Service scenarios and requirements
1. An enterprise wants to deploy welink video conferencing, but branches share the same public network egress. If a welink video conference on the cloud is used to access the public network, when a large number of video conferencing terminals are connected to the enterprise, each video takes up a certain amount of bandwidth, which has a high requirement on the total bandwidth of the public network egress of the headquarters. This section hopes to solve the problem that the egress bandwidth pressure of conference services is too high.
2. If access is made through the public network, high latency and unstable network jitter still exist, and stable HD video conference cannot be guaranteed. We hope to ensure and improve the quality of conference services.
Project background
1. Welink services are deployed on Huawei cloud and provide external services through EIP, including Welink media EIP, application EIP, and meeting control EIP. Hosts that install welink clients need to communicate with these EIP to implement video conference services
2. Welink service is deployed on Huawei cloud. Through the connection between IDC and Huawei cloud VPC on the private cloud line, the video service traffic can be transferred to the cloud through the private cloud line, and the network transmission is more stable.
Plan to introduce
1. Set up a cloud private line to connect the physical devices exported from IDC to the VPC on the cloud. Divert video conference service traffic to the cloud through the cloud dedicated line.
2. EIP of the same region access each other without involving public network links. Configure the NAT gateway on the cloud, add SNAT rules, and translate the ADDRESS of the NAT gateway to enable IDC machines to access the EIP. After the video traffic in the IDC goes to the cloud, it communicates with the welink service through the NAT gateway.
Figure 1 Network topology
Description:
1. Cloud dedicated line ensures the network quality between IDC export devices and WeLink service VPC
2. It is suggested that the dedicated line be connected to Beijing iv first
3. The router connected to the IDC egress and the cloud private line must support BGP and at least 200 routes learning
The configuration steps
1.The physical connection is complete
Physical connections consist of dedicated lines and ports. Huawei cloud directly provides dedicated lines to access ports. Dedicated lines must be purchased and deployed from carriers.
2.Create a VPC and VPC network segment
For details about how to create a VPC, see the Virtual Private Cloud User Guide. Do not conflict with each VPC subnetwork segment.
Anderson, DC: 192.168.3.0/24
B. Huawei cloud: 192.168.4.0/24
3.Configure the shuttle
A. Configure the virtual gateway
On the navigation bar, choose Cloud Private Line > Virtual Gateway. On the virtual gateway page, create a virtual gateway. In the Create Virtual Gateway dialog box, enter the corresponding parameters. In addition, add a route for the PUBLIC IP address used by IDC to access Welink. Therefore, the local network of the virtual gateway is 192.168.4.0/24, EIPB/32, as shown in Figure 2. For details, see Creating a Virtual Gateway.
Figure 2 Virtual gateway configuration
In this example, three Welink public IP addresses are added to access Welink. In fact, you need to add all Welink public IP addresses, including the Welink media EIP, application EIP, and meeting control EIP. The terminal network supports a maximum of 50 network segments, separated by commas (,).
B. Configure virtual interfaces
On the navigation bar, choose Cloud Private Line > Virtual Interface. On the virtual interface page of the console, create a virtual interface. In the Create Virtual Interface dialog box, enter the corresponding parameters. See Table 1 for the configuration parameters.
Figure 3 Virtual interface configuration
Click Submit. When the status of the created virtual interface is Normal, the virtual interface is created.
Description:
Configure the local network. The local terminal network and the remote terminal network must mirror each other on the cloud.
After the dedicated line is configured, you need to configure IDC routes to direct traffic to the cloud.
4. Purchase an elastic public IP address and configure the NAT gateway
A. Purchase an elastic public IP address
For details, see Purchasing an elastic public IP Address. You do not need to bind an elastic public IP address to a cloud host.
B. Purchase a NAT gateway
To purchase a NAT gateway on the cloud, log in to the network console, select NAT Gateway in the service list, and click Create NAT Gateway in the upper right corner of the page.
Figure 4 Nat gateway interface
Configure basic NAT gateway information as prompted. For details about the parameters, see Table 2.
After the preceding information is configured, the configuration cost of the NAT gateway is displayed. You can view the charging information in Details.
C. Add SNAT rules
After a NAT gateway is created, you can add SNAT rules for the NAT gateway. After SNAT rules are added, IDC servers on cloud private lines can access the Internet by sharing elastic public IP addresses.
Each network segment corresponds to one SNAT rule. If servers in multiple network segments on the IDC side of the cloud private line need to access the public network, you can create multiple SNAT rules to share one or more elastic public IP addresses.
Click the name of the NAT gateway to which the SNAT rule is to be added. On the SNAT rule TAB page, click Add SNAT Rule.
Figure 5 Configure SNAT rules page
Set parameters for adding SNAT rules as prompted. For details, see Table 3.
Description:
You can add multiple SNAT rules for a NAT gateway based on service requirements
Add the subnetwork segment of the local data center to the SNAT rule network segment of the Beijing 4 NAT gateway
Configure the NAT gateway on the cloud. Add SNAT rules for accessing Welink EIP addresses. Traffic between IDC and Welink is routed to the cloud VPC through dedicated lines, and to the public network through the NAT gateway through default VPC routes.
5. Verify network connectivity
After the cloud private line and NAT are configured, ping the Welink EIP from the IDC to verify network connectivity.
Click to follow, the first time to learn about Huawei cloud fresh technology ~