All Products
Search

This Product

    Cloud Enterprise Network:Connect VPCs in different regions

    Document Center

    Cloud Enterprise Network:Connect VPCs in different regions

    Last Updated:Feb 27, 2025

    You can use Cloud Enterprise Network (CEN) to establish network communications between virtual private clouds (VPCs) in different regions.

    Scenario

    image

    As shown in the figure, two VPCs have been created.

    VPC1

    VPC2

    • Region: China (Hangzhou)

    • IPv4 CIDR block: 10.0.0.0/16

    • vSwitch 1 in Zone J. CIDR block: 10.0.0.0/24

    • vSwitch 2 in Zone K. CIDR block: 10.0.1.0/24

    • ECS1 address: 10.0.0.1

    • Region: China (Shanghai)

    • IPv4 CIDR block: 172.16.0.0/16

    • vSwitch 1 in Zone M. CIDR block: 172.16.0.0/24

    • vSwitch 2 in Zone N. CIDR block: 172.16.1.0/24

    • ECS2 address: 172.16.0.1

    You can create a CEN to connect the two VPCs to the transit routers in their respective regions, and establish an inter-region connection between the transit routers to achieve communication between VPCs.

    Important

    When you plan your network, ensure that:

    1. The CIDR blocks of the VPCs do not overlap.

    2. To achieve zone-level disaster recovery, create vSwitches in at least two different zones in regions where the Enterprise Edition transit routers support more than one zone.

    Procedure

    Step 1: Create a CEN instance

    1. Log on to the CEN console. In the left-side navigation pane, click Instances. On the CEN instances page, click Create CEN Instance.

    image

    1. In the Create CEN Instance dialog box, enter the Name, and click OK. In this example, cen-inter-region is entered.

    image

    1. When prompted The CEN instance is created, click View Details to enter the details page.

    image

    Step 2: Create two transit routers

    1. On the CEN instance details page, click Create Transit Router.

    image

    1. In the Create Transit Router dialog box, select a Region to deploy the transit routers, keep the other parameters at the default value and click OK. In this example, China (Hangzhou) is entered.

    image

    1. After the transit router in China (Hangzhou) is created, create another transit router in the China (Shanghai) region.

    image

    1. On the CEN instance details page, you can see the two transit routers that have been created.

    image

    Step 3: Create an inter-region connection

    1. In the Actions column of the transit router in China (Hangzhou), click Create Connection.

    image

    1. On the Connect with Peer Network Instance page:

      • Instance Type: Select Inter-region Connection

      • Region: Select China (Hangzhou)

      • Connection Nameinter-region-attachment

      • Peer Region: Select China (Shanghai)

      • Bandwidth Allocation Method: Select Pay-By-Data-Transfer

    Keep the other parameters as their defaults, and click OK.

    Note

    When you select pay-by-data-transfer, the fee is settled by Cloud Data Transfer (CDT). Enable the CDT service if it is not activated.

    image

    1. When you see The connection is created, this indicates an inter-region connection has been created between the transit routers in the two regions.

    image

    Step 4: Attach the VPC to the transit router

    1. Click Create More Connections in the dialog box.

    image

    1. On the Connection with Peer Network Instance page:

      • Set Instance Type to Virtual Private Cloud (VPC)

      • Select Region as China (Hangzhou)

      • Enter Attachment Name as attach1

      • Set Network Instance to VPC1

    Keep the other parameters as their defaults, and click OK.

    Note

    To achieve cross-zone disaster recovery, the system automatically selects the two zones under the current VPC. If your VPC has only one vSwitch, you need to create at least one more vSwitch in a different zone.

    image

    1. When you see The connection is created, it indicates that VPC1 has been attached to the transit router. Click Create More Connections and follow the same steps to attach VPC2 to the transit router. Select the region as China (Shanghai), enter the Attachment Name as attach2, and set the network instance to VPC2.

    image

    1. After attaching VPC2 to the transit router, click Return to the List.

    image

    1. Click the Instance ID of each transit router to see the two VPC connections, respectively named attach1 and attach2.

    image

    Step 5: Verify connectivity

    Note

    Before proceeding, ensure that the security group rules of both ECS instances permit ICMP protocol access. For more details, see View security group rules and Add security group rules.

    Log on to ECS1 and run the ping command to access ECS2:

    ping 172.16.0.1

    image

    A successful ping command as shown in the figure confirms that the connection between VPC1 and VPC2 is working.

    Route description

    In this example, CEN automatically completes association forwarding and route learning to achieve VPC communication by creating VPC connections and selecting advanced features:

    • CEN automatically adds three custom route entries, 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, to the system route tables of VPC1 and VPC2, with the next hop being the VPC connection. The two VPCs send traffic to the transit router through these three route entries.

    • The two transit routers automatically learn route entries from the system route tables and send traffic from transit routers to the peer VPC.

    The following section shows the route entries of the transit routers and VPCs in this example to illustrate the routing principles. You can view the route entries in the console:

    Transit router 1

    System route entries of the transit router in the China (Hangzhou) region are as follows:

    Destination CIDR block

    Next hop

    Route type

    10.0.0.0/24

    attach1

    Automatic learning

    10.0.1.0/24

    attach1

    Automatic learning

    172.16.0.0/24

    inter-region-attachment

    Automatic learning

    172.16.1.0/24

    inter-region-attachment

    Automatic learning

    Transit router 2

    System route entries of the transit router in the China (Shanghai) region are as follows:

    Destination CIDR block

    Next hop

    Route type

    10.0.0.0/24

    inter-region-attachment

    Automatic learning

    10.0.1.0/24

    inter-region-attachment

    Automatic learning

    172.16.0.0/24

    attach2

    Automatic learning

    172.16.1.0/24

    attach2

    Automatic learning

    VPC1

    System route entries of VPC1 are as follows:

    Destination CIDR block

    Next hop

    Route type

    10.0.0.0/24

    Local

    System

    10.0.1.0/24

    Local

    System

    10.0.0.0/8

    attach1

    Custom

    172.16.0.0/12

    attach1

    Custom

    192.168.0.0/16

    attach1

    Custom

    VPC2

    System route entries of VPC2 are as follows:

    Destination CIDR block

    Next hop

    Route type

    172.16.0.0/24

    Local

    System

    172.16.1.0/24

    Local

    System

    10.0.0.0/8

    attach2

    Custom

    172.16.0.0/12

    attach2

    Custom

    192.168.0.0/16

    attach2

    Custom

    Important

    If the CIDR blocks that you plan do not belong to the three private CIDR blocks, 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16, you need to manually add routes for other VPCs in each VPC's route table.

    For example, if the CIDR block of VPC1 is 11.0.X.X/8 and that of VPC2 is 22.0.X.X/8, you must add the following custom route entries in the route tables of VPC1 and VPC2:

    Route table

    Destination CIDR block

    Next hop

    Route type

    VPC1

    22.0.X.X/8

    attach1

    Custom

    VPC2

    11.0.X.X/8

    attach2

    Custom

    Related steps

    • Connect VPCs in more than two regions: If you need to create connections for VPCs in more than two regions, follow the steps in this topic. Create a transit router in each region, establish a connection between each pair of regions, and attach the VPCs to the transit router in the corresponding region. Make sure the CIDR blocks of VPCs do not overlap.

    • Quality of Service (QoS) bandwidth control: To manage inter-region traffic, you can classify and mark business traffic, and allocate bandwidth accordingly to enhance network quality and usage. For more information, see Use traffic scheduling to limit bandwidth for inter-region connections.

    • Traffic analysis: Transit routers capture traffic information of inter-region connections and generate flow logs. You can analyze inter-region traffic transmission by querying flow logs. For more information, see Configure a flow log.

    • Topology visualization: CEN generates a topology diagram based on your actual resources. To view the topology, go to the details page of the CEN instance and view it under the Network Topology tab.

      image

    FAQs

    • How is inter-region connection charged?

      You can choose either the pay-by-data-transfer or subscription modes. In the subscription mode, you purchase bandwidth plans and allocate bandwidth to connections. For more information, see Billing rules.

    • What is the maximum bandwidth for an inter-region connection?

      If you choose Pay-By-Data-Transfer as the bandwidth allocation mode, the maximum bandwidth is limited by quota constraints. For more information, see CEN quotas.

      If you choose Allocate from Bandwidth Plan, the maximum bandwidth is the value specified in your bandwidth plan. For more details, see Work with a bandwidth plan.