Overview

Scenario

There are three VPCs in a region of Huawei Cloud, with service A and service B respectively in VPC 1 and VPC 2, and the third-party firewall in VPC 3. For security purposes, the traffic to service A and service B must be filtered by the firewall in VPC 3.

Figure 1 Protecting traffic for VPCs in the same region

You can share an enterprise router with different accounts to attach VPCs of these accounts to the same enterprise router for communications.

Operation Procedure

Figure 2 shows the procedure for using an enterprise router to scrub traffic for VPCs in the same region.

Figure 2 Flowchart for protecting VPC traffic in the same region

**Table 1** Steps for protecting VPC traffic in the same region
No.	Procedure	Description
1	Network and Resource Planning	Plan required CIDR blocks and the number of resources.
2	Creating Resources	Create an enterprise router. Create three VPCs and three ECSs.
3	Configuring Networks	Create VPC attachments for the enterprise router: Attach the three VPCs to the enterprise router. Create two custom route tables for the enterprise router. Associate and propagate VPC attachments with the route tables of the enterprise router. In the route tables of the VPCs, add routes for traffic to route through the enterprise router. Configure kernel parameters and routes for ECS 3 to allow communications between NICs eth0 and eth1.
4	Verifying Network Connectivity and Traffic Scrubbing	Log in to an ECS and run the ping command to verify the network connectivity.