Esta página ainda não está disponível no idioma selecionado. Estamos trabalhando para adicionar mais opções de idiomas. Agradecemos sua compreensão.
- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
-
Cloud Connection Operation Guide
- Permissions Management
- Cloud Connections
- Cross-Border Permits
- Network Instances
-
Bandwidth Packages
- Buying a Bandwidth Package
- Modifying a Bandwidth Package
- Binding a Bandwidth Package to a Cloud Connection
- Unbinding a Bandwidth Package from a Cloud Connection
- Changing a Pay-per-Use Bandwidth Package to a Yearly/Monthly Bandwidth Package
- Unsubscribing from a Yearly/Monthly Bandwidth Package
- Deleting a Pay-per-Use Bandwidth Package
- Managing Bandwidth Package Tags
- Inter-Region bandwidths
- Cross-Account Authorization
- Routes
- Monitoring and Auditing
- Quotas
- Central Network Operation Guide
-
Cloud Connection Operation Guide
-
Best Practices
- Connecting VPCs in the Same Region But in Different Accounts
- Connecting VPCs in Different Regions and Accounts
- Connecting On-Premises Data Centers and VPCs
- Connecting VPCs in Different Geographic Regions
- Connecting VPCs in Different Accounts
- Using a Cloud Connection and SNAT to Enable Private Networks to Access the Internet
- Using a Cloud Connection and DNAT to Enable the Internet to Access Private Networks
- Using a Cloud Connection and DNAT to Improve the Web Delivery Across Regions
- Using a Cloud Connection and a VPC Peering Connection to Connect VPCs Across Regions
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
-
Cloud Connections
- Creating a Cloud Connection
- Querying the Cloud Connection List
- Querying a Cloud Connection
- Updating a Cloud Connection
- Deleting a Cloud Connection
- Adding a Tag to a Cloud Connection
- Deleting a Tag from a Cloud Connection
- Querying the Tags Added to a Cloud Connection
- Querying Cloud Connections by Tag
- Network Instances
-
Bandwidth Packages
- Creating a Bandwidth Package
- Querying the Bandwidth Package List
- Querying a Bandwidth Package
- Updating a Bandwidth Package
- Deleting a Bandwidth Package
- Adding a Tag to a Bandwidth Package
- Deleting a Tag from a Bandwidth Package
- Querying the Tags of a Bandwidth Package
- Querying Bandwidth Packages by Tag
- Binding a Bandwidth Package to a Cloud Connection
- Unbinding a Bandwidth Package from a Cloud Connection
- Inter-Region Bandwidths
- Cloud Connection Routes
- Authorizations
-
Central Networks
- Creating a Central Network
- Querying the Central Network List
- Querying a Central Network
- Updating a Central Network
- Deleting a Central Network
- Adding a Tag to a Central Network
- Deleting a Tag from a Central Network
- Querying the Tags Added to a Central Network
- Querying Central Networks by Tag
- Adding a Central Network Policy
- Querying the List of Central Network Policies
- Applying a Central Network Policy
- Deleting a Central Network Policy
- Querying the Changes Between the Current Policy and an Applied Policy
-
Central Network Attachments
- Adding a Global DC Gateway to a Central Network
- Querying the List of Global DC Gateways on a Central Network
- Querying a Global DC Gateway on a Central Network
- Updating a Global DC Gateway on a Central Network
- Adding a Route Table of an Enterprise Router as an Attachment on a Central Network
- Querying the List of Enterprise Router Route Tables on a Central Network
- Querying an Enterprise Router Route Table on a Central Network
- Updating an Enterprise Router Route Table on a Central Network
- Querying the List of Central Network Attachments
- Removing an Attachment from a Central Network
- Central Network Connections
- Site Network Management
- Site-to-site Connection Management
- Cloud Connection Quotas
- Central Network Quotas
- Central Network Capabilities
- Site Network Quotas
- Site Network Capabilities
- Specifications
-
Global Connection Bandwidths
- Querying the Global Connection Bandwidth List
- Creating a Global Connection Bandwidth
- Querying a Global Connection Bandwidth
- Updating a Global Connection Bandwidth
- Deleting a Global Connection Bandwidth
- Binding a Global Connection Bandwidth to an Instance
- Unbinding a Global Connection Bandwidth from an Instance
- Querying the List of Global Connection Bandwidths That Meet the Binding Conditions
- Querying a Global Connection Bandwidth
- Querying the Line Specification List
- Querying the Site List
- Querying the Line Grade List
-
Global Connection Bandwidth Tag Management
- Querying a Global Connection Bandwidth Tag in an Account
- Adding a Tag to a Global Connection Bandwidth
- Deleting a Tag from a Global Connection Bandwidth
- Adding Tags to a Global Connection Bandwidth
- Deleting Tags from a Global Connection Bandwidth
- Querying the Number of Global Connection Bandwidth Tags in an Account
- Querying the List of Global Connection Bandwidths in an Account
- Querying All Global Connection Bandwidth Tags in an Account
-
Cloud Connections
- Permissions and Supported Actions
- Appendix
- Historical APIs
- SDK Reference
-
FAQs
-
Popular Questions
- How Do I Configure Cloud Connect?
- What Can I Do If Cross-Region Network Communications Fail?
- What Tools Can I Use to Test Network Connectivity After All Configurations Are Complete?
- What Can I Do If There Is a Route Conflict When I Load a Network Instance to a Cloud Connection?
- How Can I Modify the Bandwidth of a Purchased Bandwidth Package?
- Do I Need to Create Another Cloud Connection If Network Instances in One Region Need to Communicate with Network Instances in Two Other Regions That Have Already Been Loaded to a Cloud Connection?
- Why Do I Need Cloud Connect If the Network Latency Is the Same as on the Internet?
-
General Consulting and Service Use
- What Can I Do with Cloud Connect?
- How Do I Configure Cloud Connect?
- What Are the Differences Between Cloud Connect and VPC Peering?
- What Tools Can I Use to Test Network Connectivity After All Configurations Are Complete?
- What Network Instance Types Does Cloud Connect Support?
- How Many Bandwidth Packages Can I Bind to a Cloud Connection?
- Are the Uplink and Downlink Rates of the Configured Inter-Region Bandwidth the Same?
- Are There Any Limits on the Traffic for Cross-Region Network Communications?
- What Are the Metrics for Traffic Monitoring?
- What Are the Restrictions of Using Cloud Connect?
- Where Can I Add Routes for a Cloud Connection on the Management Console?
- Do I Need to Bind an EIP to Each ECS in the VPCs Connected over a Cloud Connection?
- How Can I Modify the Bandwidth of a Purchased Bandwidth Package?
- Will the Modified Inter-Region Bandwidth Take Effect Immediately?
- How Can I Modify Inter-Region Bandwidth?
- Do I Need to Create Another Cloud Connection If Network Instances in One Region Need to Communicate with Network Instances in Two Other Regions That Have Already Been Loaded to a Cloud Connection?
- Are Network Circuits Physically Isolated?
- Is Cloud Connect an Out-Of-The-Box Service?
- How Can Cloud Connect Offer High Availability?
-
Console Operations
- How Do I Configure Cloud Connect?
- What Can I Do If There Is a Route Conflict When I Load a Network Instance to a Cloud Connection?
- How Many Bandwidth Packages Can I Bind to a Cloud Connection?
- What Are the Restrictions of Using Cloud Connect?
- How Can I Apply for a Cross-Border Permit?
- Where Can I Add Routes for a Cloud Connection on the Management Console?
- How Can I Modify the Bandwidth of a Purchased Bandwidth Package?
- How Can I Modify Inter-Region Bandwidth?
- What Tool Can I Used to Test the Bandwidth Rate of a Cloud Connection?
- Will the Modified Inter-Region Bandwidth Take Effect Immediately?
- Bandwidth Packages
-
Bandwidth, Latency and Packet Loss
- What Can I Do If Cross-Region Network Communications Fail?
- Will the Modified Inter-Region Bandwidth Take Effect Immediately?
- How Can I Troubleshoot Network Connectivity for a Hybrid Cloud Built Using Cloud Connect and Direct Connect?
- Do I Need a Bandwidth Package for Testing Network Connectivity?
- Why Do I Need Cloud Connect If the Network Latency Is the Same as on the Internet?
- Are the Uplink and Downlink Rates of the Configured Inter-Region Bandwidth the Same?
- Are There Any Limits on the Traffic for Cross-Region Network Communications?
- How Can I Modify an Inter-Region Bandwidth?
- Are Network Circuits Physically Isolated?
- How Can Cloud Connect Offer High Availability?
-
Cross-Border Permit
- Why Do I Need a Cross-Border Permit?
- Who Approves Cross-Border Permits?
- How Can I Apply for a Cross-Border Permit?
- When Would I Need to Apply for a Cross-Border Permit?
- How Long Will a Cross-Border Permit Be Approved?
- Why Is Additional Real-Name Authentication Required After I Have Completed Huawei Cloud Real-Name Authentication?
- Can I Modify the Content of the Cloud Connect Cross-Border Circuit Service Agreement?
- Can I Download the Materials for My Cross-Border Permit Application on the Console After I Delete Them from My PC?
- Does Huawei Cloud Need to Sign and Stamp the Seal on the Materials for Cross-Border Permit Application?
- Networking and Cloud Connect Scenarios
-
Cross-Account Authorization
- Does the Other User Need to Buy a Bandwidth Package If I Want to Load This Other User's VPCs to My Cloud Connection?
- Does the Other User Need to Create a Cloud Connection If I Want to Load This Other User's VPCs to My Cloud Connection?
- How Do I Load VPCs Across Accounts?
- Can a VPC Be Loaded to More than One Cloud Connection?
- Permissions
- Monitoring
- Quotas
-
Popular Questions
- General Reference
Copied.
Using a Cloud Connection and SNAT to Enable Private Networks to Access the Internet
Scenario
When customers require high-speed Internet access from their on-premises data centers to locations outside the Chinese mainland, they can use VPN, Cloud Connect, NAT Gateway (SNAT rules), and EIP.
For example, these services can enable fast access to services in Africa, Europe, or America.
Use Cases
- Using VPN to connect a customer's on-premises data center to a VPC in CN North-Beijing4
- Using a cloud connection to connect the VPC in CN North-Beijing4 to a VPC in CN-Hong Kong for network acceleration
- Purchasing NAT gateway in CN-Hong Kong, and adding an SNAT rule to enable on-premises servers to share the EIP to access the Internet outside the Chinese mainland
Figure 1 shows an example.
- In this solution, the network in CN East-Shanghai1 represents the on-premises data center.
- The CIDR block of the Internet outside the Chinese mainland is 8.8.8.0/24, and 8.8.8.8 is the only IP address used for testing.
Advantages
Cross-border connectivity and accelerated network access provide better user experience.
Constraints
The user account needs cross-border permissions. Otherwise, the user needs to authorize the current VPCs to an account with the cross-border permissions to create a cloud connection.
Resource Planning
Resource |
Resource Name |
Description |
Quantity |
---|---|---|---|
VPC |
VPC-Test01 |
Region: CN East-Shanghai1 CIDR block: 172.18.0.0/24 172.18.0.0/24 represents the on-premises network. |
1 |
VPC-Test02 |
Region: CN North-Beijing4 CIDR block: 172.16.0.0/24 |
1 |
|
VPC-Test03 |
Region: CN-Hong Kong CIDR block: 172.17.0.0/24 |
1 |
|
EIP |
EIP-Test |
Region: CN-Hong Kong |
1 |
NAT gateway |
NAT-Test |
You need to purchase it in VPC-Test03 and use EIP EIP-Test. |
1 |
VPN gateway |
VPN-GW-Test01 |
Region: CN North-Beijing4 Local gateway: 49.49.49.49 |
1 |
VPN-GW-Test02 |
Region: CN East-Shanghai1 Local gateway: 223.223.223.223 |
1 |
|
VPN connection |
VPN-Test01 |
It is created to connect to VPN-GW-Test01. |
1 |
VPN-Test02 |
It is created to connect to VPN-GW-Test02. |
1 |
|
Cloud connection |
CC-Test |
It enables cross-region access between CN North-Beijing4 and CN-Hong Kong and accelerates network access. |
1 |
ECS |
ECS-Test01 |
Region: CN East-Shanghai1 Private IP address: 172.18.0.3 |
1 |
ECS-Test02 |
Region: CN East-Beijing4 Private IP address: 172.16.0.3 |
1 |
|
ECS-Test03 |
Region: CN-Hong Kong region Private IP address: 172.17.0.3 |
1 |
Process
Procedure
- Create VPCs.
For details, see Creating a VPC.
Ensure that the VPC CIDR blocks do not conflict with each other.
- VPC in CN East-Shanghai1 (VPC-Test01): 172.18.0.0/24
- VPC in CN North-Beijing4 (VPC-Test02): 172.16.0.0/24
- VPC in the CN-Hong Kong (VPC-Test03): 172.17.0.0/24
- Create two VPN connections.
Create VPN-GW-Test01 in CN North-Beijing4 and buy VPN-Test01.
Create VPN-GW-Test02 in CN East-Shanghai1 and buy VPN-Test02.
For details, see Buying a VPN Gateway and Buying a VPN Connection.
For details, see Creating a VPN Gateway and Creating a VPN Connection.
- In CN North-Beijing4:
- Local subnets: 172.16.0.0/24, 172.17.0.0/24, and 8.8.8.0/24
- Remote gateway: 223.223.223.223
- Remote subnet: 172.18.0.0/24
- In CN East-Shanghai1:
- Local subnet: 172.18.0.0/24
- Remote gateway: 49.49.49.49
- Remote subnets: 172.16.0.0/24, 172.17.0.0/24, and 8.8.8.0/24
NOTE:
When configuring the VPN connection between CN North-Beijing4 and CN East-Shanghai1, you need to ensure that local CIDR blocks in CN North-Beijing4 and remote subnets (8.8.8.0/24) in CN East-Shanghai1 are included so that these subnets can access the Internet outside of the Chinese mainland.
- In CN North-Beijing4:
- Create a cloud connection.
- Create a cloud connection (CC-Test).
For details, see Creating a Cloud Connection.
- Load the three VPCs to the created cloud connection.
For details, see Loading a Network Instance.
- Add custom CIDR blocks.
For details, see Adding Custom CIDR Blocks for a Cloud Connection.
- When you load the VPC in CN North-Beijing4, you need to add CIDR blocks 172.18.0.0/24 and 172.16.0.0/24.
- When you load the VPC in CN-Hong Kong, you need to add CIDR blocks 172.17.0.0/24 and 8.8.8.0/24.
NOTE:
To enable communication among all nodes, you need to add all local subnets.
- Buy a bandwidth package.
By default, a cloud connection provides 10 kbit/s of bandwidth for testing cross-region network connectivity. You need to buy a bandwidth package to ensure normal communication across regions.
For details, see Buying a Bandwidth Package.
- Assign inter-region bandwidths.
For details, see Assigning an Inter-Region Bandwidth.
- Create a cloud connection (CC-Test).
- Buy three ECSs.
Buy one ECS in each of the following regions: CN East-Shanghai1, CN North-Beijing4, and CN-Hong Kong.
For details, see Purchasing an ECS.
- Private IP address of the ECS (ECS-Test01) in CN East-Shanghai1: 172.18.0.3
- Private IP address of the ECS (ECS-Test02) in CN North-Beijing4: 172.16.0.3
- Private IP address of the ECS (ECS-Test03) in CN-Hong Kong: 172.17.0.3
- Buy an EIP and a NAT gateway.
Buy an EIP (EIP-Test) in the CN-Hong Kong region, buy a public NAT gateway (NAT-Test), and add an SNAT rule for each of the following CIDR blocks:
For details, see Assigning an EIP and Binding It to an ECS and Adding an SNAT Rule.
- VPC CIDR block: 172.17.0.0/24
- Direct Connect connection/Cloud connection CIDR blocks: 172.18.0.0/24 and 172.16.0.0/24
NOTE:
SNAT rules allow servers in private networks to access the Internet (8.8.8.0/24) outside the Chinese mainland.
Verification
Test the network connectivity.
Ping the gateway (8.8.8.8) from the ECS in CN East-Shanghai1.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot