Updated on 2024-06-27 GMT+08:00

Network and Resource Planning

Plan the network and required resources before, during, and after the migration.
  • Network Planning: Plan CIDR blocks of VPCs and their subnets, and route tables of VPCs and the enterprise router.
  • Resource Planning: Plan the quantity, names, and other parameters of cloud resources, including VPCs, ECSs, and the enterprise router.

Network Planning

During the migration, in addition to routes for communications among enterprise router and VPCs, you also need to add routes for verification and temporary communications. After the migration is complete, you can delete unnecessary routes. For details about the network planning, see Table 1.

The following figures show the network in different phases.

The routes in the figures are only examples for your reference. You need to plan routes based on service requirements.

Figure 1 Networking topology before migration
Figure 2 Networking topology during migration
Figure 3 Networking topology after migration
Table 1 Network planning details

Route Table

Description

VPC route table

Table 2 lists the routes in this route table.
  1. Before the migration, the destination of the route with next hop set to VPC peering connection is a CIDR block of a VPC subnet. This only connects specific subnets of VPCs.
  2. During the migration, add routes as follows:
    • The routes for temporary communications ensure that traffic is not interrupted when original routes added for VPC peering connections are deleted.

      The next hop of the routes can be any VPC peering connection of the VPC. The route destinations cannot be used by any other services. You can set the destinations to those that are rarely used. In this example, the destinations are 1.1.1.1/32, 1.1.1.2/32, and 1.1.1.3/32.

    • The routes are used for communications between the enterprise router and VPCs, with the destination set to a large CIDR block and next hop to the enterprise router.

      The route destination must include the CIDR blocks of all VPCs that need to communicate with each other and cannot be used by any other services. In this example, the destination is 172.16.0.0/14, which includes the CIDR blocks of three VPCs, 172.16.0.0/16, 172.17.0.0/16, and 172.18.0.0/16.

    • Routes with the next hop set to the enterprise router are used for communications between the VPCs and enterprise router.

      The route destinations cannot be the CIDR blocks configured for VPC peering connections and are not used to allow communications through VPC peering connections. In this example, the destinations are 172.16.253.0/29, 172.17.253.0/29, and 172.18.253.0/29.

    NOTICE:
    • The routes for temporary communications are necessary to ensure that traffic is not interrupted when original routes added for VPC peering connections are deleted. If you use the migration solution provided in this practice, traffic will not be interrupted. However, if traffic is interrupted in the migration process, contact customer service to evaluate your migration solution.
    • The large CIDR block must include the CIDR blocks of all VPCs that need to communicate with each other. If one large CIDR block cannot include the CIDR blocks of all VPCs, you can configure more large CIDR blocks.
  3. After the migration, delete the routes for verification and temporary communications.
    NOTICE:

    After the migration, you can continue to use the routes with the destination set to the large CIDR block. You can also add routes with destinations that are the same as those of the original routes and then delete the routes with the destination set to the large CIDR block.

Enterprise router route table

Table 3 lists the routes in this route table.

During the migration, add routes that with destinations set to VPC CIDR blocks to allow communications among the enterprise router and VPCs.

If Default Route Table Association and Default Route Table Propagation are enabled for the enterprise router, routes with destinations set to VPC CIDR blocks are automatically added when you attach the VPCs to the enterprise router.

CAUTION:

If the CIDR blocks of VPCs connected by a VPC peering connection overlap, do not enable Default Route Table Propagation for the enterprise router. This function adds routes with entire VPC CIDR blocks as destinations. If VPC CIDR blocks overlap, there will be route conflicts. In this case, you need to manually add routes with next hop set to VPC attachment to the route table of the enterprise router.

Table 2 VPC route table details

VPC

VPC Route Table

Destination

Next Hop Type

Next Hop

Route Type

Route Function

Phase

VPC-A

rtb-vpc-A

172.17.0.0/24

VPC peering connection

peer-AB

Custom

  • Destination: subnet-B01 in VPC-B
  • Connects subnet-A01 to subnet-B01

Before/During migration

172.18.0.0/24

VPC peering connection

peer-AC

Custom

  • Destination: subnet-C01 in VPC-C
  • Connects subnet-A01 to subnet-C01

Before/During migration

1.1.1.1/32

VPC peering connection

peer-AB

Custom

  • Destination: Any IP address that is not used by other services
  • Ensures that traffic flowing through VPC peering connections is not interrupted during the migration.

