Adding a Protected VPC
After configuring a VPC border firewall, you can add a protected VPC.
Step 1: Add VPC Attachments
For details, see Adding VPC Attachments to an Enterprise Router.
To use the enterprise router of account A to protect VPCs under account B, share the router with account B. For details, see Creating a Sharing.
Step 2: Configure Associations and Propagations
- In the upper left corner, click
and choose Networking > Enterprise Router. Click Manage Route Table. - Configure associations. On the route table configuration page, select the association table, click the Associations tab, and click Create Association. For more information, see Table 1.
Figure 1 Creating an association
Table 1 Association parameters Parameter
Description
Attachment Type
Select VPC.
Attachment
Select an item from the Attachment drop-down list.
Add at least two associations. An association is required for each protected VPC you add.
For example, select attachment vpc-1 for VPC1 and vpc-2 for VPC2. To add VPC3 for protection, add an association and select attachment vpc-3.
- Configure propagations. Select the propagation route table, click the Propagations tab, and click Create Propagation. For more information, see Table 2.
Figure 2 Creating a propagation
Table 2 Propagation parameters Parameter
Description
Attachment Type
Select VPC.
Attachment
Select an item from the Attachment drop-down list.
- Add at least two propagations. A propagation is required for each protected VPC you add.
For example, select attachment vpc-1 for VPC1 and vpc-2 for VPC2. To add VPC3 for protection, add a propagation and select attachment vpc-3.
- After a propagation is created, its route information will be extracted to the route table of the enterprise router, and a propagation route will be generated. In the same route table, the destinations of different propagation routes may be the same, and cannot be modified or deleted.
- You can add static routes for the attachments in a route table. The destinations of static routes in a table must be unique, and can be modified or deleted.
- If a static route and a propagation route in the same route table happen to use the same destination, the static route takes effect first.
- Add at least two propagations. A propagation is required for each protected VPC you add.
Step 3: Modify VPC Route Tables
- In the service list, click Virtual Private Cloud under Networking. In the navigation pane, choose Route Tables.
- In the Name/ID column, click the route table name of a VPC. The Summary page is displayed.
- Click Add Route. For more information, see Table 3.
Table 3 Route parameters Parameter
Description
Destination Type
Select IP address.
Destination
The CIDR block that the traffic reaches.
For example, to protect traffic between two VPCs, set the destination address of the route of VPC1 to the CIDR block of VPC2.
NOTE:The value cannot conflict with existing routes or subnet CIDR blocks in the VPC.
Next Hop Type
Select Enterprise Router from the drop-down list.
Next Hop
Select a resource for the next hop.
The enterprise routers you created are displayed in the drop-down list.
Description
(Optional) Description of a route.
NOTE:Enter up to 255 characters. Angle brackets (< or >) are not allowed.
You need to add routes for at least two VPCs. Each time a protected VPC is added, you need to add a route for that VPC.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
