Direct VPN Hybrid Cloud Solution

This Tutorial will guide you how to establish private connection between enterprise IDC and public cloud VPC by virtue of JD Cloud Direct Connection and VPN services.

Business Scenarios

For core/non-suitable JD Cloud Onboarding businesses deployed in the self-established IDC and non-core/expanded businesses deployed in JD Cloud VPC by customers, it is necessary to open up the network environment between enterprise IDC and public cloud VPC by virtue of Direct Connection and VPN so as to achieve intranet communication.

Precondition

• The segment in enterprise IDC cannot overlap with that in public cloud VPC.
• The Direct Connection and VPN run the BGP routing protocol.

For the requirements of Direct Connection for client device, refer to Conditions for Using Direct Connection Service. For the requirements of VPN for client device, refer to Use Restrictions.

Configuration Steps

Step 1. Create border gateway

a) Log into BGW Console;
b) Select the region using the service, and click to create a border gateway;
c) The border gateway supports running BGP routing protocol. The BGP ASN of current JD Cloud border gateway is fixed to 65000, which will be open to modify in the future;
For more contents, refer to Border Gateway Management.

Step 2. Create VPC attachment

a)Login VPC Interface Control Console;
b) Select the region using the service, and click to create a VPC attachment;
c) Select the border gateway created in Step 1, select the VPC that passes the route traffic of this border gateway, and select the VPC segment to be transmitted to this border gateway. After the VPC attachment is created, the segment selected will be automatically added to the transmission route table of this border gateway, and the Next Hop will point to the VPC attachment created in this step;

For more contents, refer to VPC Attachment Management.

Step 3. Create direct connection

For more information, see Public Cloud of Direct Connection.

Step 4. Create VPN connection, tunnel, client device and BGP

Refer to Enterprise VPN Connects to Public Cloud.

Step 5. Configure routing

On the client router device, the route released to the VPC in the cloud through the BGP route protocol, the next hop points to the interface of direct connection and the VPN connection, the specified private virtual interface uses a finer route net segment, and the VPN connection uses the aggregated route net segment, or the BGP AS_PATH of the specified direct connection route is shorter than that of the VPN route, so that the direct connection route can be used to carry traffic. When the direct connection route is invalid, the VPN route is used to carry the traffic.

Step 6. Test connectivity and verify route switch

a) Log in JD Cloud Virtual Machines Console, in the region where the service is created, create one Virtual Machines in the VPC to be interconnected to the IDC intranet segment of the enterprise, and confirm that the route properly connected to the IDC intranet segment of the enterprise exists in the route table of the Subnet of this Virtual Machines;
b) Use the Virtual Machines created in a to ping the intranet address of one instance in enterprise IDC intranet in order to verify whether the intranet communication is normal;
c) On the client router, break off the BGP session of direct connection, or remove the direct connection route, or place DOWN at the port of direct connection route, and view whether the traffic is switched to VPN connection, if yes, then switch the traffic back to the direct connection route;