Updated on 2024-07-23 GMT+08:00

Overview

Scenario

VPN can be used to enable communication between an on-premises data center and ECSs in a VPC.

Networking

In this example, two VPN connections are set up between an on-premises data center and a VPC to ensure network reliability. If one VPN connection fails, traffic is automatically switched to the other VPN connection, ensuring service continuity.

Figure 1 Networking diagram

Solution Advantages

  • A VPN gateway provides two IP addresses to establish dual independent VPN connections with a customer gateway. If one VPN connection fails, traffic can be quickly switched to the other VPN connection.
  • Active-active VPN gateways can be deployed in different AZs to ensure AZ-level high availability.

Limitations and Constraints

  • The local and customer subnets of the VPN gateway cannot be the same. That is, the VPC subnet and the data center subnet to be interconnected cannot be the same.
  • The IKE policy, IPsec policy, and PSK of the VPN gateway must be the same as those of the customer gateway.
  • The local and remote interface address configurations on the VPN gateway and customer gateway are reversed.
  • The security groups associated with ECSs in the VPC permit access from and to the on-premises data center.