Connecting Specific ECSs from Different VPCs
Scenarios
If your VPCs with the same CIDR block also include subnets that overlap, you can configure VPC peering connections that connect specific ECSs from these VPCs.
Scenario |
Scenario Description |
IP Address Version |
Networking Configuration |
Related Reference |
---|---|---|---|---|
ECS in a central VPC peered to ECSs in two other VPCs |
You want a central VPC to communicate with the other two VPCs. However, you do not want the other two VPCs to communicate with each other. The other two VPCs have the same CIDR block and also include subnets that overlap. To prevent route conflicts in the central VPC, you can configure VPC peering connections to connect to specific ECSs in the other two VPCs. |
IPv4 |
ECS in a Central VPC Peered to ECSs in Two Other VPCs (IPv4) |
|
A central VPC peered with two other VPCs using longest prefix match |
This scenario is similar to the preceding one. In addition to peering specific ECSs, you can create the following VPC peering connections based on the longest prefix match rule:
This configuration expands the communication scope. |
IPv4 |
A Central VPC Peered with Two Other VPCs Using Longest Prefix Match (IPv4) |
Notes and Constraints
- If the ECSs in VPCs connected by a VPC peering connections are in different security groups, you need to add rules to the security groups to allow access to each other. For details, Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network.
In all examples in this section, the ECSs in local and peer VPCs are in the same security group. No additional security group rule is required.
- All route tables in a VPC can contain a maximum of 1,000 routes. If you want to establish VPC peering connections between multiple VPCs, consider this restriction when planning networking.
- In a VPC route table, the route priority is as follows:
- Local route: A route that is automatically added by the system for communication within a VPC. It has a higher priority than a custom route.
- Custom route: A route added by a user or routes that are delivered during instance creation. It uses the longest prefix match rule to find a destination for packet forwarding.
Figure 1 VPC route table
ECS in a Central VPC Peered to ECSs in Two Other VPCs (IPv4)
You want to create a VPC peering connection between VPC-A and VPC-B, and between VPC-A and VPC-C. VPC-B and VPC-C have matching CIDR blocks. You can set the destinations of routes to private IP addresses of specific ECSs to limit traffic to these ECSs. If the destination of a route is not properly planned, traffic cannot be correctly forwarded. For details, see One Central VPC Peered to Overlapping Subnets from Two VPCs (IPv4).
![](https://support.huaweicloud.com/intl/en-us/bestpractice-vpc/en-us_image_0000001209442636.png)
VPC Name |
VPC CIDR Block |
Subnet Name |
Subnet CIDR Block |
VPC Route Table |
ECS Name |
Security Group |
Private IP Address |
---|---|---|---|---|---|---|---|
VPC-A |
172.16.0.0/16 |
Subnet-A01 |
172.16.0.0/24 |
rtb-VPC-A |
ECS-A01-1 |
sg-web: general-purpose web server |
172.16.0.111 |
ECS-A01-2 |
172.16.0.218 |
||||||
VPC-B |
10.0.0.0/16 |
Subnet-B01 |
10.0.0.0/24 |
rtb-VPC-B |
ECS-B01 |
10.0.0.139 |
|
VPC-C |
10.0.0.0/16 |
Subnet-C01 |
10.0.0.0/24 |
rtb-VPC-C |
ECS-C01 |
10.0.0.71 |
Peering Relationship |
Peering Connection Name |
Local VPC |
Peer VPC |
---|---|---|---|
ECS-A01-1 in VPC-A is peered with ECS-B01 in VPC-B. |
Peering-AB |
VPC-A |
VPC-B |
ECS-A01-2 in VPC-A is peered with ECS-C01 in VPC-C. |
Peering-AC |
VPC-A |
VPC-C |
After the VPC peering connections are created, add the following routes to the route tables of the local and peer VPCs:
