Help Center/ Cloud Connect/ Getting Started/ Using a Cloud Connection to Connect VPCs in the Same Region and Account
Updated on 2025-05-30 GMT+08:00
View PDF
Share

Using a Cloud Connection to Connect VPCs in the Same Region and Account

Connect the VPCs in the same account and the same region using a cloud connection.

For details about the regions where cloud connections are available, see Region Availability.

Solution Architecture

Two VPCs in the same region need to communicate with each other.

You need to create a cloud connection and load both VPCs to the cloud connection.

Figure 1 Communication between VPCs in the same account and same region

Network and Resource Planning

To use a cloud connection to connect VPCs in the same region, you need to:
  • Plan CIDR blocks for VPCs and subnets.
  • Plan the quantity, names, and main parameters of cloud resources, including VPCs and ECSs.

Planning the Network

Figure 2 and Table 1 show the network planning and description for communication between VPCs in the same region.

Figure 2 Network planning for communication between VPCs in the same region
Table 1 Network planning for communication between VPCs in the same region

Resource

Description

VPCs
  • The CIDR blocks of the VPCs to be connected cannot overlap with each other.

    Overlapping VPC CIDR blocks will cause route conflicts. If the VPCs have overlapping CIDR blocks, you need to modify the CIDR blocks.

  • Each VPC comes with a default route table that has the default IPv4 local route, which enables subnets in the VPC to communicate with each other.

ECSs

In this example, two ECSs are deployed in the same VPC and region.

An ECS can be only associated with a security group in the same region as the ECS. This means the two ECSs in this example can be associated with the same or different security groups in their region.

  • Same security group: The two ECSs can communicate with each other by default and no further network configuration is required.
  • Different security groups: You need to add the inbound rules in Table 4 to allow access to each other. For more information about security groups, see Security Group and Security Group Rule Overview.

Planning Resources

The VPCs and ECSs must be in the same region, but they can be in different AZs.

The following resource details are only for your reference. You can modify them if needed.

  • Table 2 describes the two VPCs in detail. Their CIDR blocks cannot overlap with each other.
    Table 2 VPC details

    VPC

    VPC CIDR Block

    Subnet Name

    Subnet CIDR Block

    Route Table

    vpc-A01

    192.168.0.0/16

    subnet-A01

    192.168.1.0/24

    Default route table

    vpc-A02

    172.16.0.0/16

    subnet-A02

    172.16.1.0/24

    Default route table
  • Table 3 describes the two ECSs in detail, with each ECS in a VPC.
    Table 3 ECS details

    ECS Name

    Image

    VPC

    Subnet

    Security Group

    Private IP Address

    ECS-A01

    Public image: Huawei Cloud EulerOS 2.0 Standard Edition

    vpc-A01

    subnet-A01

    Sg-A:

    (general-purpose web server)

    192.168.1.88

    ECS-A02

    vpc-A02

    subnet-A02

    172.16.1.122
  • Security group rules: If the two ECSs are in different security groups (Sg-A and Sg-B), you need to add rules to the security groups to allow traffic between the ECSs.
    Set Source to the security group of the two ECSs to allow mutual access.
    Table 4 Security group rules (security group as the source)

    Security Group

    Direction

    Action

    Type

    Protocol & Port

    Source

    Description

    Sg-A

    Inbound

    Allow

    IPv4

    All

    Sg-B

    Allows instances in Sg-B to access those in Sg-A over any IPv4 protocol and port.

    Sg-B

    Inbound

    Allow

    IPv4

    All

    Sg-A

    Allows instances in Sg-A to access those in Sg-B over any IPv4 protocol and port.

Procedure

Table 5 Communication between VPCs in the same account and region

Step

What to Do

Preparations

Before using cloud services, sign up for a HUAWEI ID, enable Huawei Cloud services, complete real-name authentication, and top up your account.

Step 1: Create a Cloud Connection

Create a cloud connection for connecting the VPCs.

Step 2: (Optional) Create VPCs and ECSs

Create VPCs and ECSs in the same region using the same account. If you already have VPCs and ECSs, skip this step.

Step 3: Load Network Instances

Load the VPCs to the cloud connection based on your network plan.

Step 4: Verify Network Connectivity

Log in to the ECSs and verify the network connectivity between VPCs.

