All Products
Search

This Product

    OpenSearch:Use a VPC peering connection to implement cross-VPC access to an OpenSearch Retrieval Engine Edition instance

    Document Center

    OpenSearch:Use a VPC peering connection to implement cross-VPC access to an OpenSearch Retrieval Engine Edition instance

    Last Updated:Jan 17, 2025

    This topic describes how to access an OpenSearch Retrieval Engine Edition instance across virtual private clouds (VPCs) that reside in different regions.

    Scenario example

    You purchase an OpenSearch Retrieval Engine Edition instance in a VPC named vpc1 in the China (Hangzhou) region, but you want to access the instance over a VPC named vpc2 in the China (Beijing) region.

    Resource

    Region

    CIDR block and IP address

    vpc1

    China (Hangzhou)

    Primary CIDR block: 10.0.0.0/8

    vpc2

    China (Beijing)

    Primary CIDR block: 10.0.0.0/8

    • Secondary CIDR block: 192.168.0.0/16

    • IP address of a NAT gateway: 192.168.2.27

    Obtain the IP address of the OpenSearch Retrieval Engine Edition instance

    Go to the details page of the OpenSearch Retrieval Engine Edition instance in the OpenSearch console, copy the endpoint of the instance, and then ping the endpoint to obtain the IP address of the instance. In this example, the IP address 100.103.22.210 is obtained.

    ping杭州实例.png

    Configure a VPC peering connection to connect VPCs

    For more information, see Use VPC peering connection for private communication.

    1. Log on to the VPC console and click VPC Peering Connection in the left-side navigation pane. In the top navigation bar of the page that appears, select the region in which the requester VPC resides. In this example, the China (Beijing) region is selected. On the page that appears, click Create VPC Peering Connection to create a VPC peering connection.

    2. Allocate a secondary CIDR block to vpc2 and create a vSwitch.

      1. In the left-side navigation pane of the VPC console, click VPC. On the page that appears, click the ID of vpc2. On the page that appears, click the CIDR Block Management tab and IPv4 CIDR Block. Then, click Add Secondary CIDR Block. In the dialog box that appears, specify a CIDR block and click OK. In this example, the CIDR block 192.168.0.0/16 is allocated to vpc2.

      2. Go to the vSwitch page and click Create vSwitch. On the page that appears, configure the parameters. In this example, select vpc2 for the VPC parameter and set IPv4 CIDR Block to the secondary CIDR block allocated to vpc2. Then, click OK. In this example, the vSwitch named Switch2 is created.

    3. Add a VPC NAT gateway to Switch2. In the left-side navigation pane of the VPC console, click VPC NAT Gateway. On the page that appears, click Create VPC NAT Gateway. On the buy page, configure the parameters and complete the payment. In this example, set vSwitch ID to Switch2.

    4. Configure an SNAT entry for the NAT gateway. Go back to the VPC NAT Gateway page, find the newly created VPC NAT gateway, and then click SNAT Management in the Actions column. In the SNAT Entry List section of the page that appears, click Create SNAT Entry. On the Create SNAT Entry page, configure the Select NAT IP Address parameter and click OK. In this example, the IP address 192.168.2.27 is selected for Select NAT IP Address.

    5. Create a custom route table for Switch2.

      In the left-side navigation pane, click Route Tables. On the Route Tables page, click Create Route Table. On the page that appears, configure the parameters and click OK. In this example, the custom route table named bj2switch_routing is created. On the Route Tables page, find the bj2switch_routing route table and click Bind in the Associate Resource column to add Switch2 to the custom route table.

    Configure routes for the OpenSearch Retrieval Engine Edition instance

    1. Configure a vpc2-to-vpc1 route

    1. Log on to the VPC console. In the left-side navigation pane, click Route Tables. On the page that appears, find the system route table of vpc2 and click its ID.

    2. On the Custom Route tab of the page that appears, click Add Route Entry. In the Add Route Entry dialog box, configure the parameters and click OK. In this example, set the Destination CIDR Block parameter to 100.103.22.210 and select NAT Gateway for Next Hop Type.

    3. On the Route Tables page, find the custom route table bj2switch_routing of Switch2 and click its ID.

    4. On the Custom Route tab of the page that appears, click Add Route Entry. In the Add Route Entry dialog box, configure the parameters and click OK. In this example, set the Destination CIDR Block parameter to 100.103.22.210 and select VPC Peering Connection for Next Hop Type.

    2. Configure a vpc1-to-vpc2 route

    1. Log on to the VPC console. In the left-side navigation pane, click Route Tables. On the page that appears, find the system route table of vpc1 and click its ID.

    2. On the Custom Route tab of the page that appears, click Add Route Entry. In the Add Route Entry dialog box, configure the parameters and click OK. In this example, set the Destination CIDR Block parameter to 192.168.2.27 (IP address of the VPC NAT gateway) and select VPC Peering Connection for Next Hop Type.

    Verify the result

    1. Create an Elastic Compute Service (ECS) instance in vpc2. In the terminal, run the following cURL command to verify the effect. Replace {username}, {password}, and {instanceId} with actual values. 

      curl -i -u "{username}:{password}" http://{instanceId}.ha.aliyuncs.com/network/active

    2. If the following information is returned, the VPCs are connected.

      HTTP/1.1 200 OK
Server: Tengine
Date: Tue, 26 Nov 2024 08:29:34 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=320
X-Request-Id: 037a9080181d0b90b8c99b25af7e****

      If the 403 Forbidden error is returned, the VPCs are not connected. In this case, contact Alibaba Cloud technical support.