Updated on 2024-07-23 GMT+08:00

Overview

Scenario

Direct Connect establishes a dedicated, secure, stable, and high-speed network connection between your on-premises data center and VPCs. Direct Connect now provides global DC gateways that allow you to build a large-scale hybrid cloud network globally.

VPN establishes a secure, encrypted communication tunnel between your on-premises data center and your VPC. Compared with Direct Connect, VPN is cost-effective and can be quickly deployed.

To ensure high reliability of the hybrid cloud network and reduce costs, you can use Enterprise Router, Direct Connect, and VPN to connect the on-premises data center to the cloud, and use VPN to back up Direct Connect. If a Direct Connect connection becomes faulty, VPN automatically takes over, which minimizes service interruptions.

Architecture

To improve the reliability of the hybrid cloud network, your enterprise uses both Direct Connect and VPN connections to connect your on-premises data center to the VPCs. The Direct Connect connection works as the active connection and a VPN connection works as the standby one. If the active connection becomes faulty, the standby connection automatically takes over, which eliminates network interruptions.
  • Two VPCs (VPC 1 and VPC 2) and a Direct Connect global DC gateway are attached to the enterprise router. VPC1 and VPC 2 can communicate with each other and communicate with the on-premises data center over the Direct Connect connection.
  • A VPN gateway is also attached to the enterprise router. If the Direct Connect connection becomes faulty, VPC 1 and VPC 2 can communicate with the on-premises data center over the VPN connection.
Figure 1 Hybrid cloud network that you set up using Enterprise Router, Direct Connect, and VPN

Advantages

An enterprise router with a Direct Connect global DC gateway and a VPN gateway attached enables automatic switchover between active and standby connections. This prevents service loss and reduces maintenance costs.

Constraints

The CIDR blocks of the VPCs and of the on-premises data center cannot overlap.