Huawei Cloud Network Service Overview
Huawei Cloud provides various network services to help you build secure and scalable networks on the cloud, connect cloud and on-premises networks in a high-speed and reliable way, and connect your on-premises data center to the Internet.
Virtual Private Cloud (VPC)
A VPC is logically isolated, configurable, and manageable virtual network for cloud servers, cloud containers, and cloud databases. It improves resource security and simplifies network deployment on the cloud.
Each VPC consists of a private CIDR block, route tables, and at least one subnet. When you create a VPC, you need to specify a CIDR block for the VPC and the system automatically generates a default route table for the VPC. All resources in a VPC must be deployed on subnets. The default route table ensures that all subnets in the VPC can communicate with each other.
VPC can work together with other network services for more flexible network connectivity.
- Connecting to the Internet
Resources in a VPC can communicate with the Internet through elastic IP addresses (EIPs). You can also use a NAT gateway to enable resources in a VPC to share an EIP.
- Connecting a VPC and an on-premises network
Direct Connect, Enterprise Switch, or VPN can be used to connect a VPC to an on-premises data center.
- Connecting VPCs
A VPC peering connection enables communication between two VPCs in the same region.
Cloud Connect enables high-speed and stable communication between VPCs in different regions.
For details about VPC, see What Is Virtual Private Cloud?
Elastic IP (EIP)
The EIP service enables your cloud resources to communicate with the Internet using static public IP addresses and scalable bandwidths. EIPs can be bound to or unbound from ECSs, BMSs, virtual IP addresses, load balancers, and NAT gateways.
You can also purchase the following for your EIPs:
- Shared bandwidth
Shared bandwidth allows ECSs, BMSs, and load balancers that are bound with EIPs in the same region to share the same bandwidth.
- Shared data package
A shared data package provides a quota for data usage. Shared data packages take effect immediately after your purchase. If you have subscribed to pay-per-use EIPs billed by traffic in a region and buy a shared data package in the same region, the EIPs will use the shared data package. After the package quota is used up or the package expires, the EIPs will continue to be billed on a pay-per-use basis.
- Bandwidth add-on package
A bandwidth add-on package is used to temporarily increase the maximum bandwidth of a yearly/monthly EIP.
For details about EIP, see What Are EIPs?
NAT Gateway
Public NAT gateway
Public NAT gateways provide network address translation (NAT) with 20 Gbit/s of bandwidth for servers in a VPC, such as ECSs, Bare Metal Servers (BMSs), and Workspace desktops, or for servers that connect to a VPC through Direct Connect or VPN in on-premises data centers, allowing these servers to share EIPs to access the Internet or to provide services accessible from the Internet.
NAT gateways provide source NAT and destination NAT functions.
- Source NAT (SNAT)
SNAT translates private IP addresses into EIPs, allowing servers in a VPC to share an EIP to access the Internet in a secure and efficient way.
- Destination NAT (DNAT)
DNAT enables servers in a VPC to share an EIP to provide services accessible from the Internet through IP address mapping or port mapping.
Private NAT gateway
Private NAT gateways provide network address translation (NAT) for servers, such as ECSs, BMSs, and Workspace desktops, in a VPC, and allow multiple servers to share a private IP address to access or provide services accessible from an on-premises data center or a remote VPC.
A private NAT gateway translates IP addresses between your VPC and your on-premises data center or another VPC, allowing you to keep legacy networks unchanged after migrating some of your workloads to the cloud.
Private NAT gateways support SNAT and DNAT.
- SNAT allows multiple servers across AZs in a VPC to share the transit IP address to access an on-premises data center or a remote VPC.
- DNAT enables servers that share the same transit IP address in a VPC to provide services accessible from an on-premises data center or a remote VPC through IP address or port mapping.
For details, see What Is NAT Gateway?
Elastic Load Balance (ELB)
ELB automatically distributes incoming traffic across multiple backend servers based on configured listening rules. ELB expands the capacities of your applications and improves their availability by eliminating single points of failure (SPOFs).
For details, see What Is ELB?
Direct Connect
Direct Connect allows you to establish a dedicated network connection between your on-premises data center and a VPC. With Direct Connect, you can easily build a secure and reliable hybrid cloud.
Direct Connect establishes a dedicated connection, and your data will not be transferred over the Internet.
You can connect your data center to the cloud using either type of connection:
- Standard connection
You have more than one connection terminated at different locations. These connections work as a backup for each other, improving the reliability of connections. If you can select only one carrier due to special requirements, you must configure different physical routes.
A standard connection provides an exclusive port. You can create standard connections on the management console.
- Hosted connection
You request a connection from a partner who has a line terminated at the Direct Connect location that is nearby to your on-premises data center.
You share the port with others.
For details, see What Is Direct Connect?
VPN
VPN establishes a secure, encrypted communication tunnel between your data center and your VPC. With VPN, you can connect to a VPC and access the resources deployed there.
Different from Direct Connect, VPN establishes an encrypted tunnel that transfers data over the Internet.
Enterprise Switch
Enterprise switches enable Layer 2 networking for VPCs, helping you to connect cloud and on-premises networks that are highly reliable, in a large scale, and of high performance.
Currently, enterprise switches only support Layer 2 connection gateways (L2CGs). An L2CG is a virtual tunnel gateway that can work with Direct Connect or VPN to establish network communications between cloud and on-premises networks at Layer 2. The gateway allows you to migrate workloads in data centers or private clouds to the cloud without changing subnets and IP addresses.
Cloud Connect
Cloud Connect allows you to quickly build high-quality networks that can connect VPCs across regions and work with Direct Connect to connect VPCs and on-premises data centers. With Cloud Connect, you can build a globally connected cloud network with enterprise-class scalability and communications capabilities.
VPC Endpoint (VPCEP)
The VPCEP service provides secure and private channels to connect your VPC to VPC endpoint services (cloud services or your private services) without having to use EIPs.
VPCEP applies to the following scenarios:
- Access to your private services in a VPC through a VPC endpoint service
You can create a VPC endpoint service to allow your services provided by ELB, ECS, and BMS in a VPC to be accessible.
A service consumer uses a VPC endpoint to access the endpoint service.
- Access to cloud services from a VPC through a VPC endpoint
You can create a VPC endpoint to access the VPC endpoint services.
- Access to cloud services from an on-premises data center through a VPC endpoint and VPN or Direct Connect
VPN or Direct Connect can work together with a VPC endpoint to allow access to cloud services, such as OBS, DNS, and SWR, from an on-premises data center.
VPC Peering
By default, VPCs cannot communicate with each other. A VPC peering connection enables two VPCs in the same region to communicate with each other using private IP addresses as if they were in the same VPC. You can create a VPC peering connection between your own VPCs, or between your VPC and a VPC of another account within the same region. A VPC peering connection between VPCs in different regions will not take effect.
For details, see VPC Peering Connection Overview and VPC Peering Connection Configuration Plans.
For details about the differences between VPC peering connections and VPC endpoints, see What Are the Differences Between VPC Endpoints and VPC Peering Connections?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot