Using VPN and Cloud Connect to Enable Communication Between Multiple On-premises Data Centers Through the VPN Hub Function
Scenario
A customer has multiple data centers in different regions and has purchased VPCs in multiple regions on Huawei Cloud. Each data center is connected to a VPC network on the cloud through VPN. This section describes how to use cloud connections in the same region and across different regions to connect multiple data center networks to enable communication between these data centers.
Prerequisites
- Prepared resources
- The customer has purchased VPCs in multiple regions on Huawei Cloud, with multiple VPCs in a certain region.
- The VPC in each region is connected to an on-premises data center through VPN.
- The subnets of the VPCs on Huawei Cloud do not conflict with those of the on-premises data centers, and the ECS service is running properly.
- Topology
Figure 1 VPN hub topology
- Configuration roadmap
- Connect VPC1, VPC2, and VPC3 through Cloud Connect, and configure Cloud Connect routes. You need to purchase a bandwidth package during the actual network configuration.
- Create VPN connections between IDC1 and VPC1, between IDC2 and VPC2, and between IDC3 and VPC3.
- Update the local and remote subnets of each VPN connection.
- Configuration description
Table 1 Configuration description Node
Identifier
Local VPN Gateway
Local VPN Subnet
Remote VPN Gateway
Remote VPN Subnet
Cloud Connect Instance
IDC1
VPN A
49.4.113.226
192.168.11.0/24
122.112.222.135
192.168.22.0/24
192.168.33.0/24
192.168.44.0/24
192.168.55.0/24
192.168.66.0/24
-
VPC1
122.112.222.135
192.168.22.0/24
192.168.33.0/24
192.168.44.0/24
192.168.55.0/24
192.168.66.0/24
49.4.113.226
192.168.11.0/24
192.168.22.0/24
192.168.11.0/24
IDC2
VPN B
139.159.222.28
192.168.44.0/24
122.112.222.112
192.168.11.0/24
192.168.22.0/24
192.168.33.0/24
192.168.55.0/24
192.168.66.0/24
-
VPC2
122.112.222.112
192.168.11.0/24
192.168.22.0/24
192.168.33.0/24
192.168.55.0/24
192.168.66.0/24
139.159.222.28
192.168.44.0/24
192.168.33.0/24
192.168.44.0/24
IDC3
VPN C
139.9.226.244
192.168.55.0/24
122.112.222.112
192.168.11.0/24
192.168.22.0/24
192.168.33.0/24
192.168.44.0/24
192.168.66.0/24
-
VPC3
117.78.30.55
192.168.11.0/24
192.168.22.0/24
192.168.33.0/24
192.168.44.0/24
192.168.66.0/24
139.9.226.244
192.168.55.0/24
192.168.55.0/24
192.168.66.0/24
- Cloud Connect network instances can be configured at any region. You can check the route information to verify the network instance configuration.
- The local and remote gateway IP addresses in the on-premises data center and a VPC are reversed. The VPN connection configurations in the on-premises data center are consistent with those on Huawei Cloud.
Procedure
- Create cloud connections.
- Log in to the console, select the region where VPC1 is located, and choose Networking > Cloud Connect from the service list. Click Create Cloud Connection, enter related information based on Figure 2, and click OK.
- Click the name of the created cloud connection, and load a network instance.
Figure 3 Created cloud connection
On the Network Instances tab page, click Load Network Instance. Select the VPC for which the cloud connection has been created, select the VPC subnet, and manually add the subnet of the on-premises data center connected through VPN. Then, click OK.Figure 4 Loading a network instance
The configuration of VPC2 is the same as that of VPC1. If you do not add the subnet of the on-premises data center connected through a VPN connection during the configuration, you can click Modify VPC CIDR Block to add it.
Figure 5 Modifying the VPC CIDR block
The following figure shows the network instance connection diagram after cloud connections are configured.
Figure 6 Network instance connection
Verify the route configuration.
Figure 7 Verifying the route configuration
- Update the VPN network configuration.
Modification method:
On-premises data center: Keep the local subnet unchanged, and add the subnet of VPC2 as a remote subnet.
VPC: Add the subnet of VPC2 as a local subnet, and keep the remote subnet unchanged.
- Select the VPN configuration on Huawei Cloud, and modify the local subnet configuration of the created VPN connection.
- Select Specify CIDR block for Local Subnet, and add the network instance loaded to the cloud connection of VPC1, as well as the local VPC subnet. Keep the remote network information unchanged.
The following figure shows the VPN connection configuration of VPC1.
Figure 8 Modifying the VPN connection
The following figure shows the VPN connection configuration of VPC2.
Figure 9 Modifying the VPN connection
Verification
In this environment, the IP addresses of the ECSs in the on-premises data center, VPC1, and VPC2 are 192.168.1.151, 192.168.11.84, and 192.168.22.170, respectively. ECS1 (192.168.1.151) can communicate with ECS2 (192.168.11.84) through VPN. ECS3 (192.168.22.170) cannot communicate with the other two ECSs. After the VPC peering connection is established, ECS3 can communicate with ECS2 but cannot communicate with ECS1.
After the configuration adjustment in 2 is complete, ECS1, ECS2, and ECS3 can communicate with each other. The verification result is as follows:
- IDC1
ECS1 can access ECS2 in the VPC1 subnet through a VPN connection.
ECS1 can access ECS3 in the VPC2 subnet.
- IDC2
ECS1 can access ECS2 in the VPC1 subnet through a VPN connection.
ECS1 can access ECS3 in the VPC2 subnet.
- Huawei Cloud VPC1
ECS2 in the VPC1 subnet can access ECS1 in the subnet of the on-premises data center.
ECS2 in the VPC1 subnet can access ECS3 in the VPC2 subnet.
- Huawei Cloud VPC2
ECS3 in the VPC2 subnet can access ECS2 in the VPC1 subnet.
ECS3 in the VPC2 subnet can access ECS1 in the subnet of the on-premises data center.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
