Communication Between Different Regions via VPN over Enterprise Router
Introduction
Hi everyone! In today’s article, we will establish a connection between resources in different regions by establishing a VPN connection over Enterprise Routers (ERs) in Huawei Cloud.
The preference of cloud services due to many advantages such as performance, cost, security, availability, stability has become inevitable today. Companies need to keep some or all of their resources in the cloud according to their system structure. Especially in terms of redundancy, keeping resources in different areas is necessary for disaster recovery scenarios.
In this context, it requires the use of a VPN for transactions such as connections and data transfers between regions. At the same time, the VPN, which will be installed on the Enterprise routers which is one of the Huawei services, provides a stable connection with high performance.
An enterprise router connects virtual private clouds (VPCs) and on-premises networks or VPCs between different regions to build a central hub network. It has high specifications, provides high bandwidth, and delivers high performance. Enterprise routers use the Border Gateway Protocol (BGP) to learn, dynamically select, or switch between routes, thereby ensuring the service continuity and significantly improving network scalability and O&M efficiency.
On the other hand, Virtual Private Network (VPN) establishes secure, reliable, and cost-effective encrypted connections between your on-premises network or data center and a virtual network on Huawei Cloud. In addition, VPN is also used between regions in the cloud.
Let’s implement the following scenario step by step.
Scenario
1-) Create VPCs and ECSs on 2 different regions.
In the example, two ECSs were created in the regions of Bangkok and Singapore. Before the ECS is created, VPCs are created as follow:
CIDR: 192.168.0.0/16
Bangkok subnet-01: 192.168.1.0/24
Bangkok subnet-02: 192.168.3.0/24
Singapore subnet-01:192.168.1.0/24
Singapore subnet-02: 192.168.5.0/24
Note: 192.168.3.0/24 and 192.168.5.0/24 subnet must assign to ECSs.
2-) Create Enterprise Router for two regions and then create an attachment for two Enterprise Router by choosing 192.168.1.0 subnet
Note: The important point here is that the BGP-AS numbers of the regions must be different when creating ERs.
Example:
Singapore BGP-AS 65000
Bangkok BGP-AS 65001
Create an Enterprise router in Singapore side for VPN connection.
Create an Enterprise router in Bangkok side for VPN connection.
Create an attachment for Singapore region.
Create an attachment for Bangkok region.
Check the ER status is normal in Singapore region.
Check the ER status is normal in Bangkok region.
3-) Add route for subnet for both regions of subnet-02
Destination subnet is 192.168.3.0/24 and gateway is ER-Bangkok
Destination subnet is 192.168.5.0/24 and gateway is ER-Singapore
4-) Create Enterprise VPN for two regions and choose created ERs.
- Buy VPN Gateway for Bangkok region by choosing ER which we created.
- Buy VPN Gateway for Singapore region by choosing ER which we created.
- Create Remote Gateway for Singapore region.
- Create Remote Gateway for Bangkok region.
- Create VPN Connection for Singapore region.
- Create VPN Connection for Bangkok region.
- VPN Gateway must be established for both sides as follows:
5-) Make ping test to check connectivity between ECSs.
Conclusion
As a result, Enterprise Router has many advantages. For Instance, if we want to connect 4 VPCs without using ER, we need to create at least 6 peering and 12 routes. With BGP, the CIDR blocks of VPCs will be automatically learned and added to the route table. So, easy management, stable and fast connection will provide also can rank as among the most important reasons why we use Enterprise Edition VPN instead of Classic VPN here is ER support, BGP routing support and active-active VPN connection support.