Help Center/ API Gateway/ Best Practices/ Selectively Exposing Service Capabilities of a Data Center Using a Dedicated Gateway
Updated on 2024-09-20 GMT+08:00

Selectively Exposing Service Capabilities of a Data Center Using a Dedicated Gateway

The backend services of APIG can be deployed in the following modes:

  • Deployed in a VPC and accessible only using private IP addresses.

    You can create a VPC channel on APIG to enable network routing between APIG and the VPC.

  • Deployed on the public network and accessible using a public IP address.
  • Deployed in an on-premises data center and not accessible using a public IP address.

    If you use a dedicated API gateway, you can set up a connection between your on-premises data center and the gateway (or the VPC bound to the gateway).

This section describes the precautions for using APIG to selectively expose APIs of backend services deployed in a local data center.

Figure 1 Connecting a data center to a dedicated API gateway with Direct Connect

Connecting a Data Center to APIG

  1. Create a VPC.

    For details, see the Virtual Private Cloud User Guide.

    To allow APIG to access services in your on-premises data center, bind a VPC to your dedicated gateway, and establish a connection between the data center and VPC.

    Figure 2 Creating a VPC
    • Specify a subnet for your dedicated gateway.
    • A connection can be used to connect a local data center to only one VPC. You are advised to bind the same VPC to all your cloud resources to reduce costs.
    • If a VPC already exists, you do not need to create a new one.

  2. Create a dedicated API gateway.

    For details, see Buying a Dedicated Gateway.

  3. Buy a connection.

    To buy a connection for connecting the data center to APIG (bound VPC), do as follows:

    1. Create a Connection

      Buy a connection to establish connectivity between your on-premises data center and Huawei Cloud. You are advised to choose Full Service Installation, which means that Huawei Cloud will complete the construction.

      If you already have a connection between your data center and Huawei Cloud, use the connection instead.

    2. Create a Virtual Gateway

      The virtual gateway is a logical gateway for accessing the VPC bound to the dedicated gateway.

      Select the subnet that the dedicated gateway uses, to connect to the VPC. For details about the subnet, go to the gateway details page.

    3. Create a Virtual Interface

      The virtual interface links the connection with the virtual gateway, enabling connectivity between the connection and the VPC of the dedicated gateway.

      Configure the remote gateway and remote subnet as the gateway and subnet for accessing the open API of your on-premises data center. For example, if the API calling address of your data center is http://192.168.0.25:80/{URI}, configure the remote gateway and remote subnet as those of 192.168.0.25.

    4. Configure Routes

      Configure routes at your premises if the subnet of your data center is within the following three segments: 10.0.0.0/8-24, 172.16.0.0/12-24, and 192.168.0.0/16-24.

  4. Verify the network connectivity.

    Create another pay-per-use ECS and select the same VPC, subnet, and security group as the dedicated gateway. If the data center can connect to the ECS, the data center can also connect to the dedicated gateway.

Exposing APIs with the Dedicated Gateway

After you connect the data center to the dedicated gateway, you can expose APIs using the gateway. For details, see API Gateway User Guide.

When creating an API, specify the backend address as the API calling address of your data center.