Help Center/ ModelArts/ ModelArts User Guide (Lite Cluster)/ Using Lite Cluster Resources/ Cross-Region Access from Lite Cluster to Other Services
Updated on 2025-11-18 GMT+08:00
View PDF
Share

Cross-Region Access from Lite Cluster to Other Services

Scenario

When you use a dedicated resource pool to create a job, such as a training job, you can use Cloud Connect to implement cross-region data access if the job needs to access established site services or data across regions.

For details about the regions where cloud connections are available, see Region Availability.

Solution Architecture

An enterprise creates a Lite Cluster resource pool in the CN North-Ulanqab1 region of Huawei Cloud account A, and sets up site services or data in the CN Southwest-Guiyang1 region. The Lite Cluster resource pool in the CN North-Ulanqab1 region needs to access data or services in the CN Southwest-Guiyang1 region.

To connect the two VPCs in different accounts, the company needs to create a cloud connection and load the VPCs to the cloud connection.

Figure 1 Cross-region access of resource pools

Network planning:

  • The CIDR blocks of the VPCs cannot overlap. If the CIDR blocks overlap, there will be route conflicts. Ensure that the CIDR block of VPC-B does not overlap with that of VPC-A, and does not overlap with the service or container CIDR block of the Kubernetes cluster in the resource pool. You can log in to the CCE console, and query the service and container CIDR blocks of the Kubernetes cluster in the network information of the cluster details.
  • Ensure that the security group can be accessed. In this example, the inbound direction of the security group of ECS-B01 must allow traffic from the CIDR block of VPC-A.

Prerequisites

  • You have created cross-region ECSs to be connected and configured security group rules. For details, see Purchasing ECS. In this example, the inbound direction of the security group of ECS-B01 must allow traffic from the CIDR block of VPC-A.

  • For details, see Creating a VPC.

Creating a Cloud Connection

Create a cloud connection in account A.

  1. Go to the Cloud Connections page.
  2. In the upper right corner of the page, click Create Cloud Connection.
  3. Configure the parameters based on Table 1.
    Table 1 Parameters for creating a cloud connection

    Parameter

    Description

    Example

    Name

    Specifies the cloud connection name.

    The name can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.

    cc-test

    Enterprise Project

    Selects an enterprise project by which cloud resources and members are centrally managed.

    default

    Application

    VPC: VPCs or virtual gateways can use this cloud connection.

    VPC

    Tag

    Identifies the cloud connection. A tag consists of a key and a value. You can add up to 20 tags to a cloud connection.

    NOTE:

    If a predefined tag has been created in TMS, you can select the corresponding tag key and value.

    For details about predefined tags, see Predefined Tags.

    -

    Description

    Provides supplementary information about the cloud connection.

    The value can contain 0 to 255 characters.

    -
  4. Click OK.

Loading a Network Instance to a Cloud Connection

Load the VPCs that need to communicate with each other to the cloud connection you have created.

  • A network instance can only be loaded to one cloud connection.
  • If a VPC is loaded, the associated virtual gateway cannot be loaded.

In this example, log in to the console as account A and take the following steps to load VPC-A and VPC-B to cloud connection cc-test:

Load VPC-A in account A to cc-test.

  1. Go to the Cloud Connections page.
  2. Click the name of the cloud connection to go to the Basic Information tab.
  3. Click the Network Instances tab.
  4. Click Load Network Instance.
    Configure the parameters based on Table 2 and click OK.
    Table 2 Parameters for loading network instances in the same account to the cloud connection

    Parameter

    Description

    Example

    Account

    Specifies the account that provides the network instance.

    Current account

    Region

    The region where the VPC is located.

    CN North-Ulanqab1

    Instance Type

    Type of the network instance that needs to be loaded to the cloud connection. The value can be:

    • VPC
    • Virtual gateway

    VPC

    VPC

    The VPC that needs to be loaded to the cloud connection for interconnection.

