Use Cloud Enterprise Network (CEN) to connect VPCs in different regions over a private network.
Use case
Assume you have two VPCs in different regions:
|
Parameter |
VPC1 |
VPC2 |
|
Region |
China (Hangzhou) |
China (Shanghai) |
|
IPv4 CIDR block |
10.0.0.0/16 |
172.16.0.0/16 |
|
vSwitch 1 |
In Zone J, CIDR block 10.0.0.0/24 |
In Zone M, CIDR block 172.16.0.0/24 |
|
vSwitch 2 |
In Zone K, CIDR block 10.0.1.0/24 |
In Zone N, CIDR block 172.16.1.0/24 |
|
ECS instance |
ECS1: 10.0.0.1 |
ECS2: 172.16.0.1 |
The scenario-based networking tool automates the creation of a CEN instance, transit routers, VPC connections, an inter-region connection, and routes to establish private network connectivity between the two VPCs.
When planning your network, ensure that:
-
The CIDR blocks of the VPCs do not overlap.
-
For zone-level disaster recovery, create vSwitches in at least two zones within regions that support multi-zone Enterprise Edition transit routers.
The scenario-based networking tool automates all CEN configurations. To manually configure associated forwarding or route learning, see How it works below.
Before you begin
-
You have created two VPCs in different regions, each with at least two vSwitches in different zones. If not, Create a VPC and a vSwitch.
-
At least one ECS instance is created in each VPC for connectivity testing. If not, Create an instance by using the wizard.
-
The ECS instance security groups allow ICMP traffic for ping tests. View security group rules and Add a security group rule.
Procedure
Step 1: Create a networking configuration
-
Log on to the CEN console. On the CEN Instance page, click Create CEN Instance.
-
In the Create CEN Instance dialog box, select Create Scenario-specific CEN (Recommended). For the scenario, select VPC Interconnection and click Start Scenario-based Creation.
-
On the Configure Networking Settings page, on the New Region tab, add the networking configuration for the China (Hangzhou) region:
-
Region: Select China (Hangzhou).
-
Zone: Select Hangzhou Zone J and Hangzhou Zone K.
-
VPC: For VPC, select VPC1 and its two corresponding vSwitches.
-
-
Click the + icon to the right of the China (Hangzhou) tab to create a new tab and add the networking configuration for the China (Shanghai) region:
-
Region: Select China (Shanghai).
-
Zone: Select Shanghai Zone M and Shanghai Zone N.
-
VPC: For VPC, select VPC2 and its two corresponding vSwitches.
-
-
Click Next.
Step 2: Confirm the configuration and fees
On the Confirm Networking Settings and Fees page, wait a few minutes for the system to generate a configuration overview. Review the resources to be created and their estimated costs.
After you confirm the details, click Start Deployment.
By default, inter-region connections use pay-by-data-transfer billing, settled by Cloud Data Transfer (CDT). Billing.
Step 3: Wait for the deployment to complete
Deployment takes about 10 minutes. After completion, click View CEN Instance to view the created resources on the instance details page.
Step 4: Verify connectivity
Ensure that security group rules for both ECS instances allow ICMP traffic. View security group rules and Add a security group rule.
Log on to ECS1 and run the following command to test connectivity to ECS2:
ping 172.16.0.1
A response confirms that VPC1 and VPC2 are connected.
How it works
The scenario-based networking tool automatically configures associated forwarding and route learning to enable routing between the VPCs:
-
CEN adds three custom route entries (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) to the system route tables of VPC1 and VPC2, with the next hop pointing to the VPC connection. The VPCs use these routes to send traffic to their transit routers.
-
The transit routers automatically learn routes from the VPC system route tables and forward traffic to the corresponding VPC.
The following tables list the route entries for the transit routers, VPC1, and VPC2. View these entries in the console:
System route table of transit router 1
Route entries for the China (Hangzhou) transit router
|
Destination CIDR block |
Next hop |
Route type |
|
10.0.0.0/24 |
VPC1 connection |
Propagated |
|
10.0.1.0/24 |
VPC1 connection |
Propagated |
|
172.16.0.0/24 |
Inter-region connection |
Propagated |
|
172.16.1.0/24 |
Inter-region connection |
Propagated |
System route table of transit router 2
Route entries for the China (Shanghai) transit router
|
Destination CIDR block |
Next hop |
Route type |
|
10.0.0.0/24 |
Inter-region connection |
Propagated |
|
10.0.1.0/24 |
Inter-region connection |
Propagated |
|
172.16.0.0/24 |
VPC2 connection |
Propagated |
|
172.16.1.0/24 |
VPC2 connection |
Propagated |
System route table of VPC1
VPC1 system route entries
|
Destination CIDR block |
Next hop |
Route type |
|
10.0.0.0/24 |
Local |
System |
|
10.0.1.0/24 |
Local |
System |
|
10.0.0.0/8 |
VPC1 connection |
Custom |
|
172.16.0.0/12 |
VPC1 connection |
Custom |
|
192.168.0.0/16 |
VPC1 connection |
Custom |
System route table of VPC2
VPC2 system route entries
|
Destination CIDR block |
Next hop |
Route type |
|
172.16.0.0/24 |
Local |
System |
|
172.16.1.0/24 |
Local |
System |
|
10.0.0.0/8 |
VPC2 connection |
Custom |
|
172.16.0.0/12 |
VPC2 connection |
Custom |
|
192.168.0.0/16 |
VPC2 connection |
Custom |
If your VPC CIDR blocks fall outside 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, manually add routes for the peer VPCs to each VPC's route table.
For example, if VPC1 uses 11.0.X.X/8 and VPC2 uses 22.0.X.X/8, add the following custom route entries:
|
Route table |
Destination CIDR block |
Next hop |
Route type |
|
VPC1 |
22.0.X.X/8 |
VPC1 connection |
Custom |
|
VPC2 |
11.0.X.X/8 |
VPC2 connection |
Custom |
Next steps
-
Connect networks in more regions: Add more region tabs in the scenario-based networking tool, or manually create transit routers and inter-region connections in an existing CEN instance. Ensure that VPC CIDR blocks do not overlap.
-
Inter-region QoS traffic scheduling: Classify and allocate inter-region bandwidth to different services. CEN offers two modes: Basic speed-limiting QoS for standard service isolation, and Priority-based scheduling QoS for low-latency forwarding of critical services such as financial transactions and real-time audio/video.
-
Inter-region traffic analysis: Transit routers can capture inter-region connection traffic and generate flow logs for traffic pattern analysis.
-
Network topology visualization: View your network topology on the CEN instance details page under the Network Topology tab.
FAQ
-
How are inter-region connections billed?
Inter-region connections support pay-by-data-transfer and subscription (bandwidth plan) billing. Billing.
-
What is the maximum bandwidth for a single inter-region connection?
For pay-by-data-transfer connections, maximum bandwidth is subject to quota limits. For details, see Quotas.
With a bandwidth plan, maximum bandwidth matches the plan value. Purchase a bandwidth plan.
-
How do I release the resources created in this use case?
Release resources in this order: VPC connections, inter-region connection, transit routers, CEN instance.