Using Cloud Connect and Direct Connect to Connect an On-premises Data Center to a VPC

Scenarios

If you have more than one on-premises data center and VPC, you can use Direct Connect and a cloud connection to connect all your on-premises data centers to the VPCs in different regions.

Figure 1 shows an example.

For details about the regions where cloud connections are available, see Region Availability.

Figure 1 Connecting on-premises data centers and VPCs

When you configure a cloud connection, note that:

Subnet CIDR blocks of the VPCs cannot overlap or conflict with each other.
The routes for the subnets in the VPCs cannot conflict with existing routes, including those added for VPC Peering, Direct Connect, or VPN.

Prerequisites

You have a Huawei Cloud account, and the Huawei Cloud account has been configured with operation permissions of related services.

The account balance is sufficient to purchase the required resources, such as Direct Connect connections, bandwidth packages, and ECSs.
Direct Connect locations have been determined and the site survey of on-premises data centers have been completed together with the carrier. For details, see Preparations.
The VPCs and subnets that need to communicate with each other across regions have been created.
All VPC subnets have been configured for your on-premises data centers.

Procedure

Configure Direct Connect. In this example, two Direct Connect connections are required to connect each on-premises data center to the cloud.

Create a Direct Connect connection.

Log in to the Direct Connect console.
On the console homepage, click in the upper left corner and select the desired region and project.
Click to display Service List and choose Networking > Direct Connect.
In the navigation pane on the left, choose Direct Connect > Connections.
Click Create Connection.

On the Create Connection page, configure the parameters based on Table 1.

**Table 1** Parameters required for creating a connection
Parameter	Description
Region	Specifies the region where the connection is deployed. You can change the region here, or use the region selector in the upper left corner of the console.
Connection Name	Specifies the connection name. Enter a desired name.
Location	Specifies the location where your leased line can connect to Huawei Cloud.
Carrier	Specifies the carrier that provides the leased line.
Port Type	Specifies the type of the port used by the connection. There are four types of ports: 1GE, 10GE, 40GE, and 100GE.
Leased Line Bandwidth	Specifies the bandwidth of the connection, in Mbit/s. Select a value from the drop-down list. This is the bandwidth of the leased line you have purchased from the carrier.
Your Equipment Room Address	Specifies the address of your equipment room. The address must be specific to the floor on which your equipment room is located, for example, Equipment Room XX, Building XX, No. XX, Huajing Road, Fengdong District, Shanghai.
Tag	Identifies the connection. A tag consists of a key and a value. You can add 20 tags to a connection. NOTE: If a predefined tag has been created on TMS, you can directly select the corresponding tag key and value. For details about predefined tags, see Predefined Tags.
Description	Provides supplementary information about the connection.
Billing Mode	Specifies how you are charged. Currently, only Yearly/Monthly is supported.
Required Duration	Specifies the duration for which you require the connection.
Auto-renew	Specifies whether to automatically renew the connection to ensure service continuity. It is recommended that you set the auto-renewal period to be the same as the required duration. If the required duration is three months, the system automatically renews the subscription for every three months.
Enterprise Project	Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.
Contact Person/Phone Number/Contact Email	Specifies information about the person who is responsible for your connection. If you do not provide the contact information, your account information will be used. This will prolong the review.

Click Next
Confirm the order and click Pay.
Click OK.

Connect your data center to the location you select.
1. After you have paid for the order, the system automatically allocates a connection ID for you, and the connection information is displayed on the management console. The connection status is Creating, when you will be contacted to confirm the construction plan and relevant information (including your company name, constructor, expected construction time, and construction workers).
2. After having confirmed the construction plan, you can arrange the carrier to deploy the dedicated line and connect it to your equipment room based on your construction plan.
3. In normal cases, Huawei resident engineers will connect the dedicated line to the Huawei Cloud gateway port within two working days.
4. After the construction is complete, the connection status becomes Normal, indicating that the connection is ready.

Create a virtual gateway.

Create a virtual gateway to associate it with the VPC in CN South-Guangzhou.

