Accessing OBS
Scenarios
This section describes how to access OBS using a VPN or Direct Connect connection.
Only in the LA-Mexico City1, LA-Sao Paulo1, and LA-Santiago regions, can OBS be configured as a gateway VPC endpoint service on the VPC Endpoint console.
Prerequisites
- The VPC subnet that needs to communicate with the on-premises data center over the VPN gateway must include the OBS CIDR block. For details about how to obtain the OBS CIDR block, submit a service ticket or contact the OBS customer manager.
For details about how to create a VPN connection, see Creating a VPN Gateway.
- The VPC subnet that needs to communicate with the on-premises data center over the Direct Connect gateway must include the OBS CIDR block. For details about how to obtain the OBS CIDR block, submit a service ticket or contact the OBS customer manager.
For details on how to enable Direct Connect, see Enabling Direct Connect.
Procedure
- Click
in the upper left corner and select the required region and project. - Click Service List and choose Networking > VPC Endpoint.
- In the navigation pane on the left, choose VPC Endpoint > VPC Endpoints.
- On the displayed page, click Buy VPC Endpoint.
- Set Service Category to Cloud Services and select com.myhuaweicloud.na-mexico-1.dns.
- Configure required parameters.
Figure 1 Buy VPC Endpoint (Service Category set to Cloud services)
- Click Next and Submit.
- Check the private IP address returned after the VPC endpoint for connecting to DNS is created.
- Add DNS records on the DNS server at your on-premises data center to forward requests for resolving OBS domain names to the VPC endpoint for accessing DNS.
The methods of configuring DNS forwarding rules vary depending on OSs. For details, see the DNS software operation guides.
This step uses Bind, a common DNS software, as an example to configure forwarding rules in the UNIX.
Method 1: In file /etc/named.conf, add the DNS forwarder configuration and set forwarders to the private IP address of the VPC endpoint for accessing DNS.
options { forward only; forwarders{ xx.xx.xx.xx;}; };Method 2: In file /etc/named.rfc1912.zones, add the following content, and set forwarders to the private IP address of the VPC endpoint for accessing DNS.
The following uses the OBS endpoint and cluster address of an OBS bucket in the LA-Mexico City1 region as an example:
zone "obs.na-mexico-1.myhuaweicloud.com" { type forward; forward only; forwarders{ xx.xx.xx.xx;}; }; zone "obs.lz01.na-mexico-1.myhuaweicloud.com" { type forward; forward only; forwarders{ xx.xx.xx.xx;}; };
- If no DNS server is available at your on-premises data center, add the private IP address of the VPC endpoint in file /etc/resolv.conf.
- obs.na-mexico-1.myhuaweicloud.com indicates the OBS endpoint in the LA-Mexico City1 region.
- obs.lz01.na-mexico-1.myhuaweicloud.com indicates the address of the lz01 cluster where the OBS bucket is deployed.
- xx.xx.xx.xx indicates the IP address returned in step 9.
- Configure a DNS route from the on-premises node to the Direct Connect or VPN gateway.
xx.xx.xx.xx indicates the private IP address of the VPC endpoint for accessing DNS. The traffic from the node to OBS needs to be directed to the Direct Connect or VPN gateway, and then to OBS through Direct Connect or VPN. Configure a permanent route at your on-premises data center and specify the IP address of the Direct Connect or VPN gateway as the next hop for accessing OBS.
route -p add xx.xx.xx.xx mask 255.255.255.255 xxx.xxx.xxx.xxx
- xx.xx.xx.xx indicates the IP address returned in step 9.
- xxx.xxx.xxx.xxx indicates the IP address of the Direct Connect or VPN gateway created at your on-premises data center.
- The route command format varies depending on the OS. Use the route command format corresponding to the actual OS.
- Repeat steps 5 to 9 to create a VPC endpoint for connecting to OBS.
You can only access OBS using the OBS domain name in the region where the VPC endpoint is located.
- Configure an OBS route from your on-premises data center to the Direct Connect or VPN gateway.
The IP address of OBS belongs to 100.125.0.0/16. Traffic from the data center to OBS needs to be directed to the Direct Connect or VPN gateway, and then to OBS through Direct Connect or VPN.
Configure a permanent route at your on-premises data center and specify the IP address of the Direct Connect or VPN gateway as the next hop for accessing OBS.
route -p add 100.125.0.0 mask 255.255.0.0 xxx.xxx.xxx.xxx
- If your on-premises data center is disconnected from the Direct Connect gateway or a VPN gateway, a connection between the on-premises node and the gateway must be established first.
- The route command format varies depending on the OS. Use the route command format corresponding to the actual OS.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