Route Table |
Destination |
Next Hop |
Route Type |
Description |
---|---|---|---|---|
rtb-VPC-A |
172.16.0.0/24 |
Local |
System |
Local routes are automatically added for communications within a VPC. |
10.0.0.139/32 (ECS-B01) |
Peering-AB |
Custom |
Add a route with the private IP address of ECS-B01 as the destination and Peering-AB as the next hop. |
|
10.0.0.71/32 (ECS-C01) |
Peering-AC |
Custom |
Add a route with the private IP address of ECS-C01 as the destination and Peering-AC as the next hop. |
|
rtb-VPC-B |
10.0.0.0/24 |
Local |
System |
Local routes are automatically added for communications within a VPC. |
172.16.0.111/32 (ECS-A01-1) |
Peering-AB |
Custom |
Add a route with the private IP address of ECS-A01-1 as the destination and Peering-AB as the next hop. |
|
rtb-VPC-C |
10.0.0.0/24 |
Local |
System |
Local routes are automatically added for communications within a VPC. |
172.16.0.218/32 (ECS-A01-2) |
Peering-AC |
Custom |
Add a route with the private IP address of ECS-A01-2 as the destination and Peering-AC as the next hop. |
A Central VPC Peered with Two Other VPCs Using Longest Prefix Match (IPv4)
You want to create a VPC peering connection between VPC-A and VPC-B, and between VPC-A and VPC-C. VPC-B and VPC-C have matching CIDR blocks. You can set the destinations of routes to private IP addresses of specific ECSs to limit traffic to these ECSs. If the destination of a route is not properly planned, traffic cannot be correctly forwarded. For details, see One Central VPC Peered to Overlapping Subnets from Two VPCs (IPv4).
![](https://support.huaweicloud.com/intl/en-us/bestpractice-vpc/en-us_image_0000001254121069.png)
VPC Name |
VPC CIDR Block |
Subnet Name |
Subnet CIDR Block |
VPC Route Table |
ECS Name |
Security Group |
Private IP Address |
---|---|---|---|---|---|---|---|
VPC-A |
172.16.0.0/16 |
Subnet-A01 |
172.16.0.0/24 |
rtb-VPC-A |
ECS-A01 |
sg-web: general-purpose web server |
172.16.0.111 |
Subnet-A02 |
172.16.1.0/24 |
rtb-VPC-A |
ECS-A02 |
172.16.1.91 |
|||
VPC-B |
10.0.0.0/16 |
Subnet-B01 |
10.0.0.0/24 |
rtb-VPC-B |
ECS-B01 |
10.0.0.139 |
|
VPC-C |
10.0.0.0/16 |
Subnet-C01 |
10.0.0.0/24 |
rtb-VPC-C |
ECS-C01 |
10.0.0.71 |
Peering Relationship |
Peering Connection Name |
Local VPC |
Peer VPC |
---|---|---|---|
VPC-A is peered with ECS-B01 in VPC-B. |
Peering-AB |
VPC-A |
VPC-B |
VPC-A is peered with VPC-C. |
Peering-AC |
VPC-A |
VPC-C |
After the VPC peering connections are created, add the following routes to the route tables of the local and peer VPCs:
Route Table |
Destination |
Next Hop |
Route Type |
Description |
---|---|---|---|---|
rtb-VPC-A |
172.16.0.0/24 |
Local |
System |
Local routes are automatically added for communications within a VPC. |
172.16.1.0/24 |
Local |
System |
||
10.0.0.139/32 (ECS-B01) |
Peering-AB |
Custom |
Add a route with the private IP address of ECS-B01 as the destination and Peering-AB as the next hop. |
|
10.0.0.0/16 (VPC-C) |
Peering-AC |
Custom |
Add a route with the CIDR block of VPC-C as the destination and Peering-AC as the next hop. |
|
rtb-VPC-B |
10.0.0.0/24 |
Local |
System |
Local routes are automatically added for communications within a VPC. |
172.16.0.0/16 (VPC-A) |
Peering-AB |
Custom |
Add a route with the CIDR block of VPC-A as the destination and Peering-AB as the next hop. |
|
rtb-VPC-C |
10.0.0.0/24 |
Local |
System |
Local routes are automatically added for communications within a VPC. |
172.16.0.0/16 (VPC-A) |
Peering-AC |
Custom |
Add a route with the CIDR block of VPC-A as the destination and Peering-AC as the next hop. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot