Help Center/ Cloud Connect/ Best Practices/ Connecting VPCs Across Regions Using Cloud Connect and VPC Peering

Updated on 2023-05-09 GMT+08:00

View PDF

Connecting VPCs Across Regions Using Cloud Connect and VPC Peering

Scenarios

This practice provides detailed operations for using VPC Peering and Cloud Connect to enable communications between VPCs of the same service in different regions.

As shown in the following figure, CN East-Shanghai1 and CN South-Guangzhou each have three VPCs, one production VPC, one office VPC, and one transit VPC:

The production VPC in CN East-Shanghai1 needs to communicate with the production VPC in CN South-Guangzhou.
The office VPC in CN East-Shanghai1 needs to communicate with the office VPC in CN South-Guangzhou.
The production VPC and the office VPC cannot communicate with each other.

Figure 1 Networking diagram

**Table 1** Service configuration
Cloud Service	Scenario	Description	Related Operations
VPC Peering	Two VPCs are in the same region.	Create a VPC peering connection to connect two VPCs in the same region. The two VPCs can be in the same account or in different accounts.	Creating a VPC Peering Connection to Connect Another VPC in the Same Account Creating a VPC Peering Connection to Connect a VPC in Another Account
Cloud Connect	VPCs are in different regions.	Create a cloud connection to connect the VPCs across regions. The VPCs can be in the same account or in different accounts.	Communications Between VPCs Across Regions

To connect the VPCs using Cloud Connect and VPC Peering, ensure that the subnets in the VPCs do not overlap or conflict.

Prerequisites

You have a Huawei Cloud account, and the Huawei Cloud account has been configured with operation permissions of related services.

The account balance is sufficient to purchase the required resources, including bandwidth packages and ECSs.
The VPCs and subnets that need to communicate with each other have been created.

Procedure

Configure VPC Peering.

Create a VPC peering connection.

Log in to the management console.
Click in the upper left corner to select a region and a project.
Hover on to display Service List and choose Networking > Virtual Private Cloud.
In the navigation pane on the left, choose VPC Peering.
In the upper right corner, click Create VPC Peering Connection.
Configure the parameters based on Table 2. Select My account.
Figure 2 Creating a VPC peering connection

**Table 2** Parameters required for creating a VPC Peering connection
Parameter	Description
Name	Specifies the name of the VPC peering connection. The name contains a maximum of 64 characters and consists of letters, digits, hyphens (-), and underscores (_).
Local VPC	Specifies the VPC you want to connect over the VPC peering connection.
Local VPC CIDR Block	Specifies the CIDR block for the local VPC.
Account	Specifies whether the VPC to be peered with are from your account or from another account. My account: The VPC is from your account. Another account: The VPC is from another account.
Peer Project	Specifies the peer project name. The name of the current project is used by default.
Peer VPC	Specifies the other VPC you want to connect. You can select one from the drop-down list if the VPC peering connection is created between two VPCs in your own account.
Peer VPC CIDR Block	Specifies the CIDR block for the peer VPC. The local and peer VPCs cannot have identical or overlapping CIDR blocks. Otherwise, the routes added for the VPC peering connection may not take effect.
Description	(Optional) Provides supplementary information about the VPC peering connection. The description can contain a maximum of 255 characters and cannot contain angle brackets (<>).

Click OK.

Add routes for the VPC peering connection.

If you request a VPC peering connection with another VPC in your own account, the system automatically accepts the request. You still need to add local and peer routes on the Route Tables page for the VPC peering connection.

Log in to the management console.
Click in the upper left corner to select a region and a project.
Hover on to display Service List and choose Networking > Virtual Private Cloud.
In the navigation pane on the left, choose Route Tables.

Search for or create a route table for the local VPC and add routes for the local VPC. Table 3 describes the parameters.

Figure 3 Adding local route

**Table 3** Parameters required for adding routes to the VPC peering connection
Parameter	Description
Destination	Specifies the CIDR block for the peer VPC.
Next Hop Type	Specifies the next hop type. Select VPC peering connection.
Next Hop	Specifies the next hop address. Select the created VPC peering connection.
Description	(Optional) Provides supplementary information about the route. The description can contain a maximum of 255 characters and cannot contain angle brackets (<>).

Search for or create a route table for the peer VPC and add routes for the peer VPC.

Figure 4 Adding peer route

**Table 4** Parameters required for adding routes to the VPC peering connection
Parameter	Description
Destination	Specifies the CIDR block for the local VPC.
Next Hop Type	Specifies the next hop type. Select VPC peering connection.
Next Hop	Specifies the next hop address. Select the created VPC peering connection.
Description	(Optional) Provides supplementary information about the route. The description can contain a maximum of 255 characters and cannot contain angle brackets (<>).

Repeat the above steps to create a VPC peering connection between the office VPC and the transit VPC in CN East-Shanghai1 and add local and peer routes.

Repeat the above operations to create two VPC peering connections in CN South-Guangzhou, with one connecting the production VPC to the transit VPC and the other connecting the office VPC to the transit VPC.

In the above steps, you can visit the route table module directly from the navigation pane on the left.

Configure Cloud Connect.

Create a cloud connection.

