Procedure for Setting Up a Hybrid Cloud Network Using Enterprise Router and a Pair of Active/Standby Direct Connect Connections (Global DC Gateway)
Step 1: Create Cloud Resources
Create an enterprise router, a service VPC, and an ECS, as described in Table 5.
- Create an enterprise router.
For details, see Creating an Enterprise Router.
- Create a service VPC.
For details, see Creating a VPC.
- Create an ECS in the VPC.
In this example, the ECS is used to verify the communications between the VPC and the on-premises data center. The ECS quantity and configuration are for reference only.
For details, see Purchasing a Custom ECS.
Step 2: Attach the VPC to the Enterprise Router
- Attach the service VPC to the enterprise router.
When creating the VPC attachment, enable Auto Add Routes.
If this option is enabled, Enterprise Router automatically adds routes (with this enterprise router as the next hop and 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations) to all route tables of the VPC.
For details, see Creating VPC Attachments for the Enterprise Router.
- In the enterprise router route table, check the route with the destination set to the VPC CIDR block.
In this example, Default Route Table Association and Default Route Table Propagation are enabled for the enterprise router, and routes with destinations set to VPC CIDR blocks are automatically added when you attach the VPCs to the enterprise router.
For details about enterprise router route planning, see Table 2 and Table 4. In this example, the next hops of the two routes are the VPC-A attachment and VPC-B attachment, respectively.
To view enterprise routes, see Viewing Routes.
- In the route table of the service VPC, add a route with the next hop set to the enterprise router.
For VPC route details, see Table 3. In this example, the route destination is 172.16.1.0/24, which is the CIDR block used in the on-premises data center.
For details, see Adding Routes to VPC Route Tables.
Step 3: Attach the Global DC Gateways to the Enterprise Router
For details about Direct Connect resources, see Table 2.
- Use one Direct Connect connection (DC-A in this step) to link the on-premises data center to the cloud.
- Create a connection.
For details, see Creating a Connection.
- Create a global DC gateway for the enterprise router.
- On the Direct Connect console, perform the following operations:
- Create a global DC gateway.
- Create a virtual interface.
- Attach the global DC gateway to the enterprise router.
For details, see Creating a Global DC Gateway.
- On the Enterprise Router console, view the global DC gateway attachment created for the enterprise router.
For details, see Viewing Details About an Attachment.
If the status of the global DC gateway attachment is Normal, the attachment has been created.
Default Route Table Association and Default Route Table Propagation are enabled when you create the enterprise router. After the global DC gateway is attached to the enterprise router, Enterprise Router will automatically:- Associate the global DC gateway attachment with the default route table of the enterprise router.
- Propagate the global DC gateway attachment to the default route table of the enterprise router. The routes to the on-premises data center are propagated to the route table.
You can view routes to the on-premises data center in the route table of the enterprise router only after taking the following steps.
- On the Direct Connect console, perform the following operations:
- Configure routes on the on-premises network device to point to the cloud.
The following uses a Huawei network device as an example to describe how to configure a BGP route.
bgp 64555
peer 10.0.0.1 as-number 64512
peer 10.0.0.1 password simple 12345678
network 172.16.1.0 255.255.255.0
Table 1 BGP route Command
Description
bgp 64555
Enables BGP.
64555 is the ASN used by the on-premises data center.
peer 10.0.0.1 as-number 64512
Creates a BGP peer.- 10.0.0.1 is the gateway address on Huawei Cloud.
- 64512 is the BGP ASN of the global DC gateway.
peer 10.0.0.1 password simple 12345678
Performs MD5 authentication on BGP messages when a TCP connection is established between BGP peers.
12345678 is the BGP MD5 authentication password.
network 172.16.1.0 255.255.255.0
Adds routes in the IP route table to the BGP route table.
- 172.16.1.0 is the network used by the on-premises data center.
- 255.255.255.0 is the subnet mask of the on-premises network.
- Log in to the ECS (ECS-A).
Multiple methods are available for logging in to an ECS. For details, see Logging In to an ECS.
In this example, use VNC provided on the management console to log in to the ECS.
- Run the following command to verify the connectivity over the connection:
ping IP address used in the on-premises data center
Example command:
ping 172.16.1.10
If information similar to the following is displayed, VPC-A can communicate with the on-premises data center over the Direct Connect connection:[root@ecs-A ~]# ping 172.16.1.10 PING 172.16.1.10 (172.16.1.10) 56(84) bytes of data. 64 bytes from 172.16.1.10: icmp_seq=1 ttl=64 time=0.849 ms 64 bytes from 172.16.1.10: icmp_seq=2 ttl=64 time=0.455 ms 64 bytes from 172.16.1.10: icmp_seq=3 ttl=64 time=0.385 ms 64 bytes from 172.16.1.10: icmp_seq=4 ttl=64 time=0.372 ms ... --- 172.16.1.10 ping statistics ---
- Create a connection.
