Overview

Application Scenarios

Direct Connect establishes a dedicated, secure, and stable network connection between your on-premises data center and VPC. It can work together with an enterprise router to build a large-scale hybrid cloud network.

VPN establishes a secure, encrypted communication tunnel between your data center and your VPC. Compared with Direct Connect, VPN is cost-effective and can be quickly deployed.

To achieve high reliability of hybrid cloud networking and control costs, you can attach both Direct Connect and VPN connections to an enterprise router to enable the connections to work in an active and standby way. If the active connection is faulty, services are automatically switched to the standby one, reducing the risk of service interruptions.

For details, see Enterprise Router Service Overview.

Architecture

To improve the reliability of a hybrid cloud networking, an enterprise uses both Direct Connect and VPN connections to connect VPCs to the on-premises data center. The Direct Connect connection works as the active connection and the VPN connection works as the standby one. If the active connection is faulty, services are automatically switched to the standby one, reducing the impact of network interruptions on services.

VPC 1, VPC 2, and the Direct Connect connection are attached to the enterprise router. VPC1 and VPC 2 can communicate with each other. They communicate with the on-premises data center through the Direct Connect connection.
The VPN connection is also attached to the enterprise router. If the Direct Connect connection is faulty, VPC 1 and VPC 2 can communicate with the data center through the VPN connection.

Figure 1 Network diagram of Direct Connect and VPN connections working in active/standby mode

Advantages

An enterprise router allows automatic switchover between active and standby Direct Connect and VPN connections. You do not need to manually switch between them. This prevents service loss and reduces maintenance costs.