    This parameter is mandatory when Instance Type is set to VPC.

    VPC-A

    VPC CIDRs

    The subnets of the VPC you want to load and the CIDR blocks

    If you have set Instance Type to VPC, configure the following two parameters:

    • Subnet
    • Other CIDR Block: Add one or more custom CIDR blocks as needed.

    Subnet-A

    Remarks

    Provides supplementary information about the network instance.

    -

Then, load VPC-B in account A.

  1. Go to the Cloud Connections page.
  2. Click the name of the cloud connection to go to the Basic Information tab.
  3. Click the Network Instances tab.
  4. Click Load Network Instance. In the displayed dialog, select Peer account.

    Configure the parameters based on Table 3 and click OK.

    Table 3 Parameters for loading network instances in the same account to the cloud connection

    Parameter

    Description

    Example

    Account

    Specifies the account that provides the network instance.

    Current account

    Region

    The region where the VPC is located.

    CN Southwest-Guiyang1

    Instance Type

    Type of the network instance that needs to be loaded to the cloud connection. The value can be:

    • VPC
    • Virtual gateway

    VPC

    VPC

    The VPC that needs to be loaded to the cloud connection for interconnection.

    This parameter is mandatory if you have set Instance Type to VPC.

    VPC-B

    VPC CIDRs

    The subnets of the VPC you want to load and the CIDR blocks

    If you have set Instance Type to VPC, configure the following two parameters:

    • Subnet
    • Other CIDR Block: Add one or more custom CIDR blocks as needed.

    Subnet-B

    Remarks

    Provides supplementary information about the network instance.

    -

Buying a Bandwidth Package

By default, a cloud connection provides 10 kbit/s of bandwidth for testing cross-region network connectivity. To enable normal communication between regions in the same geographic region or different geographic regions, you need to purchase at least one bandwidth package and bind them to the cloud connection.

One cloud connection can only have one bandwidth package regardless of if the cloud connection is used for communication within a geographic region or between geographic regions.

  1. Go to the Buy Bandwidth Package page.
  2. Configure the parameters based on Table 4 and click Next.
    Table 4 Parameters for buying a bandwidth package

    Parameter

    Description

    Example

    Basic Settings

    Billing Mode

    The only option is Yearly/Monthly.

    You can purchase it by year or month as needed.

    Yearly/Monthly

    Name

    The name of the bandwidth package.

    The name can contain 1 to 64 characters. Only digits, letters, underscores (_), hyphens (-), and periods (.) are allowed.

    bandwidthPackage-test

    Enterprise Project

    Selects an enterprise project by which cloud resources and members are centrally managed.

    default

    Tag

    Identifies the bandwidth package. A tag consists of a key and a value. You can add at most 20 tags to a bandwidth package.

    NOTE:

    If a predefined tag has been created in TMS, you can select the corresponding tag key and value.

    For details about predefined tags, see Predefined Tags.

    -

    Bandwidth Details

    Billing Mode

    Billed by bandwidth.

    Bandwidth

    Applicability

    Whether you want to use the bandwidth package for communication within a geographic region or between geographic regions. The following options are supported:

    • Single geographic region: Use the bandwidth package between regions in the same geographic region.
    • Across geographic regions: Use the bandwidth package between regions in different geographic regions.

    Single geographic region

    Geographic Region

    The geographic region.

    Chinese mainland

    Bandwidth

    The bandwidth you require for communication between regions, in Mbit/s. The sum of all inter-region bandwidths you assign cannot exceed the total bandwidth of the bandwidth package. Assign the bandwidth based on your network plan.

    Unit: Mbit/s

    10

    Required Duration

    Specifies how long you require the bandwidth package for.

    Auto renewal is supported.

