- Release Notes and Announcements
- Release Notes
- [September 9, 2024] Notification on Update of Compensation Standards in the Direct Connect Service Level Agreement
- [Oct. 2022] Discontinuing the Free Tier of Outbound Traffic and Introducing a New Pricing Plan
- Direct Connect Resource Lifecycle Standardization
- Dec. 31, 2022 - Migration of Direct Connect Cross-Region Tunnel Service to CCN
- Redundant Direct Connect Gateway Clearance
- Jun. 1, 2022 - Starts Commercialization of Shared Tunnel Service
- [Dec 1, 2020] Free Trial Period Extension and Billing Rule Change for Direct Connect Outbound Traffic
- Aug. 1, 2020 - Service Change Notice
- Dec. 31, 2021 - Direct Connect 2.0 Released
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Connections
- Direct Connect Gateways
- Dedicated Tunnels
- Monitoring and Alarming
- Cloud Exchange
- Cloud Access Management
- Practical Tutorial
- Connecting a Local IDC to CVM by Using a VPC NAT Gateway and Direct Connect
- Hybrid Cloud Primary/Secondary Communication (DC and VPN)
- Best Practices on Direct Connect High Availability and Hybrid Cloud Network
- Migrating Cross-Region Dedicated Tunnel to CCN
- Migrating IDC to the Cloud Through CCN
- Accelerating Routing Convergence Through BGP+BFD (Layer 3)
- IDC Local Configuration
- Establishing Direct Connect Between Tencent Cloud and Various Cloud Vendors Through Equinix
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Direct Connect APIs
- RejectDirectConnectTunnel
- ModifyDirectConnectTunnelAttribute
- DescribeDirectConnectTunnels
- DeleteDirectConnectTunnel
- CreateDirectConnectTunnel
- AcceptDirectConnectTunnel
- ModifyDirectConnectAttribute
- DescribeDirectConnects
- DescribeAccessPoints
- DeleteDirectConnect
- CreateDirectConnect
- ReleaseInternetAddress
- EnableInternetAddress
- DisableInternetAddress
- DescribeInternetAddressStatistics
- DescribeInternetAddressQuota
- DescribeInternetAddress
- ApplyInternetAddress
- Data Types
- Error Codes
- FAQ
- Troubleshooting
- Agreements
- Contact Us
- Glossary
- Release Notes and Announcements
- Release Notes
- [September 9, 2024] Notification on Update of Compensation Standards in the Direct Connect Service Level Agreement
- [Oct. 2022] Discontinuing the Free Tier of Outbound Traffic and Introducing a New Pricing Plan
- Direct Connect Resource Lifecycle Standardization
- Dec. 31, 2022 - Migration of Direct Connect Cross-Region Tunnel Service to CCN
- Redundant Direct Connect Gateway Clearance
- Jun. 1, 2022 - Starts Commercialization of Shared Tunnel Service
- [Dec 1, 2020] Free Trial Period Extension and Billing Rule Change for Direct Connect Outbound Traffic
- Aug. 1, 2020 - Service Change Notice
- Dec. 31, 2021 - Direct Connect 2.0 Released
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Connections
- Direct Connect Gateways
- Dedicated Tunnels
- Monitoring and Alarming
- Cloud Exchange
- Cloud Access Management
- Practical Tutorial
- Connecting a Local IDC to CVM by Using a VPC NAT Gateway and Direct Connect
- Hybrid Cloud Primary/Secondary Communication (DC and VPN)
- Best Practices on Direct Connect High Availability and Hybrid Cloud Network
- Migrating Cross-Region Dedicated Tunnel to CCN
- Migrating IDC to the Cloud Through CCN
- Accelerating Routing Convergence Through BGP+BFD (Layer 3)
- IDC Local Configuration
- Establishing Direct Connect Between Tencent Cloud and Various Cloud Vendors Through Equinix
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Direct Connect APIs
- RejectDirectConnectTunnel
- ModifyDirectConnectTunnelAttribute
- DescribeDirectConnectTunnels
- DeleteDirectConnectTunnel
- CreateDirectConnectTunnel
- AcceptDirectConnectTunnel
- ModifyDirectConnectAttribute
- DescribeDirectConnects
- DescribeAccessPoints
- DeleteDirectConnect
- CreateDirectConnect
- ReleaseInternetAddress
- EnableInternetAddress
- DisableInternetAddress
- DescribeInternetAddressStatistics
- DescribeInternetAddressQuota
- DescribeInternetAddress
- ApplyInternetAddress
- Data Types
- Error Codes
- FAQ
- Troubleshooting
- Agreements
- Contact Us
- Glossary
Best Practices on Direct Connect High Availability and Hybrid Cloud Network
Last updated: 2024-01-13 16:02:36
