Step 3: Access OBS

Scenarios

This section describes how to access OBS using a VPN or Direct Connect connection.

Prerequisites

Your on-premises data center has been connected to your VPC using a VPN or Direct Connect connection.
  • The VPC subnet that needs to communicate with the on-premises data center over the VPN connection contains the OBS CIDR block 100.125.0.0/16.

    For details about how to create a VPN connection, see Creating a VPN in the Virtual Private Network User Guide.

  • The VPC subnet that needs to communicate with the on-premises data center over the Direct Connect gateway contains the OBS CIDR block 100.125.0.0/16.

    For details about how to enable Direct Connect, see Getting Started in the Direct Connect User Guide.

Procedure

  1. In the VPC endpoint list, locate the target VPC endpoint and click the ID of the endpoint to view its details.
    Figure 1 Summary of the VPC endpoint
  2. Add DNS records on the DNS server at your on-premises data center to forward requests for resolving OBS domain names to the VPC endpoint for accessing DNS.

    The methods of configuring DNS forwarding rules vary depending on OSs. For details, see the DNS software operation guides.

    This step uses Bind, a common DNS software, as an example to configure forwarding rules in the UNIX.

    In file /etc/named.conf, add the DNS forwarder configuration and set forwarders to the private IP address of the VPC endpoint for accessing DNS.

    options {
forward only;
forwarders{ xx.xx.xx.xx;};
};
    • If no DNS server is available at your on-premises data center, add the private IP address of the VPC endpoint in file /etc/resolv.conf.
    • xx.xx.xx.xx is the VPC endpoint IP address obtained in 1.
  3. Configure a DNS route from your on-premises data center to the VPN gateway or Direct Connect gateway.

    To access DNS over a VPN or Direct Connect connection, ensure that traffic from your on-premises data center to DNS is directed to the VPN gateway or Direct Connect gateway.

    Configure a permanent route at your on-premises data center and specify the IP address of the Direct Connect or VPN gateway as the next hop for accessing DNS. The following is the example command for configuring such a route:

    route -p add xx.xx.xx.xx mask 255.255.255.255 xxx.xxx.xxx.xxx
    • xx.xx.xx.xx is the VPC endpoint IP address obtained in 1.
    • xxx.xxx.xxx.xxx indicates the IP address of the Direct Connect or VPN gateway created at your on-premises data center.
    • The route command format varies depending on the OS. Use the route command format corresponding to the actual OS.
  4. Configure an OBS route from the on-premises data center to the VPN or Direct Connect gateway.

    The CIDR block of the VPC endpoint for accessing OBS is 100.125.0.0/16. To access OBS over a VPN or Direct Connect connection, ensure that traffic from your on-premises data center to OBS is directed to the VPN gateway or Direct Connect gateway.

    Configure a permanent route at your on-premises data center and specify the Direct Connect or VPN gateway as the next hop for accessing OBS. The following is the example command for configuring such a route:

    route -p add 100.125.0.0 mask 255.255.0.0 xxx.xxx.xxx.xxx
    • xxx.xxx.xxx.xxx indicates the IP address of the Direct Connect or VPN gateway created at your on-premises data center.
    • The route command format varies depending on the OS. Use the route command format corresponding to the actual OS.
  5. At the on-premises data center, run the following command to verify the connectivity with OBS:
    telnet bucket.endpoint

    In the command:

    • bucket: indicates the bucket name.
    • endpoint: indicates the OBS endpoint.

    Example: telnet bucket.obs.eu-de.otc.t-systems.com

    Obtain OBS endpoint information at Regions and Endpoints.

Parent topic: Configuring a VPC Endpoint for Accessing the Private IP Address of OBS over Private Networks