Network and Resource Planning

To use an enterprise router and a global DC gateway to set up a hybrid cloud network, you need:

Network Planning: Plan CIDR blocks of VPCs and their subnets, global DC gateway and virtual interface of the Direct Connect connection, VPC route tables, and enterprise router route tables.
Resource Planning: Plan the quantity, names, and other parameters of cloud resources, including VPCs, Direct Connect connection, ECSs, and enterprise router.

Network Planning

Figure 1 shows the hybrid cloud network planning that uses an enterprise router and a global DC gateway. Two VPCs and the global DC gateway are attached to the enterprise router. Table 2 describes the networking planning details.

Figure 1 Hybrid cloud network that you set up using an enterprise router and a global DC gateway

**Table 1** Network traffic flows
Path	Description
Request traffic: from VPC-A to the on-premises data center	In the route table of VPC-A, there are routes with the next hop set to the enterprise router to forward traffic from VPC-A to the enterprise router. In the route table of the enterprise router, there are routes with the next hop set to the global DC gateway attachment to forward traffic from the enterprise router to the global DC gateway. The global DC gateway is associated with the virtual interface. Traffic from the global DC gateway is forwarded to the Direct Connect connection through the remote gateway of the virtual interface. Traffic is forwarded to the on-premises data center over the Direct Connect connection.
Response traffic: from the on-premises data center to VPC-A	Traffic is forwarded to the virtual interface over the Direct Connect connection. The virtual interface associated with the global DC gateway forwards traffic from the local gateway to the global DC gateway. The global DC gateway forwards the traffic to the enterprise router. In the route table of the enterprise router, there is a route with the next hop set to the VPC-A attachment to forward traffic from the enterprise router to VPC-A.

**Table 2** Hybrid cloud network planning
Cloud Service/Resource	Description
VPC	Two VPCs are used to run your workloads and need to be attached to the enterprise router. The CIDR blocks of the VPCs to be connected cannot overlap with each other. In this example, the CIDR blocks of the VPCs are propagated to the enterprise router route table as the destination in routes. The CIDR blocks cannot be modified and overlapping CIDR blocks may cause route conflicts. If your existing VPCs have overlapping CIDR blocks, do not use propagated routes. Instead, you need to manually add static routes to the route table of the enterprise router. The destination can be VPC subnet CIDR blocks or smaller ones. The CIDR blocks of VPCs and of the on-premises data center cannot overlap. Each VPC has a default route table. Table 3 lists the routes in the default VPC route table. Three routes to fixed CIDR blocks: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. If Auto Add Routes is enabled when the VPC is attached to the enterprise router, static routes will be automatically configured in the VPC route table. If more than one VPC is attached to an enterprise router, traffic from one VPC to the other VPCs can be forwarded to the enterprise router over these routes, and is then to the next-hop network instance through the enterprise router. A route to the on-premises network CIDR block: In addition to the three automatically-added VPC CIDR blocks, you need to add a route to the VPC route table. Set the destination of this route to your on-premises network CIDR block (10.1.123.0/24 in this example) and next hop to the enterprise router. Traffic from the VPC will first be sent to the enterprise router and then to the next-hop network instance through the enterprise router. NOTICE: If an existing route in the VPC route table has a destination to 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16, the route that points to each CIDR block will fail to be added. In this case, do not enable Auto Add Routes. After the attachment is created, manually add the routes.
Direct Connect	One connection links your on-premises data center to the cloud. One global DC gateway is attached to the enterprise router. One virtual interface connects the global DC gateway and connection.
Enterprise Router	After Default Route Table Association and Default Route Table Propagation are enabled and global DC gateway and VPC attachments are created, Enterprise Router will automatically: Direct Connect Associate the global DC gateway attachment with the default route table of the enterprise router. Propagate the global DC gateway attachment to the default route table of the enterprise router. The route table automatically learns the local and remote gateways, and the on-premises network CIDR block as the destinations of routes. For details, see Table 4. VPC Associate the two VPC attachments with the default route table of the enterprise router. Propagate the VPC attachments to the default route table of the enterprise router. The route table automatically learns the VPC CIDR blocks as the destination of routes. For details, see Table 4.
ECS	Two ECSs are in different VPCs. If the ECSs are in different security groups, add rules to the security groups to allow access to each other.

**Table 3** VPC route table
Destination	Next Hop	Route Type
Fixed CIDR block: 10.0.0.0/8	Enterprise router	Static route (custom)
Fixed CIDR block: 172.16.0.0/12	Enterprise router	Static route (custom)
Fixed CIDR block: 192.168.0.0/16	Enterprise router	Static route (custom)
On-premises network CIDR block: 10.1.123.0/24	Enterprise router	Static route (custom)

If you enable Auto Add Routes when creating a VPC attachment, you do not need to manually add static routes to the VPC route table. Instead, the system automatically adds routes (with this enterprise router as the next hop and 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations) to all route tables of the VPC.
If an existing route in the VPC route tables has a destination to 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16, the routes will fail to be added. In this case, do not enable Auto Add Routes. After the attachment is created, manually add routes.
You need to add a route to the VPC route table with the destination set to the on-premises network CIDR block and next hop set to enterprise router.

