tencent cloud


Hybrid Cloud Deployment

Last updated: 2022-03-03 10:29:02

    In hybrid cloud deployment scenarios, you can directly bind CLB instances to IPs in the local IDC off the cloud so as to bind them to real servers across VPCs and IDCs.
    This feature is currently in beta test. If you want to try it out, please submit an application.

    Solution Strengths

    • A hybrid cloud can be built quickly to seamlessly connect the environments in and off the cloud. CLB can forward requests to CVM instances in the in-cloud VPC and the off-cloud IDC at the same time.
    • The high-quality public network access capabilities of Tencent Cloud can be reused.
    • The rich features of CLB such as layer-4/7 access, health check, and session persistence can be reused.
    • The private networks can be interconnected with each other through CCN, fine-grained routing is supported to guarantee the quality, and diversified tiered pricing is supported to reduce the costs.


    • Cross-network CVM instance binding is currently not supported for classic CLB instances.
    • This feature is available only to bill-by-IP accounts. To check your account type, please see Checking Account Type.
    • Cross-region binding 2.0 and hybrid cloud deployment do not support Allow Traffic by Default in security groups, for which you need to allow the client IP and service port on the real server.
    • CLB instances cannot be bound with each other in cross-region binding 2.0 and hybrid cloud deployment scenarios.
    • This feature is only available in Guangzhou, Shenzhen, Shanghai, Jinan, Hangzhou, Beijing, Tianjin, Chengdu, Chongqing, Hong Kong (China), Singapore and Silicon Valley.
    • TCP and TCP SSL listeners need to use TOA on the real server to get the source IP. For more information, please see TOA Module Loading Method.
    • HTTP and HTTPS listeners need to use X-Forwarded-For (XFF) to get the source IP.
    • UDP listeners cannot get the source IP.


    1. You have submitted the application for beta test eligibility. For cross-region binding in the Chinese mainland, submit a ticket for application. For cross-region binding outside the Chinese mainland, contact your Tencent Cloud rep.
    2. You have created a CLB instance. For more information, please see Creating CLB Instances.
    3. You have created a CCN instance. For more information, please see Creating a CCN Instance.
    4. You have bound the direct connect gateway associated with the IDC and the target VPC to the created CCN instance. For more information, please see Associating Network Instances.


    1. Log in to the CLB Console.
    2. On the Instance Management page, click the ID of the target CLB instance.
    3. On the Basic Info tab of the Real Server section, click Configure to bind a private IP of another VPC.
    4. Click Submit in the pop-up dialog box.
    5. On the Basic Info tab of the Real Server section, click Add SNAT IP.
    6. In the pop-up dialog box, select Subnet, click Add to assign an IP, and click Save.

      • A SNAT IP is mainly used in hybrid cloud deployment where requests are forwarded to IDC servers. It must be assigned when you bind a CLB instance to an IP in the IDC that is interconnected with CNN, and serves as the private IP of your VPC.
      • A maximum of 10 SNAT IPs can be configured for each CLB instance.
      • Each CLB instance configures one SNAT IP in one forwarding rule, and supports 55,000 max connections after being bound to one real server. If you configure more SNAT IPs or real servers, the number of connections increases proportionally. Assume that you configure 2 SNAT IPs for the CLB instance and bind 10 ports to the real server, resulting in a maximum of 1.1 million connections (2 x 10 x 55,000). You can calculate how many SNAT IPs to assign based on the number of connections.
      • Be aware that deleting a SNAT IP will disconnect all connections on the IP.
    7. On the instance details page, open the Listener Management tab, and bind a real server to the CLB instance in the listener configuration section. For more information, please see Managing Real Servers.
    8. In the pop-up dialog box, select Other Private IP, click Add a private IP, and enter the target IDC private IP, port, and weight. Then click Confirm. For more information on ports, please see Server Common Port.
    9. Now you can view the bound IDC private IP in the Bound Real Servers section.

    Relevant Documentation

    Cross-Region Binding 2.0 (New)

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support