Implementing Network Communications Between Containers and IDCs Using VPC and Direct Connect

Application Scenarios

With VPC and Direct Connect, the container CIDR block (172.56.0.0/16) and IDC CIDR block (10.1.123.0/24) can communicate with each other in the cluster using the VPC network model.

Prerequisites

An IDC is available, and the Direct Connect service has been applied for.

Procedure

1. Create a connection.
   1. Log in to the management console, click in the upper left corner, and select the desired region and project. Click at the upper left corner and choose Networking > Direct Connect in the expanded list.
   2. In the navigation pane on the left of the console, choose Direct Connect > Connections. On the displayed page, click Create Connection.
   3. On the Create Connection page, click Self Service Installation.

      On the Create Connection page, enter the equipment room details and select the Direct Connect location and port based on Table 2.

      Table 2 Parameters for purchasing a connection

      Parameter	Description
      Billing Mode	Specifies how you are charged. Currently, only Yearly/Monthly is supported.
      Region	Specifies the region where the connection is deployed. You can change the region in the upper left corner of the console.
      Connection Name	Specifies the name of your connection.
      Location	Specifies the Direct Connect location where your leased line can be connected to.
      Carrier	Specifies the carrier that provides the leased line.
      Port Type	Specifies the type of the port used by the connection. There are four types of ports: 1GE, 10GE, 40GE, and 100GE.
      Leased Line Bandwidth	Specifies the bandwidth of the connection in the unit of Mbit/s. This is the bandwidth of the leased line you have purchased from the carrier.
      Equipment Room Address	Specifies the address of your equipment room. The address must be specific to the floor your equipment room is on, for example, XX Equipment Room, XX Building, No. XX, Huajing Road, Pudong District, Shanghai.
      Tag	Identifies the connection. A tag consists of a key and a value. You can add 10 tags to a connection. Tag keys and values must meet the requirements listed in Table 3. NOTE: If a predefined tag has been created on TMS, you can directly select the corresponding tag key and value. For details about predefined tags, see Predefined Tag Overview.
      Description	Provides supplementary information about the connection.
      Contact Person/Phone Number/Email	Specifies information about the person who is responsible for your connection. If the contact information is not provided, your account information will be queried. This will prolong the review period.
      Required Duration	Specifies how long the connection will be used.
      Auto-renew	Specifies whether to automatically renew the connection to ensure service continuity. It is recommended that you set the auto-renewal period to be the same as the required duration. If the required duration is three months, the system automatically renews the subscription for every three months.
      Enterprise Project	Centrally manages cloud resources and members by project.

      Table 3 Tag key and value requirements

      Parameter	Requirements
      Key	Cannot be left blank. Must be unique for each resource. Can contain a maximum of 36 characters. Can contain only letters, digits, hyphens, and underscores.
      Value	Can be left blank. Can contain a maximum of 43 characters. Can contain only letters, digits, periods, hyphens, and underscores.

   4. Click Confirm Configuration
   5. Confirm the order and click Pay Now.
   6. Click Confirm.

2. Create a virtual gateway.
   1. Choose Direct Connect > Virtual Gateways, and click Create Virtual Gateway on the right. Add the VPC CIDR block and the container CIDR block in the VPC network model.
      Figure 2 Creating a virtual gateway
      

      Table 4 Virtual gateway parameters

      Parameter	Description
      Name	Specifies the virtual gateway name. You can enter 1 to 64 characters.
      Enterprise Project	Centrally manages cloud resources and members by project.
      Attach To	Select VPC.
      VPC	Specifies the VPC you want to access using the connection.
      Local Subnet	Specifies the CIDR blocks of subnets in the VPC to connect to the on-premises network. In this example, the cluster uses the VPC network model. Enter the VPC CIDR block (192.168.0.0/16) and container CIDR block (172.56.0.0/16). For clusters using the container tunnel network and Cloud Native 2.0 Network models, you only need to enter the VPC CIDR block.
      Description	Provides supplementary information about the virtual gateway. The description can contain a maximum of 128 characters.

   2. Click OK.

      When the virtual gateway status changes Normal, the virtual gateway has been created.

3. Create a virtual interface.
   1. Choose Direct Connect > Virtual Interfaces, and click Create Virtual Interface on the right.
   2. Configure the parameters based on Table 5.
      Figure 3 Creating a virtual interface
      

      Table 5 Parameters required for creating a virtual interface

      Parameter	Description
      Region	Specifies the region where the connection is deployed. You can change the region in the upper left corner of the console.
      Name	Specifies the virtual interface name. You can enter 1 to 64 characters.
      Connection	Specifies the connection you use to connect your data center to the cloud.
      Virtual Gateway	Specifies the virtual gateway that the virtual interface connects to.
      VLAN	Specifies the VLAN of the virtual interface. Configure the VLAN if you create a connection on your own. The VLAN for a hosted connection will be allocated by the carrier or partner. You do not need to configure the VLAN.
      Bandwidth	Specifies the bandwidth that can be used by the virtual interface in the unit of Mbit/s. The bandwidth cannot exceed that of the connection.
      Enterprise Project	Centrally manages cloud resources and members by project.
      Local Gateway	Specifies the IP address for connecting to the cloud. In this example, the IP address is 10.0.0.1/30.
      Remote Gateway	Specifies the IP address for connecting to your on-premises network. The remote gateway must be in the same IP address range as the local gateway. Generally, a subnet with a 30-bit mask is recommended. In this example, the IP address is 10.0.0.2/30.
      Remote Subnet	Specifies the subnets of your on-premises network. If multiple remote subnets are available, use commas (,) to separate them. In this example, the IP address is 10.1.123.0/24.
      Routing Mode	Specifies the routing mode. Two options are available, Static and BGP. If there are two or more connections, select BGP routing.
      BGP ASN	Specifies the ASN of the BGP peer. This parameter is mandatory when you select BGP routing.
      BGP MD5 Authentication Key	Specifies the password used to authenticate the BGP peer using MD5. This parameter is mandatory when BGP routing is selected, and the parameter values on both gateways must be the same. The key contains 8 to 255 characters and must contain at least two types of the following characters: Uppercase letters Lowercase letters Digits Special characters ~!, .:;-_"(){}[]/@#$ %^&*+\|=
      Description	Provides supplementary information about the virtual interface.

   3. Click Create Now. When the status of the virtual interface changes Normal, the virtual interface has been created.
   4. Ping the IP address of a server in the VPC from your data center to test network connectivity.

      Now your environment can connect to the cloud and access the desired VPC.

      

      After creating a virtual interface, configure your devices and security group rules to allow access on and off the cloud.

4. Test the connectivity.
   1. Run the traceroute command to check whether the IDC host can communicate with the container.
      1. If the route is normal, Direct Connect has a return route.
      2. If the IDC route to the cloud gateway of Direct Connect is abnormal, check whether the route settings at both ends of Direct Connect are correct.
   2. If the IP address cannot be tracerouted, try the ping or telnet operation. Before pinging the address, ensure that the ICMP policy has been enabled for the security group if the target is an ECS.