:Configure the connection between a PrivateCloud instance and a VPC in the same region

Overview

Alibaba Cloud VMware Service (ACVS) provides the VMware NSX virtual networking component. This allows you to create different workload network segments based on your business requirements. The workload network segments can communicate with virtual private clouds (VPCs). By default, the workload network segments can communicate only with the VPC that is associated with the PrivateCloud instance. This topic describes how to configure the connection to allow the workload network segments to communicate with other VPCs.

Prerequisites

• VPC2 is attached to the Cloud Enterprise Network (CEN) instance.

• A workload network segment is created. For more information, see Create a workload network segment.

• The route table associated with the four Express Connect circuits of the PrivateCloud instance by using associated forwarding on the transit router contains route entries to VPC2.

• The route table associated with VPC2 by using associated forwarding on the transit router contains route entries to the workload network of the PrivateCloud instance.

• A firewall rule for accessing VPC2 is added on the Computer Gateway tab of the Gateway Firewall page in the NSX Manager console.

Check route entries

Check the network instance connection

In this example, VPC1 is the VPC that is associated with the PrivateCloud instance. By default, the PrivateCloud instance can access VPC1. VPC2 is the VPC that the PrivateCloud instance needs to access.

Verify that VPC2 is attached to the CEN instance. A network instance connection is created for VPC2 on the transit router that resides in the same region as the PrivateCloud instance, as shown in the following figure. VPC2 is displayed in the small red box, whereas the VBRs of the PrivateCloud instance are displayed in the large red box. VPC2 and the VBRs are connected to the same transit router. If the route synchronization feature is enabled, VPC2 can automatically learn the routes from the transit router.

Check route entries in route tables

1. Determine the route table with which the VBRs of the PrivateCloud instance are associated by using associated forwarding.

   

2. Check the route table and verify that the route table contains route entries to VPC2, such as 192.168.12.0/24. 192.168.12.64/26 is the network segment of a vSwitch in VPC2. If VPC2 is associated with the route table by using route learning, the route table can automatically learn the routes to VPC2. You can also manually add route entries.

   

3. Determine the route table with which VPC2 is associated by using associated forwarding.

   

4. Check the route table and verify that the route table contains route entries to the PrivateCloud instance and the workload network, such as 172.18.0.0/16. If the VBRs of the PrivateCloud instance are associated with the route table by using route learning, the route table can automatically learn the routes to the PrivateCloud instance. You can also manually add route entries.

   

5. Check the route table of VPC2, and make sure that the route table contains route entries to the PrivateCloud instance and the workload network, such as 172.18.0.0/16.

   

Add route entries for the interconnection

Procedure

1. After you verify that the route tables of the transit router and VPC2 contain the required route entries, go to the Interconnection Configuration tab of the details page of the PrivateCloud instance in the ACVS console and click the Custom Route tab.

   

2. Click Add Custom Route.

   

3. Enter a name and network segment for the route.

   

4. The route is added.

   

Result

After the preceding route is configured and a CGW firewall rule is added in the NSX Manager console, the workload VMs on the PrivateCloud instance can access VPC2.