Networking Services of Huawei CLOUD 

Everything You Need To Know

Part # 1

    Building robust & reliable infrastructure on the cloud requires the integration of some vital elements of networking services.   

Huawei CLOUD 

In this article for networking services, we will learn how networks construct work, the architecture used to design networks, and how to keep them secure.

Overview

In continuation of articles on Huawei CLOUD, we started the journey with a brief walk-through cloud of Huawei ( Link ), What is unique about Huawei Cloud, Its global footprint, and describing Huawei Cloud Portal & Console.

Next, we have an article for selecting Networking Services of the cloud ( Link ) , brief about networking services and when to select each of them.

We will start with few services and the remaining will be covered in the next post J

Huawei CLOUD Networking Service

    Huawei cloud has a very extensive list of networking services including VPC, VPN, DNS, gateways & interconnects.

Networking Service in CLOUD 

Source: Huawei CLOUD Website

1. VPC

2. EIP (Elastic IP)

3. NAT Gateway

4. DNS

5. VPN

6. Connections – Cloud Connect

7. Connections – Direct Connect 

1. VPC

    Virtual Private Cloud is the most foundational service, it provisions logically isolated, configurable, and manageable space virtual networks for cloud servers for improving security and simplifying network.

        Free , Simple to set-up and use & Secure and monitored network

    VPC has complete control, including IP selection, creation of subnets, and configuration of route tables and network gateways

VPC - CLOUD 

Source: Huawei CLOUD Website

Ingredient of VPC

•       VPC and Subnet

•       CIDR Block

A private CIDR block is used by the VPC.  The VPC service supports the following CIDR blocks:

                10.0.0.0 – 10.255.255.255        
                172.16.0.0 – 172.31.255.255
                192.168.0.0 – 192.168.255.255

Public Vs Private IP

•       Subnet

•       IP address range (Subnet)  which is defined in VPC and provides addressing to ECS(VMs) in AZ (Availability Zone)

•       Route Table

•       A route table contains routes, which are used to determine where traffic is directed.

•       Access Control

•       Security Group

•       A security group is like a virtual firewall to provide access rules for cloud resources that have the same security protection requirements.

•       Inbound and outbound rules can be added to precisely control inbound and outbound traffic at the subnet level

•       Network ACL

•       ACL is an optional layer of security. The network ACL helps to control traffic in and out of the subnets.

Virtual Private Cloud

Source: Huawei CLOUD Website

VPC Connectivity

• VPC Peering allows two VPCs in the same region to communicate with each other using private IP addresses.

• Elastic IP or NAT Gateway allows ECSs in a VPC to communicate with the Internet.

• Virtual Private Network (VPN), Cloud Connect, or Direct Connect can connect a VPC to your data center.

Use cases

•       Host a simple, public-facing website

•       Host multi-tier web applications

•       Back up and recover your data after a disaster

•       Extend your corporate network into the cloud

•       Securely connect cloud applications to your datacenter

2. Elastic IP

Elastic IP (EIP) is used to assign static public IP addresses and scalable bandwidths to connect the internet.

    It is very flexible and can be bound to or unbound from ECSs, BMSs, virtual IP addresses, NAT gateways, or load balancers. It is used in a specific Region only, and cannot be moved to a different Region.

                    Public IPv4 or IPv6 address & EIP is UNIQUE

Elastic IP 

                                                                            Source: Huawei CLOUD Website

ECS = Elastic Compute Server, BMS = Bare Metal Server, LB = Load Balancer

3. NAT Gateway  

    Sometimes VMs (Servers) needs access to the internet in a Private Subnet during the maintenance window for upgrading software or patching

But it avoids the internet from initiating connections with the VMs.

NAT Gateway  

Source: Huawei CLOUD Website

Some key points associated with NAT Gateway

•      Only one Elastic IP address with a NAT gateway.

•      Network ACL (NACL) can be used to control the traffic to and from the subnet in which the NAT gateway is located. cannot associate a security group though.

•      It supports the TCP, UDP, and ICMP protocols.

Features of NAT Gateway 

•      High Performance

•      Flexible Deployment

•      Ease of Use

•      Cost-Effective

4. DNS

Domain Name System is a highly available and scalable authoritative DNS service that translates domain names into IP addresses, reliably directing end-users to your applications.

DNS in CLOUD 

Source: Huawei CLOUD Website

    It can be used with virtual instances, Elastic Load Balancing load balancers or storage – and can also be used to route users to infrastructure outside of Cloud

 Use Cases:

q  Service Management 

creates public and private zones for the same domain name and deploys your applications online and offline.

q  Application Deployment 

can map private IP addresses of servers to private domain names in specific VPCs, thereby allowing the servers to communicate by using domain names. 

q  General DNS Resolution 

DNS enables you to map domain names to instances such as ECSs, OBS buckets, and load balancers.

Features

·         Flexible Routing

·         High performance

·         Robust Security

It is not the end but the beginning.  Sharing about more networking services of Huawei CLOUD in the next article.

You are welcome to leave a message and exchange in the comment area. Thank you!