Cloud small classes | huawei cloud KYON: segment zero changes on the cloud, simple and easy

Abstract:KYON (Keep Your Own Network) is an enterprise-level cloud Network solution launched by Huawei Cloud. KYON enables users to directly move the IDC Network to the cloud with zero modification of Network segments, which is simple and easy to use.

This article was shared from Huawei Cloud Community”[Cloud Lessons] Basic Services Lesson 76 Huawei Cloud Kyon: Network segment zero modification on the cloud, easy and easy to use”, the original author: Cloud Xiaomeng.

Huawei Cloud KYON (Keep Your Own Network), an enterprise-level cloud Network solution, creates a minimalist and agile path to the cloud, helps enterprises with minimalist planning, agile migration and seamless integration, which is the best choice for enterprises to go to the cloud.

What is KYON?

Simply put, KYON can let users directly IDC network moved to the cloud, network segment zero modification, simple and easy to use. To be specific, Kyon provides private network NAT, L2CG, hybrid load balancing and VPC Endpoint services to help users minimally plan network, migrate business nimbly and seamlessly use IDC and cloud resources in different stages of their business.

Scenario 1: Network planning stage – the network segment goes to the cloud without modification

Business background

The network segments of two subsidiaries of a company are independently planned, and there is overlap of the network segments of the subnetworks. Customers want to retain the original network segment on the cloud, and after the cloud can still visit each other.

Fig. 1 Example of IDC network model

By creating two virtual private clouds (VPC) on Huawei Cloud and dividing the subnet, the network segments of the two subsidiaries can be migrated to the cloud. However, two VPCs with overlapping subnets usually cannot access each other directly, nor can they access each other through the VPC Peer Connection Service.

Direct migration to the cloud without modifying the network segment, so that two VPCs with overlapping subnets can visit each other, is a headache in the process of network migration to the cloud.

Plan implementation

Huawei cloud private network NAT service can perfectly solve the demand of overlapping subnets between VPCs to visit each other. As shown in Figure 2, A transit VPC can be created and then converted from 192.168.0.1 of Department A to 10.0.0.33 and 192.168.0.1 of Department B to 10.0.0.22 by using private network NAT service, and mutual access can be achieved through the converted IP addresses.

Figure 2 Private network NAT service schematic

Scenario 2: Upper cloud migration stage -IDC host IP address configuration does not change to access the host on the cloud

Business background

A company has used cloud dedicated line /VPN to get through the network with Huawei Cloud. Customers want to migrate part of the host cloud, after migration without modifying the IDC host configuration can access each other with the cloud host.

Cloud dedicated line /VPN service can realize the three-layer intercommunication between IDC and the network on the cloud, but it cannot realize the IDC host to directly access the host on the cloud without modifying the IP address configuration. The reason is that after the host migrated to the cloud, IDC and the cloud are isolated environments, which must be accessed by gateway devices to each other.

How to access the host on the cloud without modifying the IP address configuration of the IDC host? The layer network communication between the cloud subnet and the IDC subnet is required.

Plan implementation

Huawei Cloud Layer 2 Connection Gateway (L2CG) service, which can realize the layer 2 network communication between IDC and VPC on the cloud. As shown in Figure 3, a two-layer tunnel is constructed by using the two-layer connection gateway and offline VXLAN switch, and a large two-layer network is built on the basis of the three-layer network of cloud dedicated line /VPN. The host of IDC and VPC on the cloud is in a two-layer domain, which perfectly realizes the constant access to the host on the cloud with the IP address configuration of the IDC host. In addition, the 192.168.0.3 host in Department A can be directly migrated to the VPC on the cloud without interrupting the service during the migration process.

Figure 3. Layer 2 server migration using L2CG

Scenario 3: IDC and cloud convergence stage – load sharing between IDC and cloud servers

Business background

A department of A company provides services to users. Customers expect the host on the cloud to be an extension of the IDC host, and the host on the cloud and the host under the cloud to form A business cluster, with load sharing within the cluster. In addition, it can use resources on the cloud to rapidly expand capacity in peak business periods and adapt to peak business demands.

Figure 4IDC load balancing access to backend servers

The IDC host can use the cloud dedicated line /VPN service to access each other with the host on the cloud, but the IDC load balancer cannot bind the host on the cloud to do load sharing.

How to achieve cloud and IDC host load sharing? Need a load balancer that can bind to both hosts in the cloud and in IDC to do load sharing.

Plan implementation

The hybrid load balancing function of Huawei Cloud Elastic Load Balancing Service supports the binding of hosts on the cloud and in IDC to achieve load sharing. Combined with the elastic scaling (AS) service, it can also automatically request/release host resources on the cloud based on the business situation. As shown in Figure 5, the exclusive load balancing instance binds 10.0.0.5 hosts on the cloud and 192.168.0.1 and 192.168.0.5 hosts in IDC as the back-end server group of load sharing to realize load sharing. And associated with the elastic scaling service, according to the business needs on the cloud automatically extend the host to the business cluster.

Figure 5 uses the hybrid load balancing function to achieve load sharing on IDC and the cloud hosts

Scenario 4: IDC and cloud convergence stage -IDC applications using cloud services

Business background

As the services on the cloud become more and more abundant, especially the higher-order services (such as EI enterprise intelligence services, database services) become more and more powerful. Users expect IDC applications to be able to use higher-order services to help business innovation.

However, the complexity of deployment and maintenance cost of local deployment of high-level cloud services is a headache for users.

Plan implementation

Huawei Cloud VPC Endpoint Service, combined with cloud private line (DC)/virtual private network (VPN), enables applications in IDC to access services on the cloud.

As shown in Figure 6, the applications of IDC can access the VPC terminal nodes on the cloud through the cloud dedicated line /VPN, and then they can use the cloud services that have been released on the Huawei cloud, such as database services and EI enterprise intelligence services.

Figure 6 Using VPC terminal node service to realize IDC application using cloud service

To learn more about KYON and how to do it, please poke here.

Click on the attention, the first time to understand Huawei cloud fresh technology ~