The form of enterprise system architecture is hybrid cloud mode , namely IDC Share online business traffic with the cloud platform , To ensure high availability of business . Murphy's law tells us , If there is a chance that things will go bad , No matter how small the possibility is , It always happens . If IDC The public network exit is abnormal ,IDC Internal business needs to access third-party services , How to achieve high availability ？ This paper combines the public network capability of cloud platform , Analyze the feasibility of disaster recovery construction from the perspective of network platform .

1. The status quo of hybrid cloud networks

The public network outlet of the data center connects with the local operators , The situation is very different , although IDC There are several lines at the exit of the machine room , If the operator connects the entrance or IDC Outlet fault , Will lead to the whole IDC Loss of public network capability . In such a scenario , The traffic at the public network entrance can pass through dns The analytic method switches the business traffic to the cloud platform ; about IDC Export traffic scheduling can only be realized through business level scheduling , When it comes to business scheduling, each enterprise has different implementation methods , There are also great differences in the difficulty of business transformation . Generally, the hybrid cloud network architecture is as follows ：

The hybrid cloud network architecture is highlighted as follows ：

1. Cloud platform and IDC Interworking . Usually, the special line access is different POP, Multiple dedicated lines realize interworking and high availability .
2. The public network export capacity of the cloud platform is EIP. The inlet flow passes through CLB distributed ; The outlet flow passes through NAT gateway （ The binding EIP）; The server is bound directly EIP To access the public network .
3. IDC There is a public network at the public network exit IP Address . The inlet flow passes through F5 perhaps api Gateway to carry traffic , The outlet flow is self built NAT Cluster to access the public network .

2. Public network export disaster recovery scheme

2.1 IDC And the cloud platform export are mutually primary and standby

Under normal circumstances ,IDC And cloud platform public network outlet traffic is chimney type , They don't cross each other ; When IDC The public network exit is abnormal , Traffic switching to cloud platform , Similarly, the cloud platform public network exit is abnormal , Flow switch to IDC. Combined with current cloud platform compatibility , Key points of the scheme ：

1. The dedicated line gateway carrying public network traffic switching must be VPC Type gateway , Non cloud networking type , Currently, it is limited by the platform product capability .
2. Cloud platform NAT The gateway does not support traffic import , Enterprises are required to VPC Self built traffic forwarding system , It is recommended that the flow outlet be directly bound EIP Pattern , More controllable flow .

The overall public network export disaster recovery scheme is as follows ：

2.1.1 Cloud platform switching scheme .

Under normal circumstances , Business flows through NAT Visit the public network , Such as green line sign on the road . Cloud platform for NAT And dedicated line gateway do not support ECMP, So normally , Need to open NAT route , Turn off the dedicated network route , Details are as follows ：

When NAT Cluster exception , The cloud side switches routes , Import traffic to... Through dedicated line gateway IDC Public network exit . Currently, the switching action only supports manual switching , By calling API Interface （DisableRoutes/EnableRoutes）, close NAT Gateway Routing , At the same time, turn on the dedicated line network routing . The cloud platform routing table information is as follows ：

Business failback . After the business recovers , During a low peak period , Switch by calling to turn on and off the subnet .

2.1.2 IDC Disaster recovery switching scheme

Under normal circumstances ,IDC Business flows through NAT Visit the public network , Such as green line sign on the road . Cloud platform routing table , The public network exits through NAT The information is as follows ：

When IDC When the public network exit is abnormal ,IDC You need to switch routes to go out through the public network of the cloud platform . Here you can manually call api Interface （ReplaceRoutes） The cloud platform was originally implemented by replacing tables , Because the target in the same table 0.0.0.0 There is , When the route using the dedicated line gateway is started , Must be closed at the same time NAT Gateway and server public network IP. Replace the original routing table with this routing table , The only difference between the two routing tables is the destination 0.0.0.0 One is dedicated gateway , The other is the public network IP.

PS: Cloud server public network IP： ECS is bound to the public network IP Priority should be given to the public network IP Visit the public network , Just forward IDC Public network traffic .

Business failback , During a low peak period , Switch by replacing the routing table .

2.2 IDC Disaster recovery scheme for the public network outlet of the computer room

Under normal circumstances ,IDC And cloud platform public network outlet traffic is chimney type , They don't cross each other ; When IDC The public network exit is abnormal , Flow switch to IDC Standby public network exit channel , Similarly, the cloud platform public network exit is abnormal , The traffic is switched to the cloud platform public network exit channel . Combined with current cloud platform compatibility , The key points of the scheme are as follows ：

1. The public cloud public network export has high availability . For example, the export of Shanghai regional public network is abnormal , Dispatch traffic to Nanjing or Guangzhou public network through Tencent cloud intranet , To restore business .
2. Cloud platform VPC Subnet routing is performed by binding multiple availability zones NAT gateway , meanwhile NAT Network binding multiple EIP To achieve high availability .
3. IDC Public network exit of machine room , Through the internet dedicated line channel capability of the cloud platform , Get the public network capability of the cloud platform , Realization IDC Standby line at the public network outlet of the machine room .

2.2.1 Cloud platform switching scheme

Under normal circumstances , Traffic flows through two NAT The gateway accesses the public network randomly , recommend NAT More than two gateways are bound EIP.

When NAT Cluster exception , The cloud platform recovers by dispatching the intranet traffic to other regions , It may increase the delay of the business scheme , The customer side does not need to do anything . If only one of them NAT Gateway exception , By manual call API Method to close the abnormal gateway path recovery , As shown in the figure below .

When the cluster recovers , Restore two... By opening the path NAT Load flow .

2.2.2 IDC Switching scheme

Under normal circumstances , Business flows through IDC Data center public network , Such as green line identification . When IDC When the public network exit of the data center is abnormal , Access the public network by switching to the Internet channel of the cloud platform . The cloud platform side does not need to be modified .

3. Summary of scheme comparison