    1

    Cloud Connection

    Specifies the cloud connection you want to bind the bandwidth package to. The following options are supported:

    • Bind
    • Bind later

    Bind later

  3. Confirm the configuration and submit your order.

    Go back to the bandwidth package list and locate the bandwidth package. If its status changes to Normal, you can bind the bandwidth package to the cloud connection.

Bind a bandwidth package to a cloud connection instance.

Bind the purchased bandwidth package to the created cloud connection instance.

  1. Go to the Cloud Connections page.
  2. Click the cloud connection name (cc-test) to go to the Basic Information tab.
  3. Click the Bandwidth Packages tab.
  4. Click Bind Bandwidth Package. In the displayed dialog box, select the purchased bandwidth package (bandwidthPackage-test) and click OK.

Configuring Inter-Region Bandwidth

By default, a cloud connection provides 10 kbit/s of bandwidth for testing cross-region network connectivity.

In this step, log in to the console as account A.

  1. Go to the Cloud Connections page.
  2. Click the name of the cloud connection to go to the Basic Information tab.
  3. Click the Inter-Region Bandwidths tab.
  4. Click Assign Inter-Region Bandwidth and configure the parameters based on Table 5.
    Table 5 Parameters for assigning an inter-region bandwidth

    Parameter

    Description

    Example

    Regions

    The regions that need to communicate with each other.

    Select two regions.

    CN North-Ulanqab1

    CN Southwest-Guiyang1

    Bandwidth Package

    Bandwidth package bound to the cloud connection.

    bandwidthPackage-test

    Bandwidth

    The bandwidth you require for communication between regions, in Mbit/s

    The sum of all inter-region bandwidths you assign cannot exceed the total bandwidth of the bandwidth package. Plan the bandwidth in advance.

    10
  5. Click OK.

    Now the VPCs in the two regions can communicate with each other.

    The default security group rules deny all the inbound traffic. Ensure that security group rules in both directions are correctly configured for resources in the regions to ensure normal communication.

(Optional) Configuring Cross-Region Secure Access to OBS

  1. Buy an endpoint to access the OBS bucket. Configure VPCEP to access the OBS bucket.

    Obtain the VPCEP address of OBS for the bucket by submitting a service ticket. For example, the VPCEP address of OBS for the CN Southwest-Guiyang1 bucket in VPC-B is cn-southwest-2.com.myhuaweicloud.v4.obsv2.

  2. Obtain the IP address of the specified bucket for cross-region access from the resource pool.
    1. Obtain the access domain name from the OBS overview page.

    2. On the ECS page, remotely log in to the resource pool node and run the dig command to obtain the cross-region resolution address of the OBS bucket. The format is dig {<domain-name-for-accessing-the-OBS-bucket>}. Obtain the domain name from the previous step.

      The following example shows how to obtain the cross-region resolution address of a bucket in CN Southwest-Guiyang1 from a node in VPC-A in CN North-Ulanqab1.

      Figure 2 Obtaining the cross-region resolution address of an OBS bucket
  3. Add a route to the cloud connection.
    1. On the VPC page, click VPC-B to access its details page.
    2. On the network interconnection overview page, click the route table of VPC-B and find the VPCEP OBS address segment configured in the previous step.

      Locate the row that contains OBS in the Destination column of the route table, and click the number of IP addresses. In the preceding example, 116.63.191.7 matches 116.63.191.0/28.

    3. On the cloud connection network instance page, click VPC-B and click Modify VPC CIDR to add the VPCEP OBS address segment. This is to declare that VPC-B has another network segment for accessing OBS.
  4. Verify cross-region access to OBS.
    1. On the OBS console, click the OBS bucket created in 2 in CN Southwest-Guiyang1, choose Objects, select a test object, and choose More > Copy Object URL in the Operation column.

    2. On the ECS console, select a node in CN North-Ulanqab1, click Remote Login, and choose VNC login. Use wget {<OBS-address>}.

      In the following example, the request has been sent across regions, but 403 is returned because the test method does not carry authentication.

      Figure 3 Sending a cross-region request