Overview

Huawei Cloud provides various network services for you to set up secure and scalable cloud networks. With these network services, you can connect VPCs in the same region or different regions, enable the instances (such as ECSs and RDS instances) in VPCs to access the public network, and enable on-premises data centers to access the VPCs. The following describes the function and highlights of each network service. You can flexibly configure VPC and other network services based on your network requirements:

Connecting VPCs
Connecting VPCs to the Public Network
Connecting VPCs to an On-Premises Data Center

Connecting VPCs

With the networking services described in Table 1, you can flexibly connect VPCs in the same region, in different regions, or in different accounts.

**Table 1** Networking services that can connect VPCs
Networking Service	Function	Highlights
VPC Peering	With VPC Peering, you can peer two VPCs in the same region. The VPCs can be in the same account or different accounts.	VPC Peering is free. Routes can be configured on the console easily.
Enterprise Router	An enterprise router can connect multiple VPCs in the same account or different accounts to set up a hub-and-spoke network. Compared with VPC Peering, Enterprise Router is more suitable for complex networking where many VPCs need to be connected.	VPCs in the same region can be connected in minutes. Routes can be automatically added. Low latency and high speed Simple network topology and high scalability
Cloud Connect Cloud Connection Central Network	Cloud Connect can connect VPCs in the same account or different accounts across regions. Cloud Connect provides two options: Cloud connection: Load VPCs in different regions to a cloud connection. Central network: Attach VPCs in the same region to an enterprise router, and add enterprise routers in different regions to a central network as attachments. This solution features higher scalability and is suitable for complex networking with many VPCs from different regions.	VPC in different regions can be connected in minutes. Routes can be automatically added. Low latency and high speed
VPN	You can use VPN connect VPCs in different regions, so that they can communicate with each other over the Internet.	Low costs Simple configuration Immediate use Unstable networks dependent on the Internet quality
Direct Connect	You can use Direct Connect to connect VPCs in different regions.	Dedicated connections with high security Low latency and high speed

Connecting VPCs to the Public Network

With the network services described in Table 2, you can connect VPCs to the public network so that instances in the VPCs can access the public network or provide services accessible on the public network.

**Table 2** Network services that allow VPCs to communicate with the public network
Network Service	Function	Highlights
EIP	An EIP is an independent public IP address. You can bind it to an instance, such as an ECS, a NAT gateway, or a load balancer, so that the instance can access the public network or provide services accessible from the public network.	EIPs can be bound to or unbound from instances if needed. Shared bandwidths and shared data packages can be used to lower costs. EIP bandwidth can be adjusted at any time.
NAT Gateway SNAT DNAT	NAT Gateway supports both source NAT (SNAT) and destination NAT (DNAT). SNAT enables multiple instances to share one or more EIPs to access the public network. ECSs in the same VPC sharing an EIP ECSs in different VPCs sharing an EIP DNAT enables port forwarding. It maps EIP ports to ECS ports so that the ECSs in a VPC can share the same EIP and bandwidth to provide Internet-accessible services. However, DNAT does not balance traffic.	Using shared EIPs to access the public network reduces the costs. EIPs of ECSs are not exposed to the public network, which improves security. Different specifications are available.
ELB	ELB evenly distributes incoming traffic to multiple backend servers. Together with EIPs, ELB allows a large number of users to access services deployed on cloud servers from the public network.	ELB can process both Layer 4 and Layer 7 requests and supports advanced forwarding policies and multiple protocols. ELB can eliminate single points of failure (SPOFs) for high availability.

Connecting VPCs to an On-Premises Data Center

If you have an on-premises data center and not all your workloads can be migrated to the cloud, you can use the network services described in Table 3 to connect your on-premises data center to the VPCs.

**Table 3** Networking services that can connect VPCs to an on-premises data center
Networking Service	Function	Highlights
VPN	VPN provides an encrypted, Internet-based channel that connects an on-premises data center and the cloud.	Low costs Simple configuration Immediate use The network quality depends on the Internet.
Direct Connect	Direct Connect establishes a dedicated network connection between an on-premises data center and the cloud.	Dedicated connections with high security Low latency and high speed
VPC Peering	With VPC Peering, you can peer two VPCs in the same region, no matter whether they are in the same account or different accounts. VPC Peering can work with Direct Connect or VPN to enable your on-premises data center to access multiple VPCs.	VPC Peering is free. Routes can be configured on the console easily.
Enterprise Router	You can use VPN or Direct Connect to connect an on-premises data center to a VPC, and then use an enterprise router to connect multiple VPCs if there are in the same region.	Route learning is supported. There is no need to configure routes manually. Multiple connections work in load balancing or active/standby mode for higher availability.
Cloud Connect Cloud Connection Central Network	You can use Direct Connect or VPN to connect on-premises data centers to VPCs in multiple regions and use a cloud connection or central network to connect the VPCs, so that the on-premises data centers can access all the VPCs. By working with Direct Connect, Cloud Connect provides the following two options: Cloud connection: Load VPCs in different regions to a cloud connection. For this to work, you need to create a virtual gateway for each VPC that needs to communicate with the on-premises data centers. Central network: Attach VPCs and Direct Connect global DC gateways in the same region to an enterprise router, and then add the enterprise routers in different regions to a central network. In this way, VPCs in different regions can communicate with the on-premises data centers in multiple cities. Compared with a cloud connection, a central network features a simpler network architecture and higher scalability.	Route learning is supported. There is no need to configure routes manually. Network connection policies can be defined flexibly.