Cloud. ECS in the on-premises data center will be migrated to this subnet.

2

subnet-5

CIDR block: 10.0.5.0/24

This is the tunnel subnet on Huawei Cloud, used by the VPN.

ECS

ecs- hongkong-8

Private IP address: 10.0.1.21

ECS on Huawei Cloud. Its IP address is changed from 10.0.1.21 to 10.0.1.8 after migration.

1

VPN

vpn- hongkong

  • Local subnet: subnet-5
  • Remote gateway: 119.3.121.173. This is the local gateway of the VPN in AP-Singapore.
  • Remote subnet: 10.0.3.0/24. This is the subnet of the VPN in AP-Singapore.

1

Enterprise switch

l2cg- hongkong

  • Tunnel connection: VPN
  • Connection gateway: vpngw-hongkong
  • Tunnel subnet: subnet-5

1

Layer 2 connection

l2conn- hongkong

  • Tunnel IP address: 10.0.5.196
  • Tunnel VNI: 1000

1

AP-Singapore

On-premises data center (Remote)

VPC

vpc- singapore

CIDR block: 10.0.0.0/16

1

Subnet

subnet-1

CIDR block: 10.0.1.0/24

Layer 2 connection subnet that the ECS to be migrated in the on-premises data center is located.

2

subnet-3

CIDR block: 10.0.3.0/24

Tunnel subnet in the on-premises data center. VPN is located in this subnet.

ECS

ecs- singapore-131

Private IP address: 10.0.1.131

ECS in the on-premises data center

2

ecs- singapore-8

Private IP address: 10.0.1.8

ECS to be migrated in the on-premises data center

VPN

vpn- singapore

  • Local subnet: subnet-3
  • Remote gateway: 139.9.20.226. This is the local gateway of the VPN in CN-Hong Kong.
  • Remote subnet: 10.0.5.0/24. This is the subnet of the VPN in CN-Hong Kong.

1

Enterprise switch

l2cg- singapore

  • Tunnel connection: VPN
  • Connection gateway: vpngw-singapore
  • Tunnel subnet: subnet-3

1

Layer 2 connection

l2conn- singapore

  • Tunnel IP address: 10.0.3.131
  • Tunnel VNI: 1000

1

Step 1: Create VPCs and Subnets

  1. Log in to the Huawei Cloud management console and select the AP-Singapore region.
  2. Choose Networking > Virtual Private Cloud, and click Create VPC.
  3. Configure a VPC in AP-Singapore based on Resource and Cost Planning and click Create Now.

    • Region: AP-Singapore
    • Name: vpc-singapore
    • IPv4 CIDR Block: 10.0.0.0/16
    • Name: subnet-1
    • IPv4 CIDR Block: 10.0.1.0/24
    • Click Add Subnet.
      • Name: subnet-3
      • IPv4 CIDR Block: 10.0.3.0/24
    • For parameters not mentioned, retain their default values or configure them as prompted.

  4. View the created VPC in the VPC list.

  5. Click Create VPC, configure the VPC in CN-Hong Kong based on Resource and Cost Planning, and click Create Now.

    • Region: CN-Hong Kong
    • Name: vpc-hongkong
    • IPv4 CIDR Block: 10.0.0.0/16
    • Name: subnet-1
    • IPv4 CIDR Block: 10.0.1.0/24
    • Click Add Subnet.
      • Name: subnet-5
      • IPv4 CIDR Block: 10.0.5.0/24
    • For parameters not mentioned, retain their default values or configure them as prompted.

  6. View the created VPC in the VPC list.

Step 2: Create ECSs

  1. Under Compute, select Elastic Cloud Server. On the Elastic Cloud Server page displayed, click Buy ECS.
  2. Buy an ECS in AP-Singapore based on Resource and Cost Planning and click Next: Configure Network.

    • Billing Mode: Pay-per-use
    • Region: AP-Singapore
    • Specifications: Select based on service requirements. This practice uses c6.large.2 as an example.
    • Image: Select Public image. This practice uses CentOS 8.0 as an example.
    • For parameters not mentioned, retain their default values or configure them as prompted.

  3. Configure the ECS network and click Next: Configure Advanced Settings.

    • Network: Select vpc-singapore, Manually specify IP address, and set the IP address.
    • Security Group: Select Sys-FullAccess. This practice uses a security group that allows all inbound and outbound traffic. You can select a security group based on service requirements.
    • EIP: Not required
    • For parameters not mentioned, retain their default values or configure them as prompted.

