Background of Problem

In some cases, users need to use the file system across accounts and regions. Typical scenarios are as follows:

• The user has several accounts in Baidu AI Cloud. He has purchased CFS for one of the accounts and wants to share it with another user.
• The user has purchased a file system in one region and wants to access it from another region.

In general, we do not recommend the method of use. The principle to solve the problem is to open the network of different accounts or regions. As long as the network is connected, the file system can be used. Data security risks and access performance problems exist, but if users do have such requirements, they can follow the steps described in this document.

Principle

The method described in this document uses the "Peer-to-Peer Network" feature of VPC. For a detailed description of the feature, please see Document 1 and Document 2.

Steps to Use File System Across Regions

The following example assumes that the file system needs to be accessed across regions between "North China-Beijing" and "South China-Guangzhou". The file system created is in "South China-Guangzhou". The VPC names that need to be connected on both sides are "test_vpc_b" and "test_vpc_gz".

Select "North China-Beijing" or "South China-Guangzhou" to create a Peer-to-peer Connection for VPC

1.Enter the management screen of the VPC instance and select "test_vpc_bj":

2.On the "Peer-to-peer Connection" screen, click on "Create Peer-to-peer Connection":

3.Select"This Account" for the connection type and the peer region and VPC, and set the upper bandwidth limit:

It should be noted that the subnet segments of the virtual machines cannot overlap if CIDR overlaps for the local VPC and the peer VPC, otherwise network problems will occur.

4.You can see the connection in "Peer-to-peer Connection" for both regions if the creation is successful:

5.Add routing rules for the VPC in the two regions destined for the peer VPC network segment and the subnet network segment respectively:

6.After the peer-to-peer connection is created, you can ping the virtual machine's intranet IP address in the other regional VPC on the virtual machine in one regional VPC to check whether the network is connected. If not, check the security group rules:

(Recommended) Enable "DNS Synchronization" and mount a file system across regions using the mount target address

1.Enable "DNS Synchronization" for peer-to-peer connection:

2.Mount the file system after confirming that the mount target address is connected on the virtual machine:

(Optional) Disable "DNS Synchronization" and mount a file system across regions using the mount target IP address

Some special reasons may cause failure of users to enable DNS Synchronization for Peer-to-peer Connections. At this time, you can mount the file system using an IP address. The problem with the method is that the same IP address may be occupied by other new mount targets or services when the mount target is deleted, resulting in access to the wrong file system or service.

1.On the virtual machine in the region where the file system is located, use the host command to resolve the IP address for the mount target address:

2.On the virtual machine in another region, mount the file system using the resolved IP address:

Steps for using file system across users

The steps for using a file system across users are basically the same as those for mounting a file system across regions. Only the steps for establishing the "Peer-to-peer Connection" are different.

On the creation interface of "Peer-to-peer Connection", select the type "Cross Account" and fill in "Peer User ID" and "Peer Network" (namely VPC ID).

After creating a peer-to-peer connection, log in to another user account, and you will see a "Connection Request" in the "Peer-to-peer Connection" management interface of VPC:

Accept the connection request, and the rest of the steps are the same as the cross-region use.