Log in to the management console.
On the console homepage, click in the upper left corner and select the desired region and project.
Click to display Service List and choose Networking > Direct Connect.
In the navigation pane on the left, choose Direct Connect > Virtual Gateways.
Click Create Virtual Gateway.

Configure the parameters based on Table 2.

Figure 2 Create Virtual Gateway

**Table 2** Parameters required for creating a virtual gateway
Parameter	Description
Name	Specifies the virtual gateway name. The name can contain 1 to 64 characters.
VPC	Specifies the VPC associated with the virtual gateway.
Local Subnet	Specifies the CIDR blocks of subnets in the VPC to connect to the on-premises network.
Description	Provides supplementary information about the virtual gateway. The description can contain a maximum of 128 characters.

Add CIDR blocks of all VPC subnets that will communicate with each on-premises data center to ensure normal communication.

Click OK.
When the virtual gateway status changes Normal, the virtual gateway has been created.

Create a virtual interface.

Create a virtual interface over which the on-premises data center connects to Huawei Cloud so that the on-premises data center can access the VPC in CN South-Guangzhou.

Log in to the management console.
On the console homepage, click in the upper left corner and select the desired region and project.
Click to display Service List and choose Networking > Direct Connect.
In the navigation pane on the left, choose Direct Connect > Virtual Interfaces.
Click Create Virtual Interface.

Configure the parameters based on Table 3.

Figure 3 Create Virtual Interface

**Table 3** Parameters required for creating a virtual interface
Parameter	Description
Region	Specifies the region where the connection is deployed. You can change the region here, or use the region selector in the upper left corner of the console.
Name	Specifies the virtual interface name. The name can contain 1 to 64 characters.
Connection	Specifies the connection you use to connect your data center to the cloud.
Virtual Gateway	Specifies the virtual gateway to which the virtual interface will connect.
VLAN	Specifies the VLAN of the virtual interface. You need to configure the VLAN if you buy a self-service connection. The VLAN for a hosted connection will be allocated by the carrier or partner. In this scenario, you do not need to configure the VLAN.
Enterprise Project	Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.
Bandwidth	Specifies the bandwidth that can be used by the virtual interface, in Mbit/s. The bandwidth cannot exceed that of the connection.
Local Gateway	Specifies the IP address for connecting to the cloud.
Remote Gateway	Specifies the IP address for connecting to the on-premises network. The IP address of the remote gateway must be in the same network segment as that of the local gateway, and it is recommended that both IP addresses use a 30-bit mask.
Remote Subnet	Specifies the subnets and masks of the on-premises data center. If there are multiple subnets, use commas (,) to separate them.
Routing Mode	Specifies the routing mode. Two options are available, static routing and BGP routing. If there are two or more connections, select BGP routing.
BGP ASN	Specifies the ASN of the BGP peer. Enter a value from 1 to 65535, excluding 64512, which is reserved by Huawei Cloud. This parameter is required if you select BGP routing.
BGP MD5 Authentication Key	Specifies the password used to authenticate the BGP peer using MD5. This parameter is mandatory if you select BGP routing, and you must ensure that the parameter values on both gateways are the same. The value contains 8 to 255 characters and must contain at least two types of the following characters: Uppercase letters Lowercase letters Digits Special characters ~!, .:;-_"(){}[]/@#$ %^&*+\\|=
Description	Provides supplementary information about the virtual interface. The description can contain a maximum of 128 characters.

Click Submit. When the status of the virtual interface changes Normal, the virtual interface has been created.
Ping a server in on-premises data center 1 from an ECS in the VPC in CN South-Guangzhou (VPC 1) to test network connectivity.

Repeat 1.a to 1.d to establish network connectivity between on-premises data center 2 and the VPC in CN East-Shanghai1 (VPC 2).

Create a cloud connection.

Go to the Cloud Connections page.
In the upper right corner of the page, click Create Cloud Connection.

Configure the parameters based on Table 4.

