Migrating Shared Gateway to a Dedicated Gateway
Scenario
The shared gateway will soon be discontinued. To prevent services from being affected, you can migrate existing resources from the shared gateway to the dedicated gateway.
Restrictions
- The shared gateway using KooGallery cannot be migrated.
- The shared gateway using cross-user authorization cannot be migrated.
- The shared gateway using a VPC channel of ELB type cannot be migrated.
- The shared resources created by DataArts need to be migrated using DataArts.
If the preceding scenarios are involved, submit a service ticket to contact technical support for assistance.
Possible Impact of Migration
- Changes in public inbound and outbound access
Dedicated gateways have separate public inbound and outbound IP addresses, unique from those of the shared gateway. If there are security policies configured for upstream and downstream services (server and client), they will need to be updated to allow access to these new IP addresses.
- Changes in private inbound and outbound access
Each dedicated gateway has an inbound private IP address and multiple outbound private IP addresses in the VPC. The basic, professional, enterprise, and platinum editions of a dedicated gateway have 3, 5, 6, and 7 private IP addresses, respectively. A platinum X requires 4 more private IP addresses than the previous edition. Network security policies need to be adjusted for upstream and downstream services (servers and clients) to ensure connectivity. If cross-VPC access is required for downstream services, connect the VPC endpoint service to the VPC endpoint of a dedicated gateway to ensure network connectivity. For details, see Procedure.
- Changes in the debugging domain name
The group debugging domain name {group-id}.apig.{region-id}.huaweicloudapis.com of the shared gateway will be changed to {group-id}.apic.{region-id}.huaweicloudapis.com. Any API calls made using the debugging domain name will need corresponding updates.
General Procedure
- Pre-migration check
Check the usage of the shared gateway and the dedicated gateway specifications to see if the migration is allowed.
- Create a dedicated gateway
Purchase a dedicated gateway that meets the requirements of the shared gateway based on the check result.
- Apply for migration
Contact technical support engineers or the customer manager to apply for migrating the shared gateway.
- Verify and switch traffic
Verify the migration result and implement the traffic switching.
Implementation Procedure
Pre-migration check
- Check whether the user uses KooGallery.
Log in to the APIG console. In the upper right corner of the Overview page, click Access Shared Gateway.
- In the navigation pane, choose API Publishing > API Groups. If the statuses of all groups are Not listed, KooGallery is not used and the shared gateway can be migrated. Otherwise, submit a service ticket to contact technical support.
- In the navigation tree on the left, choose API Calling > Purchased APIs to view the purchased APIs. If the list of purchased APIs is empty, KooGallery is not used and the shared gateway can be migrated. Otherwise, submit a service ticket to contact technical support.
- In the navigation pane, choose API Publishing > API Groups. If the statuses of all groups are Not listed, KooGallery is not used and the shared gateway can be migrated. Otherwise, submit a service ticket to contact technical support.
- View API authorization information.
- In the navigation pane, choose API Publishing > APIs.
- Click the name of the target API.
- Click the Authorization tab to view the authorized apps. If the authorized app is not the user's own app, the shared gateway cannot be migrated. Submit a service ticket to contact technical support.
- Check the VPC channel type.
In the navigation pane, choose API Publishing > VPC Channels. If ELB channel type exists, the shared gateway cannot be migrated.Submit a service ticket to contact technical support.
- Check whether the resources created by DataArts exist.
In the navigation pane, choose API Publishing > API Groups. If the group name starts with dlm_default_ and the description contains default api group created by dlm, the group resource is created by the DataArts service. Contact DataArts service personnel to migrate these resources. Other resources can be migrated.
- View the number of recent API calls, sum up the numbers, estimate the current QPS, and determine the specification of the dedicated gateway to be purchased.
- In the navigation pane, choose API Publishing > APIs.
- Click the name of the target API.
- On the Dashboard tab, view the Requests (count) metric and calculate the QPS.
Creating a dedicated gateway
- Select an edition based on the estimated QPS. For details, see Specifications.
- Buy a gateway. For details, see Buying a Gateway.
- Select the VPC where the backend server resides to simplify network configuration.
- Determine whether to enable the public network inbound and outbound access based on service needs.
Apply for migration
|
Migration Account Name |
XXXXX |
||
|---|---|---|---|
|
Migration Information |
Project ID |
Dedicated Gateway ID |
Region |
|
XXX |
XXX |
XXX |
|
Verifying and switching traffic
- After the migration is complete, perform debugging on the dedicated gateway to verify whether the resource functions are normal.
- You can debug the API to test whether it functions properly. For details, see Debugging an API.
- You can use the group debugging domain name to test API functions. For details, see Calling an API.
- After the verification is complete, perform traffic switching in the following scenarios:
- Public network access using an independent domain name
Change the CNAME record of the custom domain name from the subdomain name of the shared gateway to the domain name {instance-id}.apic.{region-id}.huaweicloudapis.com of the dedicated gateway.
- Private network access in the same VPC using an independent domain name
Change the CNAME record of the custom domain name from the subdomain name of the shared gateway to the domain name {instance-id}.apic.{region-id}.huaweicloudapis.com of the dedicated gateway.
- Cross-VPC private network access using an independent domain name
- Establish a cross-VPC network connection using VPC endpoint service. For details, see Endpoint Overview and Managing Endpoints.
- Change the CNAME record of the custom domain name from the subdomain name of the shared gateway to the domain name of the new VPC endpoint created in 2.a.
- Public network access using an independent domain name
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