- Use the other Direct Connect connection (DC-B in this step) to link the on-premises data center to the cloud.
- Repeat 1.a to 1.c to create the other Direct Connect connection.
- Simulate a fault on connection DC-A to disconnect communications between the service VPC and the on-premises data center over this connection.
To prevent service interruptions, simulate the fault only when no packets are transmitted over this connection.
- Repeat 1.d to 1.e to verify the connectivity over the other Direct Connect connection.
Step 4: Configure Active/Standby Routes on the Enterprise Router and on the On-Premises Network
- In the enterprise router route table, check whether the BGP routes learned by the enterprise router through the global DC gateway attachments are working in an active/standby pair and the route learned through the global DC gateway DGW-A attachment is preferred.
To view enterprise routes, see Viewing Routes.
- If the routes are working in an active/standby pair, no route policy is required.
- If they are not working in an active/standby pair, configure a route policy and perform 2 to configure the routes on the enterprise router.
If the next hop of the route destined for 172.16.1.0/24 is the global DC gateway DGW-A attachment, this route is the active route.
- (Optional) Configure active/standby routes on the enterprise router.
- Create a route policy that contains two nodes.
For details about the policy, see Table 5.
For details about how to create a route policy, see Creating a Route Policy.
- Associate the route policy with the propagation of each global DC gateway attachment to enable the BGP routes learned by the enterprise router through the global DC gateway attachments to work in an active/standby pair.
For details, see Associating a Route Policy with the Propagation of an Attachment.
- Repeat 1 to verify that the routes are working in an active/standby pair.
Adding a policy value to the AS_Path of the route may cause network loops. Before configuring a route policy, check your network plan.
- Create a route policy that contains two nodes.
- Log in to the on-premises network device and configure the routes from the on-premises data center to the enterprise router to work in an active/standby pair based on your network plan.
If you want connection DC-A to work as the active connection, you can set Local_Pref to reduce the BGP route priority for connection DC-B.
(Here is a BGP route on a Huawei device.)
route-policy slave_direct_in permit node 10 apply local-preference 90 bgp 64555 peer 10.0.0.1 as-number 64512 peer 10.0.0.1 password simple Qaz12345678 peer 10.1.0.1 as-number 64512 peer 10.1.0.1 password simple Qaz12345678 peer 10.1.0.1 route-policy slave_direct_in import network 172.16.1.0 255.255.255.0
Table 2 BGP route Command
Description
route-policy slave_direct_in permit node 10
apply local-preference 90
Indicates the route policy for the standby connection.
slave_direct_in is the name of the route policy for the standby connection.
bgp 64555
Enables BGP.
64555 is the ASN used by the on-premises data center.
peer 10.0.0.1 as-number 64512
Creates a BGP peer.- 10.0.0.1 is the gateway address on Huawei Cloud for the active connection.
- 64512 is the BGP ASN of the global DC gateway.
peer 10.0.0.1 password simple Qaz12345678
Performs MD5 authentication on BGP messages when a TCP connection is established between BGP peers.
- 10.0.0.1 is the gateway address on Huawei Cloud for the active connection.
- Qaz12345678 is the BGP MD5 authentication password.
peer 10.1.0.1 as-number 64512
Creates a BGP peer.- 10.1.0.1 is the gateway address on Huawei Cloud for the standby connection.
- 64512 is the BGP ASN of the global DC gateway.
peer 10.1.0.1 password simple Qaz12345678
Performs MD5 authentication on BGP messages when a TCP connection is established between BGP peers.
- 10.1.0.1 is the gateway address on Huawei Cloud for the standby connection.
- Qaz12345678 is the BGP MD5 authentication password.
peer 10.1.0.1 route-policy slave_direct_in import
Indicates the import route policy for the BGP peer on the standby connection.
- 10.1.0.1 is the gateway address on Huawei Cloud for the standby connection.
- slave_direct_in is the name of the route policy for the standby connection.
network 172.16.1.0 255.255.255.0
Adds routes in the IP route table to the BGP route table.
- 172.16.1.0 is the network used by the on-premises data center.
- 255.255.255.0 is the subnet mask of the on-premises network.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot