Updated on 2024-10-09 GMT+08:00

Adding a Protected VPC

After configuring a VPC border firewall, you can add a protected VPC.

Step 1: Add VPC Attachments

For details, see Adding VPC Attachments to an Enterprise Router.

To use the enterprise router of account A to protect VPCs under account B, share the router with account B. For details, see Creating a Sharing.

Step 2: Configure Associations and Propagations

  1. In the upper left corner, click and choose Networking > Enterprise Router. Click Manage Route Table.
  2. Configure associations. On the route table configuration page, select the association table, click the Associations tab, and click Create Association. For more information, see Table 1.

    Figure 1 Creating an association
    Table 1 Association parameters

    Parameter

    Description

    Attachment Type

    Select VPC.

    Attachment

    Select an item from the Attachment drop-down list.

    Add at least two associations. An association is required for each protected VPC you add.

    For example, select attachment vpc-1 for VPC1 and vpc-2 for VPC2. To add VPC3 for protection, add an association and select attachment vpc-3.

  3. Configure propagations. Select the propagation route table, click the Propagations tab, and click Create Propagation. For more information, see Table 2.

    Figure 2 Creating a propagation
    Table 2 Propagation parameters

    Parameter

    Description

    Attachment Type

    Select VPC.

    Attachment

    Select an item from the Attachment drop-down list.

    • Add at least two propagations. A propagation is required for each protected VPC you add.

      For example, select attachment vpc-1 for VPC1 and vpc-2 for VPC2. To add VPC3 for protection, add a propagation and select attachment vpc-3.

    • After a propagation is created, its route information will be extracted to the route table of the enterprise router, and a propagation route will be generated. In the same route table, the destinations of different propagation routes may be the same, and cannot be modified or deleted.
    • You can add static routes for the attachments in a route table. The destinations of static routes in a table must be unique, and can be modified or deleted.
    • If a static route and a propagation route in the same route table happen to use the same destination, the static route takes effect first.

Step 3: Modify VPC Route Tables

  1. In the service list, click Virtual Private Cloud under Networking. In the navigation pane, choose Route Tables.
  2. In the Name/ID column, click the route table name of a VPC. The Summary page is displayed.
  3. Click Add Route. For more information, see Table 3.

    Table 3 Route parameters

    Parameter

    Description

    Destination Type

    Select IP address.

    Destination

    The CIDR block that the traffic reaches.

    For example, to protect traffic between two VPCs, set the destination address of the route of VPC1 to the CIDR block of VPC2.

    NOTE:

    The value cannot conflict with existing routes or subnet CIDR blocks in the VPC.

    Next Hop Type

    Select Enterprise Router from the drop-down list.

    Next Hop

    Select a resource for the next hop.

    The enterprise routers you created are displayed in the drop-down list.

    Description

    (Optional) Description of a route.

    NOTE:

    Enter up to 255 characters. Angle brackets (< or >) are not allowed.

    You need to add routes for at least two VPCs. Each time a protected VPC is added, you need to add a route for that VPC.