Preparations

Before creating a cloud connection, you need to sign up for a HUAWEI ID, enable Huawei Cloud services, complete real-name authentication, and top up your account. Ensure that your account has sufficient balance.

  1. Sign up for a HUAWEI ID, enable Huawei Cloud services, and complete real-name authentication.
    If you already have a HUAWEI ID, skip this part. If you do not have a HUAWEI ID, perform the following operations to create one:
    1. Sign up for a HUAWEI ID and enable Huawei Cloud services.
    2. Complete real-name authentication.
  2. Top up your account.

    Ensure that your account has sufficient balance. For details about how to top up an account, see Topping up an Account.

Step 1: Create a Cloud Connection

  1. Go to the Cloud Connections page.
  2. In the upper right corner of the page, click Create Cloud Connection.
  3. Configure the parameters based on Table 6.
    Figure 3 Creating a cloud connection
    Table 6 Parameters for creating a cloud connection

    Parameter

    Example Value

    Description

    Name

    cc-test

    Specifies the cloud connection name.

    The name can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.

    Enterprise Project

    default

    Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.

    Scenario

    VPC

    VPC: VPCs or virtual gateways can use this cloud connection.

    Tag

    -

    Identifies the cloud connection. A tag consists of a key and a value. You can add 20 tags to a cloud connection.

    NOTE:

    If a predefined tag has been created on Tag Management Service (TMS), you can directly select the corresponding tag key and value.

    For details about predefined tags, see Predefined Tags.

    Description

    -

    Provides supplementary information about the cloud connection.

    The description can contain no more than 255 characters.
  4. Click OK.

Step 2: (Optional) Create VPCs and ECSs

Perform the following operations to create VPCs and ECSs. If you already have VPCs and ECSs, skip this step.

Constraints

  • The CIDR blocks of the VPCs to be connected cannot overlap with each other.

    Overlapping VPC CIDR blocks will cause route conflicts. If the VPCs have overlapping CIDR blocks, you need to modify the CIDR blocks.

  • Two ECSs in this example are in the same security group. If the ECSs are in different security groups, add rules to the security groups to allow access to each other by referring to Table 4.

Procedure

  1. Create two VPCs with subnets.

    For details, see Creating a VPC.

    For the details about VPCs and subnets in this example, see Table 2.

  2. Create two ECSs.

    For details, see Purchasing a Custom ECS.

    For details about the ECSs in this example, see Table 3.

Step 3: Load Network Instances

Load the VPCs that need to communicate with each other to the cloud connection created in the previous step.

  1. Go to the Cloud Connections page.
  2. Click the cloud connection name (for example, cc-test) to go to the Basic Information tab.
  3. Click the Network Instances tab.
  4. Click Load Network Instance.
  5. Configure the parameters based on Table 7 and click OK.
    Figure 4 Loading vpc-A01 in the account
    Table 7 Parameters for loading network instances in the same account

    Parameter

    Example Value

    Description

    Account

    Current account

    Specifies the account that provides the network instance.

    Region

    CN Southwest-Guiyang1

    Specifies the region where the VPC you want to connect is located.

    Instance Type

    VPC

    Specifies the type of the network instance that needs to be loaded to the cloud connection. There are two options:

    • VPC
    • Virtual gateway

    VPC

    vpc-A01

    Specifies the VPC you want to load to the cloud connection.

    This parameter is mandatory if you have set Instance Type to VPC.

    VPC CIDR Block

    subnet-A01

    Specifies the subnets in the VPC and custom CIDR blocks.

    If you have set Instance Type to VPC, you need to configure the following two parameters:

    • Subnet: Select one or more subnets in the VPC.
    • Other CIDR Block: Add one or more custom CIDR blocks as needed.

    Remarks

    -

    Provides supplementary information about the network instance.
  6. In the displayed dialog box, click Continue Loading. Then, click to load vpc-A02 in the same region and the account.
    Figure 5 Loading vpc-A02 in the same account

Step 4: Verify Network Connectivity

Log in to each ECS and verify the network connectivity between VPCs.

  1. Log in to ECS-A01.

    Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.

    In this example, use VNC provided on the management console to log in to the ECSs.

  2. Ping the other ECS to verify the network connectivity between VPCs.

    ping <private-IP-address-of-ECS-A02>

    Example command:

    ping 172.16.1.122

    If the following information is displayed, vpc-A01 and vpc-A02 are connected.