Tencent Cloud direct connect maximizes the high availability of business in various failure scenarios, such as port exception/fiber optic component failure, network device failure, failure of data center at the access point etc. It provides four-line dual access point (recommended), two-line dual access point, two-line single access point and other network architectures, where, the four-line dual access point network architecture provides higher level of Tencent Cloud Direct Connect Service Level Agreement. In this document, we take four-line dual access point architecture as an example to describe the high availability design and practices of Tencent Cloud direction connect.
Network Architecture with High Availability
User IDC accesses at least two Tencent Cloud direct connect access points through connections to achieve high availability and load balancing at the physical level.
Direct connect gateway integrates with DSR clusters based on DSR system design. It acts as the bridge between Tencent Cloud and IDC to form a virtual dedicated tunnel together with the local router at IDC side and achieve resources intercommunication via Tencent Cloud VPC or CCN.
DSR clusters provide two Tencent Cloud border IP addresses to implement active-active routing system at the control plane. Thus, the local router on IDC side has created BGP neighbor adjacency with the two clusters respectively via BGP protocol to effectively ensure high availability of business in case of DSR cluster upgrade or single cluster failure and avoid impact on business caused by single BGP neighbor adjacency interruption and route convergence.
Meanwhile, DSR adjusts and removes exceptional service nodes dynamically through real-time monitoring mechanism in the cluster to ensure the availability of single cluster. It adopts large-scale cluster scaling technique to enable horizontal scaling among multiple clusters for the business to ensure availability across clusters.
Hot switching in case of failure
Switching in case of connection failure
The system switches the traffic to connection 2 automatically when it detects a failure in connection 1 to ensure normal operation of the business. The traffic will be switched back automatically when the failure is recovered.
Switching in case of exchange failure
The system switches the traffic to connection 2 automatically when it detects a failure in exchange 1 to ensure normal operation of the business. The traffic will be switched back automatically when the failure is recovered.
Switching in case of DSR failure
The system switches the traffic to connection 2 automatically when it detects a failure in the DSR cluster to ensure normal operation of the business. The traffic will be switched back automatically when the failure is recovered.
Switching in case of access point failure
The system switches the traffic to access point 2 automatically when it detects a failure in access point 1 to ensure normal operation of the business. The traffic will be switched back automatically when the failure is recovered.
Switching in case of over capacity
According to capacity planning, the usage of each connection is not allowed to be over 50%. If the usage of connection 1 is over 50%, the system will switch traffic to connection 2 automatically. Then, the traffic will be switched back to connection 1 when the usage is below 50%.
Limits and Suggestions for Practices
Network layer (dedicated tunnel)
BGP IP needs to be configured on both Tencent Cloud side and the user IDC side to establish a session, and BGP session must be kept in active-active status.
See the figure below for the configuration on Tencent Cloud side. For more information, see Exclusive Virtual Interface-Advanced Configuration.
BFD and NQA needs to be provided for health check to ensure robustness of the tunnel. For more information on the configuration of health check, see Health Check for the Dedicated Tunnel.
Physical layer (connection)
On the IDC side, users can use the same port of an edge device to connect primary/secondary connections to ensure high availability of the connections, or use two edge devices to connect primary/secondary connections.
Yes
No
Was this page helpful?