Log in to the management console.
Hover on to display Service List and choose Networking > Cloud Connect.
In the navigation pane on the left, choose Cloud Connect > Cloud Connections.
On the displayed page, click Create Cloud Connection.

Configure the parameters based on Table 5.

Figure 5 Create Cloud Connection

**Table 5** Parameters required for creating a cloud connection
Parameter	Description
Name	Specifies the cloud connection name. The name can contain 1 to 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).
Enterprise Project	Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.
Scenario	VPC: VPCs or virtual gateways can use this cloud connection. Enterprise router: Only enterprise routers can use the cloud connection.
Tag	Identifies the cloud connection. A tag consists of a key and a value. You can add 10 tags to a cloud connection. Tag keys and values must meet the requirements listed in Table 6. NOTE: If a predefined tag has been created on TMS, you can directly select the corresponding tag key and value. For details about predefined tags, see Predefined Tags.
Description	Provides supplementary information about the cloud connection. The description can contain a maximum of 255 characters.

**Table 6** Tag key and value requirements
Parameter	Requirements
Key	Cannot be left blank. Must be unique for each resource. Can contain a maximum of 36 characters. Can contain only letters, digits, hyphens, and underscores.
Value	Can be left blank. Can contain a maximum of 43 characters. Can contain only letters, digits, period, hyphens, and underscores.

Click OK.

Load network instances.
Load the transit VPC in CN East-Shanghai1 to the created cloud connection.
1. In the cloud connection list, click the cloud connection named CloudConnect.
  
  On the displayed page, you can view details about the cloud connection, such as its name, ID, status, time when the cloud connection was created, and description. There are also four tabs: Network Instances, Bound Bandwidth Packages, Inter-Region Bandwidths, and Route Information.
  
  Figure 6 Cloud connection details
1. Click Network Instances.
2. Click Load Network Instance.
1. Configure the parameters.
  Figure 7 Loading a network instance
  
  Figure 8 Network instance details
  
  To communicate with the production VPC and the office VPC in CN East-Shanghai1, you need to set the CIDR blocks of the two VPCs as custom CIDR blocks.
2. Click OK.
3. Repeat the above steps to load the transit VPC in CN South-Guangzhou to the cloud connection and set the CIDR block of the production VPC and the CIDR block of the office VPC in CN South-Guangzhou as custom CIDR blocks.
  Figure 9 Loading another VPC
  
  After the VPCs are loaded, they are on the same network, and you can view the routes of each VPC on the Route Information tab page.
Buy a bandwidth package.
By default, the system allocates 10 kbit/s of bandwidth for testing network connectivity across regions.

To ensure normal network communications, you need to purchase a bandwidth package and bind it to the cloud connection.
1. In the cloud connection list, click the cloud connection named CloudConnect.
2. On the details page of the cloud connection, click Bound Bandwidth Packages and then Buy Bandwidth Package.
  Figure 10 Buy Bandwidth Package
1. Configure the parameters.
  Because the two VPCs are in the Chinese mainland, select Single Geographic Region for Applicability and Chinese mainland for Geographic Region.
1. Click Buy Now.
2. Confirm the information and click Pay Now.
3. Click Pay.
  Go back to the bandwidth package list and locate the bandwidth package. If its status changes to Normal, you can bind the bandwidth package to a cloud connection.
  
  On the Bandwidth Packages page, you can view the purchased bandwidth package and its details, including the billing mode, order information, the cloud connection bound to, used bandwidth, and remaining bandwidth. You can also modify, unbind, renew, and unsubscribe from the bandwidth package.
Assign inter-region bandwidth.
Assign bandwidth from the purchased bandwidth package for network communications between the VPCs.
1. In the cloud connection list, click the cloud connection named CloudConnect.
2. On the details page of the cloud connection, click Inter-Region Bandwidths and then Assign Inter-Region Bandwidth.
  Figure 11 Assigning inter-region bandwidth
3. Configure the parameters.
  Select CN South-Guangzhou and CN East-Shanghai1 for Regions. The system automatically displays the bandwidth package bound to the cloud connection. Set the bandwidth based on your requirements, for example, 1 Mbit/s.
4. View the assigned bandwidth on the Inter-Region Bandwidths tab page.

Verification

Check the route table of the transit VPC in CN East-Shanghai1.
Figure 12 Route table of the transit VPC in CN East-Shanghai1
Check the route table of the production VPC in CN East-Shanghai1.
Figure 13 Route table of the production VPC in CN East-Shanghai1
Check the route table of the office VPC in CN East-Shanghai1.
Figure 14 Route table of the office VPC in CN East-Shanghai1
Check the route table of the transit VPC in CN South-Guangzhou.
Figure 15 Route table of the transit VPC in CN South-Guangzhou
Check the route table of the production VPC in CN South-Guangzhou.
Figure 16 Route table of the production VPC in CN South-Guangzhou
Check the route table of the office VPC in CN South-Guangzhou.
Figure 17 Route table of the office VPC in CN South-Guangzhou
Ping an ECS in the production VPC in CN South-Guangzhou from an ECS in the production VPC in CN East-Shanghai1.
Figure 18 Pinging two ECSs
Ping an ECS in the office VPC in CN South-Guangzhou from an ECS in the office VPC in CN East-Shanghai1.
Figure 19 Pinging two ECSs