  4. Set the ECS name and password, and click Next: Confirm.

    • ECS Name: ecs-singapore-131
    • Login Mode: Select Password and enter a password.
    • For parameters not mentioned, retain their default values or configure them as prompted.

  5. Confirm the ECS information, agree to the agreement, and click Submit.
  6. In the ECS list, locate the row that contains the ECS and click Remote Login in the Operation column. In the displayed dialog box, click Log In under Other Login Modes.

  7. Log in to the ECS as user root and check whether the private IP address of the ECS is the one you planned:

    ifconfig

  8. Repeat 1 to 7 to create ecs-singapore-8 (10.0.1.8) in AP-Singapore and ecs-hongkong-8 (10.0.1.8) in CN-Hong Kong.

  9. Log in to ecs-singapore-131 as user root and run the following command to check whether the ECSs in the subnet can communicate with each other:

    ping 10.0.1.8

Step 3: Create VPN

  1. Choose Networking > Virtual Private Network, click VPN Gateways and then Buy VPN Gateway.
  2. Configure all required parameters based on Resource and Cost Planning and click Buy Now.

    • VPN gateway
      • Billing Mode: Pay-per-use
      • Region: AP-Singapore
      • VPC: vpc-singapore
      • Billed By: Traffic
    • VPN connection
      • Name: vpn-singapore
      • Local Subnet: subnet-3
      • Remote Gateway: Enter 1.1.1.1. Change this value to that of the gateway in CN-Hong Kong after it is created.
      • Remote Subnet: Enter 10.0.5.0/24, the subnet in CN-Hong Kong.
      • PSK: Enter a PSK. Make a note of the PSK, which will be used when you create a VPN connection in CN-Hong Kong.
    • For parameters not mentioned, retain their default values or configure them as prompted.

  3. Confirm the settings and click Buy Now.
  4. On the VPN Connections tab, make a note of the local gateway and local subnet, which will be used when creating a VPN gateway in CN-Hong Kong.

  5. Repeat 1 to 4 to create a VPN in CN-Hong Kong. The key parameters are as follows:

    • VPN gateway
      • Billing Mode: Pay-per-use
      • Region: CN-Hong Kong
      • VPC: vpngw-hongkong
      • Billed By: Traffic
    • VPN connection
      • Name: vpn-hongkong
      • Local Subnet: subnet-5
      • Remote Gateway: Enter 119.3.121.173, the gateway in AP-Singapore.
      • Remote Subnet: Enter 10.0.3.0/24, the local subnet in AP-Singapore.
      • PSK: Enter the PSK that is the same as the one when creating the VPN gateway in AP-Singapore.
    • For parameters not mentioned, retain their default values or configure them as prompted.

  6. On the VPN Connections tab, make a note of the local gateway for changing the value of the remote gateway of the VPN gateway in AP-Singapore.

  7. Switch to the AP-Singapore region, go to the VPN console, locate the row that contains vpn-singapore, choose More > Modify, change the value of Remote Gateway to the value of Local Gateway of vpn-hongkong, and click OK.

  8. Submit a service ticket to check whether your VPN connection supports VXLAN interconnection with an enterprise switch. If your connection does not support this, contact the VPN service to enable the interconnection.

    A VPN has been configured for the subnets in AP-Singapore and CN-Hong Kong and the VPN status is not connected. The VPN takes effect only when there are traffic requests between the two subnets.

Step 4: Buy Enterprise Switch

  1. On the console homepage, choose Networking > Enterprise Switch.

    The enterprise switch page is displayed.

  2. In the upper right corner of the page, click Buy.

    The page for buying an enterprise switch is displayed.

  3. Configure parameters and click Next.

    • Region: AP-Singapore
    • Tunnel Connection: VPN
    • Connection Gateway: vpngw-singapore
    • Tunnel Subnet: subnet-3
    • Name: l2cg-singapore
    • For parameters not mentioned, retain their default values or configure them as prompted.

  4. This operation takes about 6 minutes. Make a note of the local tunnel IP address (10.0.3.131) of l2cg-singapore.

    During the creation, refresh the page.

  5. Repeat 1 to 3 to create an enterprise switch in CN-Hong Kong. Configure the parameters as follows:

    • Region: CN-Hong Kong
    • Tunnel Connection: VPN
    • Connection Gateway: vpngw-hongkong
    • Tunnel Subnet: subnet-5
    • Name: l2cg-hongkong
    • For parameters not mentioned, retain their default values or configure them as prompted.

