Abstract: KYON (Keep Your Own Network) is huawei cloud launched enterprise cloud Network solution, KYON can let users directly move IDC Network to the cloud, Network segment zero modification, simple and easy to use.
This article is shared from Huawei cloud community “[Cloud small lesson] Basic services lesson 76 Huawei cloud KYON: network segment zero modification on the cloud, simple and easy to use”, the original author: Cloud Xiaomeng.
Huawei Cloud KYON (Keep Your Own Network) enterprise-level cloud Network solution creates a simple and agile way to go to the cloud, helping enterprises with minimalist planning, agile migration and seamless integration. It is the only choice for enterprises to go to the cloud.
What is KYON? In simple terms, KYON can let users directly move IDC network to the cloud, network segment zero modification, simple and easy to use. Specifically, KYON provides services such as private network NAT, Layer 2 Connection gateway (L2CG), mixed load balancing, and VPC Endpoint (VPC Endpoint) for users’ key demands in different cloud phases. It helps users plan networks in a minimalist way, migrate services in an agile manner, and seamlessly use IDC and cloud resources.
- Scenario 1: Network planning – The network segment does not need to be modified
Business background
The network segments of two subsidiaries of a company are planned independently, and the network segments overlap. Customers want to keep the cloud on the original network segment and still access each other.
FIG. 1 Example of IDC network model
You can create two virtual private clouds (VPCS) on huawei cloud and create subnets to migrate network segments of the two companies to the cloud. However, two VPCS with overlapping subnets cannot communicate with each other directly or through the VPC peer connection service.
Migrating two VPCS with overlapping subnets to the upper cloud directly without modifying the network segment is a headache.
Plan implementation
The NETWORK Address Translation (NAT) service of Huawei cloud private networks perfectly solves the requirements for overlapping subnets between VPCS to access each other. In Figure 2, you can create A transit VPC and use the private network NAT service to convert 192.168.0.1 of department A to 10.0.0.33 and 192.168.0.1 of department B to 10.0.0.22 to access each other using the translated IP addresses.
Figure 2 Schematic diagram of NAT services on private networks
- Scenario 2: In the Upper Cloud Migration phase – The IP address of the IDC host remains the same
Business background
A company has used a private cloud line or VPN to connect to Huawei cloud. The customer wants to migrate some hosts to the cloud so that they can access each other without modifying IDC host configurations.
The cloud private line or VPN service enables the LAYer-3 communication between the IDC and the network on the cloud. However, the IDC host cannot directly access the cloud host without changing the IP address. The reason is that after the host is migrated to the cloud, the IDC and the cloud are isolated and can be accessed only through the gateway.
How can I access cloud hosts without changing the IP address of IDC hosts? The layer 2 network between the upper-cloud subnet and the IDC subnet must be normal.
Plan implementation
Huawei Cloud Layer 2 Connection Gateway (L2CG) service enables layer 2 network communication between IDC and cloud virtual private cloud (VPC). As shown in Figure 3, layer 2 tunnel is constructed by layer 2 connection gateway and offline VxLAN switch, and a large layer 2 network is constructed on the basis of layer 3 network of cloud private line /VPN. IDC hosts and CLOUD VPCS reside in the same Layer 2 domain, enabling IDC hosts to access cloud hosts without changing THEIR IP addresses. In addition, hosts 192.168.0.3 in department A can be directly migrated to the cloud in the VPC without interrupting services.
Figure 3. Server layer 2 migration using L2CG
- Scenario 3: IDC and On-cloud Convergence – Load balancing between IDC and on-cloud servers
Business background
Department A of A company provides services for users. The customer wants hosts on the cloud to be used as IDC hosts to be extended. Hosts on and off the cloud form service clusters and load is shared in the clusters. In addition, cloud resources can be used for rapid expansion during peak hours to meet service requirements.
Figure 4IDC load balancer accessing the back-end server
IDC hosts can use cloud private lines or VPN services to access cloud hosts, but IDC load balancers cannot be bound to cloud hosts for load balancing.
How to achieve load balancing between cloud and IDC host? A load balancer is required that can be bound to hosts in the cloud and IDC for load balancing.
Plan implementation
The mixed load balancing function of huawei Cloud Elastic LOAD Balancing service supports binding to hosts in the cloud and IDC for load balancing. Combined with the elastic scaling (AS) service, it can automatically apply for or release host resources on the cloud based on service conditions.
As shown in Figure 5, the exclusive load balancing instance is bound to hosts 10.0.0.5 on the cloud and 192.168.0.1 and 192.168.0.5 in the IDC as back-end server groups for load balancing. In addition, an elastic scaling service is associated to automatically expand hosts on the cloud to service clusters based on service requirements.
Figure 5 Load balancing between IDC and cloud hosts using the mixed load balancing function
- Scenario 4: IDC and On-Cloud Convergence -IDC applications use on-cloud services
Business background
With more and more services on the cloud, especially the higher-order services (such as EI enterprise intelligence services and database services) are becoming more and more powerful. Users expect IDC applications to use advanced services to help business innovation and change.
However, the deployment complexity and maintenance cost of local deployment of high-level cloud services are a headache for users.
Plan implementation
Huawei cloud VPC Endpoint service combines cloud private line (DC) and virtual private network (VPN) to enable IDC applications to access cloud services.
As shown in Figure 6, WHEN AN IDC application accesses a VPC terminal node on the cloud through a private cloud line or VPN, it can use the cloud services published on huawei cloud, such as database services and EI enterprise intelligence services.
Figure 6 Using VPC terminal node services to implement IDC applications Using on-cloud services
To learn more about KYON and how to do it, click here.
Click to follow, the first time to learn about Huawei cloud fresh technology ~