During migration

172.16.0.0/14

Enterprise router

er-ABC

Custom

  • Destination: A large CIDR block that can include the CIDR blocks of the three VPCs
  • Connects VPC-A to er-ABC

During/After migration

172.17.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-B02 in VPC-B
  • Connects subnet-B02 to er-ABC

During migration

172.18.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-C02 in VPC-C
  • Connects subnet-C02 to er-ABC

During migration

VPC-B

rtb-vpc-B

172.16.0.0/24

VPC peering connection

peer-AB

Custom

  • Destination: subnet-A01 in VPC-A
  • Connects subnet-A01 to subnet-B01

Before/During migration

172.18.0.0/24

VPC peering connection

peer-BC

Custom

  • Destination: subnet-C01 in VPC-C
  • Connects subnet-B01 to subnet-C01

Before/During migration

1.1.1.2/32

VPC peering connection

peer-AB

Custom

  • Destination: Any IP address that is not used by other services
  • Ensures that traffic flowing through VPC peering connections is not interrupted during the migration.

During migration

172.16.0.0/14

Enterprise router

er-ABC

Custom

  • Destination: A large CIDR block that can include the CIDR blocks of the three VPCs
  • Connects VPC-B to er-ABC

During/After migration

172.16.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-A02 in VPC-A
  • Connects subnet-A02 to er-ABC

During migration

172.18.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-C02 in VPC-C
  • Connects subnet-C02 to er-ABC

During migration

VPC-C

rtb-vpc-C

172.16.0.0/24

VPC peering connection

peer-AC

Custom

  • Destination: subnet-A01 in VPC-A
  • Connects subnet-A01 to subnet-C01

Before/During migration

172.17.0.0/24

VPC peering connection

peer-BC

Custom

  • Destination: subnet-B01 in VPC-B
  • Connects subnet-B01 to subnet-C01

Before/During migration

1.1.1.3/32

VPC peering connection

peer-AC

Custom

  • Destination: Any IP address that is not used by other services
  • Ensures that traffic flowing through VPC peering connections is not interrupted during the migration.

During migration

172.16.0.0/14

Enterprise router

er-ABC

Custom

  • Destination: A large CIDR block that can include CIDR blocks of the three VPCs
  • Connects VPC-C to er-ABC

During/After migration

172.16.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-A02 in VPC-A
  • Connects subnet-A02 to er-ABC

During migration

172.17.253.0/29

Enterprise router

er-ABC

Custom

  • Destination: subnet-B02 in VPC-B
  • Connects subnet-B02 to er-ABC

During migration

Table 3 Details of the enterprise router route table

Enterprise Router

Route Table

Destination

Next Hop

Attached Resource

Route Type

Route Function

Phase

er-ABC

defaultRouteTable

172.16.0.0/16

er-attach-A

VPC-A

Propagated

  • Destination: VPC-A
  • Connects VPC-A to er-ABC

During/After migration

172.17.0.0/16

er-attach-B

VPC-B

Propagated

  • Destination: VPC-B
  • Connects VPC-B to er-ABC

During/After migration

172.18.0.0/16

er-attach-C

VPC-C

Propagated

  • Destination: VPC-C
  • Connects VPC-C to er-ABC

During/After migration

Resource Planning

Table 4 lists the enterprise router and also resources that are temporarily required and can be deleted after the migration.

The following resource planning details are only examples for your reference. You need to plan resources based on service requirements.

Table 4 Resource planning for replacing VPC peering connections with an enterprise router

Resource

Description

VPC

Table 5 shows details about the required VPCs.
  • Before the migration, there are three VPCs. Each VPC has a subnet that is associated with the default VPC route table.
  • During the migration, create one more subnet that is not used by any services in each VPC. These subnets cannot communicate with each other through VPC peering connections and are used for communications between the VPCs and enterprise router.
  • After the migration, delete the subnets that are used for verifying communications.

VPC peering connection

Table 6 shows details about the required VPC peering connections.

After the migration, delete the VPC peering connections.