**Table 4** Parameters for creating a cloud connection
Parameter	Description
Name	Specifies the cloud connection name.
Enterprise Project	Specifies the enterprise project for managing the cloud connection. An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is default. For details about creating and managing enterprise projects, see the Enterprise Management User Guide.
Scenario	Specifies whether the cloud connection is used to connect VPCs or enterprise routers. If you select VPC here, only VPCs or virtual gateways can use this cloud connection.
Tag	Identifies the cloud connection. A tag consists of a key and a value. You can add 20 tags to a cloud connection. NOTE: If you have configured tag policies for Cloud Connect, add tags to cloud connections based on the tag policies. If you add a tag that does not comply with the tag policies, cloud connections may fail to be created. Contact your administrator to learn more about tag policies.
Description	(Optional) Provides supplementary information about the cloud connection. The description can contain no more than 255 characters and cannot contain angle brackets (<>).

Click OK.

Load network instances.
Load the VPCs in CN South-Guangzhou and CN East-Shanghai1 to the created cloud connection.
1. In the cloud connection list, click the name (CloudConnect) of the cloud connection.
2. On the Network Instances tab, click Load Network Instance.
3. Configure the parameters.
  
  To enable the on-premises data center to access the VPC, you need to add the subnet used in the on-premises data center as a custom CIDR block.
4. Click OK. The VPC in CN South-Guangzhou has been loaded to the cloud connection.
5. Repeat the preceding steps to load the VPC in CN East-Shanghai to the cloud connection.
  Figure 4 Loading the other VPC
  
  After the VPCs are loaded, they are on the same network. You can view the routes of each VPC on the Route Information tab.
  Figure 5 Route Information
Buy a bandwidth package.
By default, Cloud Connect provides 10 kbit/s of bandwidth for testing cross-region network connectivity.

To ensure normal communication, you need to purchase a bandwidth package and bind it to the cloud connection.
1. In the cloud connection list, click the name (CloudConnect) of the cloud connection.
2. On the Bandwidth Packages tab, click Buy Bandwidth Package.
3. Configure the parameters.
  Because the two VPCs are in the Chinese mainland, select Single geographic region for Applicability and Chinese mainland for Geographic Region.
4. Click Buy Now.
5. Confirm the configuration and click Pay Now.
6. Click OK.
  Go back to the bandwidth package list. If its status changes to Normal, you can bind the bandwidth package to the cloud connection.
  
  In the navigation pane, choose Bandwidth Packages. On the displayed page, locate the bandwidth package you just purchased. You can view its details, such as the billing mode, order information, cloud connection bound to, used bandwidth, and remaining bandwidth. You can also modify, unbind, renew, and unsubscribe from the bandwidth package.
Assign an inter-region bandwidth.
1. In the cloud connection list, click the name (CloudConnect) of the cloud connection.
2. On the Inter-Region Bandwidths tab, click Assign Inter-Region Bandwidth.
3. Configure the parameters.
  Select CN South-Guangzhou and CN East-Shanghai1 for Regions. The system automatically displays the bandwidth package bound to the cloud connection. Set the bandwidth based on your requirements, for example, 1 Mbit/s.
4. View the assigned bandwidth on the Inter-Region Bandwidths tab.
  
  The default security group rules deny all the inbound traffic. Ensure that security group rules in both directions are correctly configured for resources in the regions to ensure normal communication.

Configure local routes on the on-premises data centers.
- In on-premises data center 1, add routes to the VPC in CN South-Guangzhou (192.168.3.0/24), to the VPC in CN East-Shanghai1 (192.168.1.0/24), and to on-premises data center 2 (192.168.5.0/24).
- In on-premises data center 2, add routes to the VPC in CN East-Shanghai1 (192.168.1.0/24), to the VPC in CN South-Guangzhou (192.168.3.0/24), and to on-premises data center 1 (172.16.1.0/24).

Verification

Ping an ECS in the VPC in CN East-Shanghai1 and a server in each data center from an ECS in the VPC in CN South-Guangzhou.
Ping an ECS in the VPC in CN South-Guangzhou and a server in each data center from an ECS in the VPC in CN East-Shanghai1.
View the routes.