Terraform module to build multi-VPC Network(Complex Network Interconnection Scenario - Single-Plane Networking) for Alibaba Cloud
English | 简体ä¸æ–‡
This Well-Architecture design emphasizes how to use VPC peering or transit routers in the Alibaba Cloud to build an efficient, secure, and highly available multi-VPC network architecture within the same region, tailored to different customer scenarios and needs.
In the complex network interconnection scenario with a single-plane network, multiple business VPCs within an enterprise can achieve large-scale interconnection through Transit Router (TR) to enable on-demand communication between VPCs. Additionally, a DMZ VPC is constructed to centrally manage all public traffic ingress and egress. The production, development, and DMZ zones are divided into multiple planes according to the TR routing tables. Each business module's VPC is bound to an independent TR routing table, where the routing configuration and policy in the TR routing table determine inter-VPC communication. Furthermore, a public routing table can be constructed solely for managing the routing and forwarding of the DMZ VPC, serving as the unified entry and exit point for north-south traffic management in various production and development environments.
The process overview is as follows:
- Divide distinct environments for production, testing, and DMZ areas.
- Create multiple VPCs and corresponding Virtual Switches (VSW) within each environment.
- Create a Cloud Enterprise Network (CEN) and a Transit Router (TR).
- Add VPCs to the CEN using TR-attachment.
- Create separate TR routing tables for different environments.
- Establish corresponding routing entries within each routing table to achieve routing isolation and connectivity.
- Associate the TR routing tables with their respective VPC-attachments.
Architecture Diagram:
create one VPC in DMZ, one VPC in Dev and two VPCs in Prod.
provider "alicloud" {
region = "cn-hangzhou"
}
module "complete" {
source = "alibabacloud-automation/multiple-vpc-networks-cen/alicloud"
vpcs = {
dmz = {
cidr_block = "10.1.0.0/16"
vswitches = [
{
subnet = "10.1.0.0/24"
zone_id = "cn-hangzhou-h"
}, {
subnet = "10.1.1.0/24"
zone_id = "cn-hangzhou-i"
}, {
subnet = "10.1.2.0/24"
zone_id = "cn-hangzhou-j"
}
]
}
prod = [{
cidr_block = "10.2.0.0/16"
vswitches = [
{
subnet = "10.2.0.0/24"
zone_id = "cn-hangzhou-h"
}, {
subnet = "10.2.1.0/24"
zone_id = "cn-hangzhou-i"
}, {
subnet = "10.2.2.0/24"
zone_id = "cn-hangzhou-j"
}
]
}, {
cidr_block = "10.3.0.0/16"
vswitches = [
{
subnet = "10.3.0.0/24"
zone_id = "cn-hangzhou-h"
}, {
subnet = "10.3.1.0/24"
zone_id = "cn-hangzhou-i"
}, {
subnet = "10.3.2.0/24"
zone_id = "cn-hangzhou-j"
}
]
}]
dev = [{
cidr_block = "10.4.0.0/16"
vswitches = [
{
subnet = "10.4.0.0/24"
zone_id = "cn-hangzhou-h"
}, {
subnet = "10.4.1.0/24"
zone_id = "cn-hangzhou-i"
}, {
subnet = "10.4.2.0/24"
zone_id = "cn-hangzhou-j"
}
]
}]
}
tags = {
"Createdby" = "terraform"
}
}| Name | Version |
|---|---|
| terraform | >= 0.13 |
| Name | Version |
|---|---|
| alicloud | n/a |
| Name | Source | Version |
|---|---|---|
| dev | ./modules/vpc | n/a |
| dev_inner | ./modules/vpc | n/a |
| dmz | ./modules/vpc | n/a |
| prod | ./modules/vpc | n/a |
| prod_inner | ./modules/vpc | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cen_instance_name | The name of cen instance. | string |
"Single_Plane_DMZ_CEN" |
no |
| resource_group_id | The ID of the resource group. | string |
null |
no |
| tags | The tags of the resource. | any |
null |
no |
| transit_router_name | The name of cen transit router. | string |
"transit_router_DMZ" |
no |
| vpcs | The parameters of VPCs. | object({ |
{ |
no |
| Name | Description |
|---|---|
| cen_instance_id | The cen instance id. |
| cen_tr_id | The cen transit router id. |
| dev_inner_tr_vpc_attachment_id | The id of attachment between TR and dev inner VPC. |
| dev_inner_vpc_id | The dev inner vpc id. |
| dev_inner_vswitch_ids | The dev inner vswitch ids. |
| dev_tr_route_table_id | The id of dev route table. |
| dev_tr_vpc_attachment_id | The id of attachment between TR and dev VPC. |
| dev_vpc_id | The dev vpc id. |
| dev_vswitch_ids | The dev vswitch ids. |
| dmz_tr_route_table_id | The id of dmz route table. |
| dmz_tr_vpc_attachment_id | The id of attachment between TR and dmz VPC. |
| dmz_vpc_id | The dmz vpc id. |
| dmz_vswitch_ids | The dmz vswitch ids. |
| prod_inner_tr_vpc_attachment_id | The id of attachment between TR and prod inner VPC. |
| prod_inner_vpc_id | The prod inner vpc id. |
| prod_inner_vswitch_ids | The prod inner vswitch ids. |
| prod_tr_route_table_id | The id of prod route table. |
| prod_tr_vpc_attachment_id | The id of attachment between TR and prod VPC. |
| prod_vpc_id | The prod vpc id. |
| prod_vswitch_ids | The prod vswitch ids. |
If you have any problems when using this module, please opening a provider issue and let us know.
Note: There does not recommend opening an issue on this repo.
Created and maintained by Alibaba Cloud Terraform Team(terraform@alibabacloud.com).
MIT Licensed. See LICENSE for full details.
