Building a Multi‑Cloud Network for Seamless Compute Scheduling

Demand Background

Full‑network compute scheduling is a core goal of cloud infrastructure, allowing services to run on public clouds (Alibaba, Huawei, etc.), IDC private clouds, and cross‑border scenarios (ECS, containers). The foundation is compute interconnect, which requires multi‑cloud networking to bridge VPCs across different providers.

Implementation Plan

The overall solution consists of four main components:

Cloud Dedicated Line : 360 Beijing IDC connects to public clouds via dedicated lines, providing a physical network link that can access ECS instances inside the cloud VPC.

Multi‑Cloud Gateway : Deployed in 360 Beijing IDC, it encapsulates and decapsulates overlay traffic, performs VPC‑to‑VPC routing, and interconnects with other regional cloud gateways to achieve cross‑region VPC communication. It also publishes BGP routes for IDC access to VPC networks.

Boundary Router : A jump VPC (dedicated to the boundary router) is placed in each public cloud and linked to 360 IDC via the physical line. It handles overlay encapsulation/decapsulation and forwards four types of core traffic, converting between overlay and native packets as needed.

Public‑Cloud Internal Routing Interconnection : Uses each cloud’s native networking capabilities (e.g., Alibaba Cloud CEN) to interconnect business VPCs with the boundary‑router VPC, setting routing entries to forward traffic to the IDC or other clouds.

Based on this forwarding chain, compute interconnect and traffic scheduling can be realized. Additional diagrams illustrate detailed policy configuration and forwarding structures.

In overlapping VPC address scenarios (common in public‑cloud offerings), a vRouter gateway is built inside the business VPC to create an overlay with an Edge vRouter, masking overlapping IPs and routing traffic through NAT with globally managed non‑overlapping addresses.

MTU issues arise because overlay encapsulation can exceed the 1500‑byte limit of public‑cloud ECS and containers. The solution adjusts TCP MSS to 1410 within the vRouter and enables PMTU discovery for UDP traffic, avoiding the need to change NIC MTU settings.

Related Benefits

With the multi‑cloud link, services can interoperate across Alibaba Cloud, Huawei Cloud, and Volcano Cloud, allowing 360’s workloads to be deployed in overseas regions (e.g., Silicon Valley, Frankfurt) while staying connected to 360 IDC. Workloads can be elastically scheduled to Alibaba ECS, container instances, or PAI, and interoperate with IDC image services and other compute instances.

Future Outlook

The current multi‑cloud link still has gaps in availability and performance. Future optimization will focus on high‑availability and high‑performance boundary routers and IDC multi‑cloud gateways, dual‑card security policy isolation, and backup Internet links, as well as adding security capabilities such as traffic audit and policy isolation.