Cloud Lessons | Huawei Cloud KYON: Going to the cloud with zero network segment modification, simple and easy to use

Abstract: KYON (Keep Your Own Network) is an enterprise-level cloud network solution launched by HUAWEI CLOUD. KYON allows users to directly move the IDC network to the cloud with zero network segment modification, which is simple and easy to use.

This article is shared from the HUAWEI CLOUD community " [Cloud Small Lesson] Basic Services Lesson 76 HUAWEI CLOUD KYON: Zero Modification of Network Segment to Cloud, Simple and Easy to ", the original author: Yun Xiaomeng.

HUAWEI CLOUD KYON (Keep Your Own Network) enterprise-level cloud network solution creates a simple and agile road to the cloud, and helps enterprises with minimal planning, agile migration, and seamless integration. It is the best choice for enterprises to go to the cloud.

What is KYON?

To put it simply, KYON allows users to directly move the IDC network to the cloud, with zero modifications to the network segment, which is simple and easy to use. Specifically, in response to the key demands of users in different stages of cloud business, KYON provides services such as private network NAT, Layer 2 connection gateway (L2CG), hybrid load balancing, and VPC endpoint (VPC Endpoint) to help users in minimalist planning. Network, agile business migration, seamless and integrated use of IDC and cloud resources.

Scenario 1: Network planning stage-network segment need not be modified to go to the cloud

Business background

The network segments of the two subsidiaries of a company are planned independently, and the sub-network segments overlap. Customers want to keep the original network segment and go to the cloud, and still be able to access each other after going to the cloud.

Figure 1 IDC network model example

You can create two virtual private clouds (VPCs) on HUAWEI CLOUD and divide the subnets to realize the migration of the network segments of the two subsidiaries to the cloud. However, two VPCs with overlapping subnets usually cannot directly access each other, nor can they communicate with each other through the VPC peer-to-peer connection service.

Migrating directly to the cloud without modifying the network segment, allowing two VPCs with overlapping subnets to access each other is a headache in the process of user network migration to the cloud.

Scheme realization

HUAWEI CLOUD private network NAT service can perfectly solve the mutual access requirements of overlapping subnets between VPCs. As shown in Figure 2, you can create a transit VPC, and then use the private network NAT service to convert department A’s 192.168.0.1 to 10.0.0.33, and department B’s 192.168.0.1 to 10.0.0.22, and access each other through the converted IP addresses .

Figure 2 Schematic diagram of private network NAT service

Scenario 2: Cloud migration stage-IDC host IP address configuration remains unchanged to access the cloud host

Business background

A company has used cloud private line/VPN to get through the network with HUAWEI CLOUD. The customer hopes to migrate some hosts to the cloud, and can communicate with the hosts on the cloud without modifying the IDC host configuration after the migration.

The cloud dedicated line/VPN service can realize the three-layer intercommunication between IDC and the cloud network, but it cannot realize that the IDC host can directly access the cloud host without modifying the IP address configuration. The reason is that after the host is migrated to the cloud, IDC and the cloud are isolated environments, and they must pass through the gateway device to access each other.

How can I access the host on the cloud without modifying the IP address configuration of the IDC host? requires Layer 2 network intercommunication between the cloud subnet and the IDC subnet.

Scheme realization

Huawei Cloud Layer 2 Connectivity Gateway (L2CG) service can realize Layer 2 network interoperability between IDC and VPC on the cloud. As shown in Figure 3, the second-tier connection gateway and offline VxLAN switch are used to construct a second-tier tunnel, and a large second-tier network is constructed on the basis of the third-tier network of the cloud dedicated line/VPN. The hosts of IDC and VPC on the cloud are in the same Layer 2 domain, which perfectly realizes that the IP address configuration of the IDC host remains unchanged to access the hosts on the cloud. And it can realize that the business is not interrupted during the migration process, and the 192.168.0.3 host in department A can be directly migrated to the VPC on the cloud.

Figure 3 Using L2CG to implement the second-tier server migration

Scenario 3: IDC and cloud integration stage-IDC and cloud server load sharing

Business background

Department A of a company provides services to users. The customer hopes that the host on the cloud serves as an extension of the IDC host, and the host on the cloud forms a business cluster and the load is shared within the cluster. And during peak business hours, it can use cloud resources to quickly expand capacity and adapt to peak business demands.

Figure 4 IDC load balancing access to the back-end server

The IDC host can use the cloud dedicated line/VPN service to communicate with the host on the cloud, but the IDC load balancer cannot bind the host on the cloud for load sharing.

How to achieve load sharing between the cloud and the IDC host? A load balancer that can bind the hosts on the cloud and in the IDC for load sharing at the same time is required.

Scheme realization

The hybrid load balancing function of HUAWEI CLOUD Elastic Load Balancing Service supports binding hosts on the cloud and in IDC to achieve load sharing. Combined with the Elastic Scaling (AS) service, it can also automatically apply/release host resources on the cloud based on business conditions.
As shown in Figure 5, the exclusive load balancing instance is bound to the 10.0.0.5 host on the cloud and the 192.168.0.1 and 192.168.0.5 hosts in the IDC as the back-end server group for load sharing to achieve load sharing. And associated with the elastic scaling service, automatically expand the host on the cloud to the business cluster according to business needs.

Figure 5 Using hybrid load balancing to achieve load sharing between IDC and cloud hosts

Scenario 4: IDC and cloud integration stage-IDC applications use cloud services

Business background

As services on the cloud become more and more abundant, especially high-end services (such as EI enterprise intelligence services, database services) are becoming more and more powerful. Users hope that IDC applications can use high-end services to help business innovation and transformation.

However, the deployment complexity and post-maintenance cost of locally deployed high-end cloud services are headaches for users.

Scheme realization

HUAWEI CLOUD VPC Endpoint service, combined with cloud dedicated line (DC)/virtual private network (VPN), enables applications in IDC to access services on the cloud.

As shown in Figure 6, IDC applications access VPC terminal nodes on the cloud through a cloud dedicated line/VPN, and can use the cloud services that have been released on HUAWEI CLOUD, such as database services and EI enterprise intelligence services.

Figure 6 Using VPC terminal node services to implement IDC applications using cloud services

For more KYON introduction and operation, please poke here .

Click to follow, and get to know the fresh technology of Huawei Cloud for the first time~