Connect two VPCs

Last Updated: Nov 09, 2017

By deploying a VPN gateway, you can connect two VPCs over the intranet.

VPC_interconnection

Tip: In this situation, VPN Gateway establishes an encrypted tunnel over the Internet. Therefore, the communication quality depends on Internet. If you have high communication quality requirements, use Express Connect. For more information, see Establish an intranet connection between VPCs under different accounts and Establish an intranet connection between VPCs in different regions.

The following tutorial shows how to establish an intranet communication between two VPCs under the same account using a VPN gateway. The procedure for cross-account VPC intercommunication is the same. The only difference is that you must first obtain the public IP address of the VPN gateway for the other account and then create a customer gateway using this IP address.

VPC nameCIDR blockVPC IDCloud products
VPC1 172.16.0.0/12 vpc-xxxxl8 ECS1
VPC2 10.0.0.0/8 vpc-xxxnkf ECS2

Step 1: Create VPN gateways

Following these steps to create a VPN gateway for each VPC:

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPN > VPN Gateway.

  3. Click Create VPN Gateway.

  4. On the purchase page, configure the following and click Buy Now.

    ConfigurationDescription
    Region

    Select the region where the VPN gateway is created.

    Note: The VPN gateway and VPC must be in the same region.

    VPC Select a VPC to create the VPN gateway for.
    Peak Bandwidth Select a peak bandwidth. Two specifications are available: 10 MB and 100 MB.
    Billing Method You are charged based on the actual traffic usage.
    Quantity Select the number of VPN gateways to be created.
    Billing Cycle VPN gateways are billed on an hourly basis.
  5. Repeat the previous steps to create another VPN gateway for VPC2.

    Two public IP addresses are assigned automatically after the VPN gateways are created.

    The assigned public IP addresses are 116.XX.XX.142 and 116.XX.XX.2. The relationship between the VPCs and VPN gateways is shown in the following table.

    VPCVPN gatewayIP address

    Name: VPC1

    ID: vpc-xxxxl8

    CIDR block: 172.16.0.0/12

    vpn-xxxxxq70116.XX.XX.2

    Name: VPC2

    ID: vpc-xxxnkf

    CIDR block: 10.0.0.0/8

    vpn-xxxxxlg3116.XX.XX.142

Step 2: Create customer gateways

Follow these steps to create a customer gateway for each VPC:

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPN > Customer Gateway.

  3. Click Create Customer Gateway.

  4. In the Create Customer Gateway dialog box, configure the following and then click Submit.

    ConfigurationDescription
    Customer Gateway Name Enter a name for the customer gateway.
    IP Address Enter the public address assigned to the VPN gateway for the current VPC.
    Description Enter a description.
  5. Repeat the previous steps to create another customer gateway for the other VPC.

    The relationship between the VPC, VPN gateway, and customer gateway is shown in the following table.

    VPCVPN gatewayIP addressCustomer gateway

    Name: VPC1

    ID: vpc-xxxxl8

    CIDR block: 172.16.0.0/12

    vpn-xxxxxq70116.XX.XX.2user_VPC1

    Name: VPC2

    ID: vpc-xxxnkf

    CIDR block: 10.0.0.0/8

    vpn-xxxxxlg3116.XX.XX.142user_VPC2

Step 3: Create VPN connections

Follow these steps to create a VPN connection for each VPC:

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPN > VPN Connection.

  3. Click Create VPN connection.

  4. In the Create VPN Connection dialog box, configure the following:

    • Name: Enter a name for the VPN connection.

    • VPN Gateway: Select the VPN gateway to be connected.

    • Customer Gateway: Select the customer gateway created using the public IP of the peer VPN gateway.

    • Local Network: Enter the CIDR block of the selected VPC.

    • Remote Network: Enter the CIDR block of the peer VPC to be connected.

    • Effective Immediately: Select Yes if you want to start the connection immediately once configuration is complete.

    • Advanced Configurations: Change the IPsec and IKE configurations as required. This tutorial uses the configuration the following table.

      ConfigurationDescription
      VPN Gateway In this tutorial, select the VPN gateway vpn-xxxxxq70 of VPC1.
      Customer Gateway In this tutorial, select the customer gateway ser_VPC2 of VPC2.
      Local Network In this tutorial, enter the CIDR block for VPC1: 172.16.0.0/12.
      Remote Network In this tutorial, enter the CIDR block for VPC2: 10.0.0.0/8.
      Pre-Shared Key Expand Advanced Configuration and enter a pre-shared key.
  5. Repeat the previous steps to create another VPN connection for VPC2 using the corresponding information for the configuration.

    The VPN connection configured for VPC1 is shown in the following figure.

    c1

    The VPN connection configured for VPC2 is as shown in the following figured.

    c2

Step 4: Configure routing

Follow these steps to add a custom route entry for each VPC:

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPC.

  3. Select the region where the VPC is located and click the ID of the target VPC.

  4. In the left-side navigation pane, click VRouter, and then click Add Route Entry.

  5. In the Add Route Entry dialog box, configure the following, and then click OK.

    • Destination CIDR Block: Enter the CIDR block of the peer VPC.

    • Next Hop Type: Select VPN Gateway.

    • VPN Gateway: Select the VPN gateway for the current VPC.

      ConfigurationDescription
      Destination CIDR Block In this tutorial, enter the CIDR block 10.0.0.0/8 for VPC2.
      Next Hop Type In this tutorial, select VPN Gateway.
      VPN Gateway In this tutorial, select the VPN gateway created for VPC1.
  6. Repeat the previous steps to add a customer route entry pointing to the VPN gateway for VPC2.

    The custom route entry added for VPC1 is shown in the following figure.

    v1

    The custom route entry added for VPC2 is shown in the following figure.

    v2

Step 5: Test connection

Log on to an ECS instance, for example, ECS1 created in VPC1, and ping the IP of an ECS instance in the other VPC to test the communication between the two VPCs.

ping

Thank you! We've received your feedback.