**Table 4** Enterprise router route table
Destination	Next Hop	Route Type
VPC-A CIDR block: 192.168.0.0/16	VPC-A attachment: er-attach-vpc-A	Propagated
VPC-B CIDR block: 172.16.0.0/16	VPC-B attachment: er-attach-vpc-B	Propagated
Local and remote gateways: 10.0.0.0/30	Global DC gateway attachment: er-attach-dgw	Propagated
Data center CIDR block: 10.1.123.0/24	Global DC gateway attachment: er-attach-dgw	Propagated

Resource Planning

An enterprise router, one Direct Connect connection, two VPCs, and an ECS in each VPC are in the same region but can be in different AZs.

The following resource details are only examples. You can modify them if needed.

**Table 5** Details of required resources
Resource	Quantity	Description
VPC	2	Two VPCs are required to run your workloads and need to be attached to the enterprise router. Name: Set it based on site requirements. In this example, VPC-A and VPC-B are used. IPv4 CIDR Block: The VPC CIDR block must be different from the on-premises network CIDR block. Set this parameter based on site requirements. In this example, the VPC CIDR block is 192.168.0.0/16 for VPC-A and 172.16.0.0/16 for VPC-B. Subnet name: Set it based on site requirements. In this example, subnet-A01 and subnet-B01 are used. Subnet IPv4 CIDR block: The CIDR block must be different from that of the on-premises data center. Set it based on site requirements. In this example, the CIDR block is 192.168.0.0/24 for subnet-A01 and 172.16.0.0/24 for subnet-B01.
Enterprise Router	1	Name: Set it based on site requirements. In this example, ER-X is used. ASN: The ASN of the enterprise router cannot be the same as that of the on-premises data center. It is recommended that you set the ASN of the enterprise router to a value different from that of the global DC gateway. 64512 has been reserved for the global DC gateway. In this example, the ASN of the enterprise router is 64513. Default Route Table Association: Enable Default Route Table Propagation: Enable Auto Accept Shared Attachments: Set it based on site requirements. In this example, enable this option. Three attachments on the enterprise router: VPC-A attachment: er-attach-vpc-A VPC-B attachment: er-attach-vpc-B Global DC gateway attachment: er-attach-dgw
Direct Connect	1	One connection is required. In this example, the connection is named dc-X.
		A global DC gateway is required. Name: Set it based on site requirements. In this example, dgw-X is used. BGP ASN: It is recommended that you specify an ASN different from that of the enterprise router. In this example, it is set to 64512. IP Address Family: Set this parameter based on site requirements. In this example, it is set to IPv4.
		One virtual interface is required. Name: In this example, the virtual interface name is vif-X. Virtual Interface Priority: Select Preferred. Connection: In this example, select connection dc-X. Global DC Gateway: In this example, select dgw-X. Local Gateway: 10.0.0.1/30 Remote Gateway: 10.0.0.2/30 Remote Subnet: In this example, the on-premises network CIDR block is 10.1.123.0/24. Routing Mode: Select BGP. BGP ASN: ASN of the on-premises data center, which must be different from the ASN of the global DC gateway on the cloud. In this example, 64515 is used.
		Set up a peer link between the global DC gateway and the enterprise router. Resource Type: Select Peer link. Peer Link Name: Set it based on site requirements. In this example, er-attach-dgw is used. Peer Link Type: Select Enterprise Router. Link To: Select er-X.
ECS	2	An ECS is required in each VPC for verifying connectivity. Name: Set this parameter based on site requirements. In this example, the two ECSs are named ECS-A and ECS-B. Image: Select an image based on site requirements. In this example, a public image (CentOS 8.2 64bit) is used. Network VPC: In this example, select VPC-A for ECS-A and VPC-B for ECS-B. Subnet: Select the subnet that needs to communicate with the on-premises data center. In this example, select subnet-A01 for ECS-A and subnet-B01 for ECS-B. Security Group: Select a security group based on site requirements. In this example, the security group sg-demo uses a general-purpose web server template. Private IP address: In this example, the IP address of ECS-A is 192.168.1.99, and that of ECS-B is 172.16.1.137.

Parent topic: Setting Up a Hybrid Cloud Network Using Enterprise Router and Direct Connect Global DC Gateway

Previous topic: Overview

Next topic: Process of Setting Up a Hybrid Cloud Network Using an Enterprise Router and Global DC Gateway

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot