Help Center/ Data Replication Service/ FAQs/ Network and Security/ How Can the Source and Destination Databases Communicate Across VPCs?
Updated on 2024-11-30 GMT+08:00

How Can the Source and Destination Databases Communicate Across VPCs?

DRS supports migration through a VPC, VPN, Direct Connect, or public network. The VPC network is suitable for migrations between cloud databases in the same region.

  • The source and destination databases must be in the same region.
  • The source and destination databases can be in either the same VPC or in different VPCs.
  • If source and destination databases are in the same VPC, they can communicate with each other by default. Therefore, you do not need to configure a security group.
  • If the source and destination databases are not in the same VPC, the CIDR blocks of the source and destination databases cannot be duplicated or overlapped, and the source and destination databases are connected through a VPC peering connection.
  • DRS does not support communication between the source database and destination database over a VPC across tenants. If necessary, you can create a VPC peering connection and select VPN for Network Type to enable communication between the source and destination databases.

Restrictions on VPC Peering Connections

  • VPC peering connections created between VPCs that have overlapping subnet CIDR blocks may not take effect.
  • You cannot have more than one VPC peering connection between any two VPCs at the same time.
  • You cannot create a VPC peering connection between VPCs in different regions.
  • If the CIDR blocks of two VPCs overlap, the peering connection can only be created between the subnets of the two VPCs. If two subnets have overlapping CIDR blocks, a VPC peering connection cannot be created between them. When you create a VPC peering connection, ensure that the VPCs involved do not contain overlapping subnets.
  • After a VPC peering connection is established, the local and peer tenants must add routes in the local and peer VPCs to enable communication between the two VPCs.
  • VPC A is peered with both VPC B and VPC C. If VPC B and VPC C have overlapping CIDR blocks, you cannot configure routes with the same destinations for VPC A.
  • To ensure security, do not accept VPC peering connections from unknown accounts.
  • Either owner of a VPC in a peering connection can delete the VPC peering connection at any time. If a VPC peering connection is deleted by one of its owners, all information about this connection will also be deleted immediately, including routes added for the VPC peering connection.
  • You cannot delete a VPC that has VPC peering connection routes configured.
  • A VPC peering connection can be created between VPCs in same region even if one is created on the Huawei Cloud Chinese Mainland console and another on the Huawei Cloud international console.
  • Even if VPC 1 and VPC 2 are connected using a VPC peering connection, ECSs in VPC 2 cannot access the Internet through the EIP of VPC 1. If you want to allow the ECSs in VPC 2 to access the Internet through the EIP of VPC 1, you can use a NAT gateway or configure an SNAT server. For details, see Having an ECS Without a Public IP Address Access the Internet.

For details about how to create a VPC peering connection, see Virtual Private Cloud User Guide.

After the VPC peering connection is established, you need to add routes for the peer subnets in both the local and peer VPCs. For details, see Adding Routes for a VPC Peering Connection.

When you add routes for the VPC peering connection, you are advised to add network segment route information. If a point-to-point route is added, you need to add the route again after a DRS task is rebuilt and the instance IP address changes. Otherwise, the network will be disconnected.