Layer 2 Gateway Combined with Dedicated Line Access ET to Build Large Layer 2 Network Between IDC and Cloud VPC
Overview
On-premises IDCs often face challenges such as numerous hosts, outdated systems, and hardcoded IP configurations, making upgrades complex. To better meet scalability demands, IDC cloud hosts can migrate to Baidu AI Cloud without altering their IP addresses, enabling the use of solutions like Baidu Cloud Compute (BCC).
Requirement scenarios
Migration of an on-premises IDC address to the cloud for a company During cloud migration, the following requirements exist:
- The original Layer 2 network communication within the IDC remains unaffected.
- Hosts can be migrated to the cloud individually without causing service interruptions during the process. Communication between on-premises and cloud environments, as well as within the cloud, remains normal and uninterrupted.
- As the host access configuration files in the IDC reference actual IP addresses rather than domain names, migrating to the cloud does not change the original host IP addresses.
Solution overview
Migration of an on-premises IDC address to the cloud for a company During cloud migration, the following requirements exist:
- The original Layer 2 network communication within the IDC remains unaffected.
- Hosts can be migrated to the cloud individually without causing service interruptions during the process. Communication between on-premises and cloud environments, as well as within the cloud, remains normal and uninterrupted.
- As the host access configuration files in the IDC reference actual IP addresses rather than domain names, migrating to the cloud does not change the original host IP addresses.
- After powering off VM-A in the IDC, update the BCC-A address in the cloud from 172.25.199.228 to 172.25.199.157. Service traffic will then route to BCC-A in the cloud via the Layer 2 gateway, ensuring the host IP address remains unchanged after migration. At the same time, BCC-A in the cloud can seamlessly communicate with other VMs in the IDC as if they were in the same subnet.
Description:
- To confirm normal communication between VM-A and BCC-A after migration, their IP addresses must be different; otherwise, communication will fail.
Configuration steps
Environment preparation
- User IDC side: Utilize switches with VXLAN (Virtual eXtensible Local Area Network) capability. Establish a physical dedicated line or VPN between the user IDC and Baidu AI Cloud to enable Layer 3 network connectivity.
- Baidu AI Cloud side: Purchase a Layer 2 gateway product and configure a Layer 2 connection tunnel; acquire a cloud host.
Configuration steps
- Create VPC and subnet
- Create a VPC (VPC1 172.25.192.0/18) in the cloud
- Reserve a subnet segment within the VPC, which will serve as the tunnel subnet (172.25.200.0/28) between the Layer 2 gateway and the IDC
- Create a migration subnet within the VPC, whose network segment can match the IDC address (e.g., ShuangPing172.25.199.128/27 and short_video172.25.199.224/27)
- The configuration for VPC2 follows a similar process and will not be repeated.
- Create cloud direct connect
- Create a dedicated gateway in the VPC
- Use the dedicated line product to create a dedicated channel
- Bind the dedicated gateway to the dedicated channel
- Configure VLAN, BGP, etc., on the IDC express tunnel access switch (CPE)
- Create Layer 2 gateway instance
Create a Layer 2 gateway instance in the network (l2gw VPC172.25.192.0/18), select the reserved tunnel segment (172.25.200.0/28) for the subnet, and assign the tunnel address 172.25.200.12 automatically. The configuration for VPC2 is similar and will not be repeated. In this document, the tunnel address for VPC2's Layer 2 gateway is 192.168.124.7.
- Create Layer 2 connection tunnel
Establish Layer 2 connections for (ShuangPing172.25.199.128/27) with API IP 172.25.199.133 and VXLAN tunnel ID 7, and (short_video172.25.199.224/27) with API IP 172.25.199.253 and VXLAN tunnel ID 10.
Description:
- The configuration for VPC2 follows a similar process and will not be repeated.
- Configure the user-side switch in the IDC (this document uses H3C switch configuration commands as an example).
Create VXLAN tunnels between two VPCs and the L2GW
1interface Tunnel100 mode vxlan
2description TO-L2GW-VPC1
3source 120.1.1.2
4destination 172.25.200.12
5interface Tunnel202 mode vxlan
6description TO-L2GW-VPC2
7source 126.1.1.2
8destination 192.168.124.7Connectivity can be tested via ping
Create a vsi and associate it with the newly created vxlan tunnel, where the vsi/vxlan id is the vlan id to be migrated in the IDC network
1#VPC1
2vsi 7
3vxlan 7
4tunnel 100
5vsi 10
6vxlan 10
7tunnel 100
8#VPC2
9vsi 15
10vxlan 15
11tunnel 202Create and link a VXLAN service instance using the VLAN ID to be migrated in the IDC network, with TEG1/0/1 serving as the uplink API from the CPE to the IDC aggregation switch. In practical scenarios, the configuration for aggregation ports is generally consistent.
1interface Ten-GigabitEthernet1/0/1
2service-instance 7
3encapsulation s-vid 7
4xconnect vsi 7
5service-instance 10
6encapsulation s-vid 10
7xconnect vsi 10
8service-instance 15
9encapsulation s-vid 15
10xconnect vsi 15Add the CPE switch to VLANs 7, 10, and 15 needed for migration. For example, 25GE/1/0/56 corresponds to the API connected to the CPE. For aggregation ports, the configuration remains largely identical.
1interface 25GE/1/0/56
2port link-mode bridge
3port link-type trunk
4port trunk permit vlan 7 10 15Testing and verification
Cloud-to-on-premises access, and intra-cloud access (same subnet or cross-subnet)
(vlan7) Access from on-premises to cloud
(vlan10) Access from on-premises to cloud
Change cloud host IP
- After successfully verifying network communication, shut down the hosts that have been migrated to the cloud from the IDC.
- Change the host IP address in the cloud to align with the IP address of the host in the on-premises IDC.
- Ensure proper network communication between hosts in the on-premises IDC and those in the cloud.