  6. This operation takes about 6 minutes. Make a note of the local tunnel IP address (10.0.5.196) of l2cg-hongkong.

    During the creation, refresh the page.

  7. On the l2cg-hongkong tab, click Create Connection, configure Remote Access Information, and click Create.

    • Tunnel VNI: 1000
    • Tunnel IP Address: Enter 10.0.3.131, the local tunnel IP address of l2cg-singapore.
    • Name: l2conn-hongkong
    • For parameters not mentioned, retain their default values or configure them as prompted.

  8. This operation takes about 2 minutes. When the status changes to Connected, the Layer 2 connection in CN-Hong Kong is successfully created.

    During the creation, refresh the page.

  9. On the l2cg-singapore tab, click Create Connection, configure Remote Access Information, and click Create.

    • Tunnel VNI: 1000
    • Tunnel IP Address: Enter 10.0.5.196, the local tunnel IP address of l2cg-hongkong.
    • Name: l2conn-singapore
    • For parameters not mentioned, retain their default values or configure them as prompted.

  10. This operation takes about 2 minutes. When the status changes to Connected, the Layer 2 connection in AP-Singapore is successfully created.

    During the creation, refresh the page.

Step 5: Migrate an On-Premises Server to the Cloud

  1. Migrate ecs-singapore-8 (10.0.1.8) from AP-Singapore to ecs-hongkong-8 (10.0.1.21) in CN-Hong Kong.

    For details, see Server Migration Service Quick Start.

  2. Check whether ecs-singapore-131 (10.0.1.131) in AP-Singapore and ecs-hongkong-8 (10.0.1.21) in CN-Hong Kong can communicate at Layer 2.

    1. Choose Compute > Elastic Cloud Server and switch to the AP-Singapore region.
    2. Log in to ecs-singapore-131.

      Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.

      In this example, use VNC provided on the management console to log in to an ECS.

    3. Run the following command to check whether ecs-singapore-131 can access ecs-hongkong-8:

      ping 10.0.1.21

    4. Choose Compute > Elastic Cloud Server and switch to the CN-Hong Kong region.
    5. Log in to ecs-hongkong-8.

      Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.

      In this example, use VNC provided on the management console to log in to an ECS.

    6. Run the following command to check whether ecs-hongkong-8 can access ecs-singapore-131:

      ping 10.0.1.131

Step 6: Changing the IP Address of the ECS on the Cloud

  1. Choose Compute > Elastic Cloud Server and switch to the AP-Singapore region.
  2. Locate the row that contains ecs-singapore-8 (10.0.1.8), click More in the Operation column, and click Stop.
  3. Choose Compute > Elastic Cloud Server and switch to the CN-Hong Kong region.
  4. Locate the row that contains ecs-hongkong-8 (10.0.1.21), click More in the Operation column, and click Stop.
  5. Stop ecs-hongkong-8 and choose More > Manage Network > Modify Private IP.

    Change the private IP address of ecs-hongkong-8 from 10.0.1.21 to 10.0.1.8.

Step 7: Verify Network Communication Between Cloud and On-premises Servers

  1. Choose Compute > Elastic Cloud Server and switch to the AP-Singapore region.
  2. Locate the row that contains ecs-singapore-8 (10.0.1.8), click More in the Operation column, choose Delete and release its EIP and data disks.

    This is to delete the on-premises server after its workloads are migrated to the cloud.

  3. Log in to ecs-singapore-131 (10.0.1.131).

    Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.

    In this example, use VNC provided on the management console to log in to an ECS.

  4. Run the following command to check whether ecs-singapore-131 can access ecs-hongkong-8:

    ping 10.0.1.8

    If information similar to the following is displayed, the two ECSs can communicate with each other.

  5. Choose Compute > Elastic Cloud Server and switch to the CN-Hong Kong region.
  6. Log in to ecs-hongkong-8 (10.0.1.8).

    Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.

    In this example, use VNC provided on the management console to log in to an ECS.

  7. Run the following command to check whether ecs-hongkong-8 can access ecs-singapore-131:

    ping 10.0.1.131

    If information similar to the following is displayed, the two ECSs can communicate with each other.

  8. Choose Networking > Virtual Private Network and switch to the AP-Singapore or CN-Hong Kong region. The VPN connection status changes to normal.

    On-premises and cloud servers can communicate at Layer 2 and workloads can be migrated on a server basis without interrupting services.