Help Center/ Virtual Private Network/ Best Practices/ S2C Enterprise Edition VPN/ Configuring VPN Load Balancing to Provide High Bandwidth for Cloud and On-Premises Interconnection/ Planning Networks and Resources
Updated on 2024-11-07 GMT+08:00
View PDF
Share

Planning Networks and Resources

Data Plan

Table 1 Data plan

Category

Item

Data

VPC

Subnet to be interconnected
  • VPC1: 192.168.0.0/24
  • VPC2: 192.168.1.0/24

Enterprise router

Enterprise router attached to VPC1 and VPC2.

ECS

Three ECSs are in different VPCs. If the ECSs are in different security groups, add rules to the security groups to allow access to each other.

VPN gateway 1

Access subnet

Subnet used for communication between the VPN gateway and VPCs. Ensure that the selected access subnet has four or more assignable IP addresses.

192.168.2.0/24

HA mode

Active-active

EIP

EIPs are automatically generated when you buy them. By default, VPN gateway 1 uses two EIPs. In this example, the EIPs are as follows:

  • Active EIP: 1.1.1.2
  • Active EIP 2: 2.2.2.2

Tunnel interface address
IP addresses used by VPN gateway 1 to establish IPsec tunnels with customer gateway 1. At the two ends of an IPsec tunnel, the configured local and remote tunnel interface addresses must be reversed.
  • VPN connection 1: 169.254.70.1/30
  • VPN connection 2: 169.254.71.1/30
IP addresses used by VPN gateway 1 to establish IPsec tunnels with customer gateway 2. At the two ends of an IPsec tunnel, the configured local and remote tunnel interface addresses must be reversed.
  • VPN connection 3: 169.254.72.1/30
  • VPN connection 4: 169.254.73.1/30

VPN gateway 2

Access subnet

Subnet used for communication between the VPN gateway and VPCs. Ensure that the selected access subnet has four or more assignable IP addresses.

192.168.3.0/24

HA mode

Active-active

EIP

EIPs are automatically generated when you buy them. By default, VPN gateway 2 uses two EIPs. In this example, the EIPs are as follows:

  • Active EIP: 3.3.3.3
  • Active EIP 2: 4.4.4.4

Tunnel interface address

IP addresses used by VPN gateway 2 to establish IPsec tunnels with customer gateway 1. At the two ends of an IPsec tunnel, the configured local and remote tunnel interface addresses must be reversed.

  • VPN connection 5: 169.254.74.1/30
  • VPN connection 6: 169.254.75.1/30
IP addresses used by VPN gateway 2 to establish IPsec tunnels with customer gateway 2. At the two ends of an IPsec tunnel, the configured local and remote tunnel interface addresses must be reversed.
  • VPN connection 7: 169.254.76.1/30
  • VPN connection 8: 169.254.77.1/30

On-premises data center

Subnet to be interconnected

172.16.0.0/16

Customer gateway 1

Public IP address

Public IP address assigned by a carrier. In this example, the public IP address is as follows:

1.1.1.1

Tunnel interface address
  • VPN connection 1: 169.254.70.2/30
  • VPN connection 2: 169.254.71.2/30
  • VPN connection 5: 169.254.74.2/30
  • VPN connection 6: 169.254.75.2/30

Customer gateway 2

Public IP address

Public IP address assigned by a carrier. In this example, the public IP address is as follows:

2.2.2.1

Tunnel interface address
  • VPN connection 3: 169.254.72.2/30
  • VPN connection 4: 169.254.73.2/30
  • VPN connection 7: 169.254.76.2/30
  • VPN connection 8: 169.254.77.2/30

IKE and IPsec policies

PSK

Test@123

IKE policy
  • IKE version: IKEv2
  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-128
  • DH algorithm: group 15
  • Lifetime (s): 86400
  • Local ID: IP address
  • Peer ID: IP address

IPsec policy
  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-128
  • PFS: DH group15
  • Transfer protocol: ESP
  • Lifetime (s): 3600