Connecting Edge Nodes to IEF Through Direct Connect or VPN

Scenario

If an edge node cannot access IEF through a public network, it can connect to HUAWEI CLOUD Virtual Private Cloud (VPC) through Direct Connect or Virtual Private Network (VPN), and then connect VPC to IEF through the private and secure channel provided by a VPC endpoint.

Connection Solution

Before deploying applications on an edge node, ensure that the edge node can communicate with IEF, SWR and OBS. If the edge node cannot connect to IEF through a public network, connect the edge node to Huawei Cloud VPC through VPN or Direct Connect, and then enable VPC to access IEF, SWR and OBS through VPC endpoints. Figure 1 shows the connection solution.

To connect edge nodes to IEF, you need to create the following three endpoints.

• ief-placement: for managing and upgrading edge nodes
• ief-edgeaccess: for sending messages between edge nodes and cloud services
• ief-telemetry: for uploading monitoring data and logs on edge nodes

To connect edge nodes to SWR, you need to create one endpoint. To connect edge nodes to OBS, you need to create an OBS endpoint and a DNS endpoint. (OBS can only be accessed through the domain name when the OBS address is dynamically resolved by DNS.)

Figure 1 Connecting edge nodes to IEF through Direct Connect or VPN

Procedure

1. Create a VPC.

   For details, see Creating a VPC.

   You can also use an existing VPC.

   

   The VPC CIDR block cannot overlap the IDC CIDR block.

2. Connect the edge node to a VPC through Direct Connect or VPN.

   For details, visit the following links:

   • VPN: https://support.huaweicloud.com/intl/en-us/qs-vpn/en-us_topic_0133627788.html
   • Direct Connect: https://support.huaweicloud.com/intl/en-us/qs-dc/en-us_topic_0145790541.html

3. Create IEF endpoints to enable the connection between the edge node and IEF.

   You need to create three endpoints: ief-placement, ief-edgeaccess, and ief-telemetry. The procedure is as follows:

   1. Log in to the VPC Endpoint console and click Buy VPC Endpoint in the upper right corner.
   2. Select the IEF endpoints and VPC.
      Figure 2 Creating IEF endpoints
      
   3. Click Next, confirm the information, and click Submit.

4. Create an SWR endpoint so that the edge node can pull container images from SWR.
   The procedure is the same as that of creating IEF endpoints.

   Figure 3 Creating an SWR endpoint
   

5. Create DNS and OBS endpoints for edge nodes to access OBS.

   For details, see Accessing OBS.

6. Add the hosts configuration for the edge node.

   Query the four IP addresses of IEF and SWR endpoints and add them in the /etc/hosts file of the edge node.

   Figure 4 Querying IP addresses of the endpoints
   

   Open the /etc/hosts file and add the IP addresses at the end of the file so that the domain names for accessing IEF and SWR point to the IP addresses of the corresponding endpoints.

   

   Change the IP addresses and domain names based on the site requirements. The IP addresses are the ones obtained in the preceding step, and the domain names vary depending on the region. For details, see Domain Name.

   192.168.2.20	ief2-placement.cn-north-1.myhuaweicloud.com
   192.168.2.142	ief2-edgeaccess.cn-north-1.myhuaweicloud.com
   192.168.2.106   ief2-telemetry.cn-north-1.myhuaweicloud.com
   192.168.2.118   swr.cn-north-1.myhuaweicloud.com

7. Register the edge node and use IEF to manage the edge node. For details, see Edge Node Overview.

Domain Name

ief-edgeaccess of the platinum edition has an independent address, which is the value of Access Domain on the Dashboard page of the IEF console.