ECS

Table 7 shows details about the required ECSs.
  • Before the migration, there are three ECSs that are running services.
  • During the migration, create one more ECS in each verification subnet for communications between the VPCs and enterprise router.
  • After the migration, delete the ECSs in verification subnets.

Enterprise router

The enterprise router and the VPC peering connections are in the same region. Table 8 shows details about the enterprise router.

During the migration, create an enterprise router and three VPC attachments. Table 9 shows details about the VPC attachments.

  • Enable Default Route Table Association and Default Route Table Propagation when you create the enterprise router to automatically add routes.
    CAUTION:

    If the CIDR blocks of VPCs connected by a VPC peering connection overlap, do not enable Default Route Table Propagation for the enterprise router. This function adds routes with entire VPC CIDR blocks as destinations. If VPC CIDR blocks overlap, there will be route conflicts. In this case, you need to manually add routes with next hop set to VPC attachment to the route table of the enterprise router.

  • Do not enable Auto Add Routes when you create the three VPC attachments.

    If this option is enabled, Enterprise Router automatically adds routes (with this enterprise router as the next hop and 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 as the destinations) to all route tables of the VPC. During the migration, manually add routes with destinations set to the large CIDR block in the VPC route tables.

Table 5 VPC details

VPC

VPC CIDR Block

Subnet

Subnet CIDR Block

Association Route Table

Subnet Is Used to

Phase

VPC-A

172.16.0.0/16

subnet-A01

172.16.0.0/24

Default route table

Deploy services.

During/After migration

subnet-A02

172.16.253.0/29

Default route table

Verify the communications between the VPC and the enterprise router.

During migration

VPC-B

172.17.0.0/16

subnet-B01

172.17.0.0/24

Default route table

Deploy services.

During/After migration

subnet-B02

172.17.253.0/29

Default route table

Verify the communications between the VPC and the enterprise router.

During migration

VPC-C

172.18.0.0/16

subnet-C01

172.18.0.0/24

Default route table

Deploy services.

During/After migration

subnet-C02

172.18.253.0/29

Default route table

Verify the communications between the VPC and the enterprise router.

During migration

Table 6 VPC peering connection details

Connection Name

Local VPC

Peer VPC

Connection Is Used to

Phase

peer-AB

VPC-A

VPC-B

Connect subnet-A01 in VPC-A to subnet-B01 in VPC-B.

Before/During migration

peer-AC

VPC-A

VPC-C

Connect subnet-A01 in VPC-A to subnet-C01 in VPC-C.

Before/During migration

peer-BC

VPC-B

VPC-C

Connect subnet-B01 in VPC-B to subnet-C01 in VPC-C.

Before/During migration

Table 7 ECS details

ECS

VPC

Subnet

Private IP Address

Image

Security Group

ECS Is Used to

Phase

ecs-A01

VPC-A

subnet-A01

172.16.0.139

Public image:

CentOS 8.2 64bit

sg-demo

(general-purpose web server)

Run your workloads.

Before/During/After migration

ecs-A02

VPC-A

subnet-A02

172.16.253.3

Verify the communications between the VPC and the enterprise router.

During migration

ecs-B01

VPC-B

subnet-B01

172.17.0.93

Run your workloads.

Before/During/After migration

ecs-B02

VPC-B

subnet-B02

172.17.253.4

Verify the communications between the VPC and the enterprise router.

During migration

ecs-C01

VPC-C

subnet-C01

172.18.0.220

Run your workloads.

Before/During/After migration

ecs-C02

VPC-C

subnet-C02

172.18.253.5

Verify the communications between the VPC and the enterprise router.

During migration

Table 8 Enterprise router details

Name

ASN

Default Route Table Association

Default Route Table Propagation

Auto Accept Shared Attachments

Association Route Table

Attachment

Phase

er-ABC

64512

Enabled

Enabled

If your VPC CIDR blocks overlap, do not enable this function.

Disabled

If you want to connect VPCs of different accounts using an enterprise router, enable this function. For details, see Sharing Overview.

Default route table

er-attach-A

During/After migration

er-attach-B

er-attach-C

Table 9 VPC attachment details

Name

Type

VPC

Subnet

Auto Add Routes

Phase

er-attach-A

VPC

VPC-A

subnet-A01

Disabled

During/After migration

er-attach-B

VPC-B

subnet-B01

er-attach-C

VPC-C

subnet-C01