With popularity of data centers, users do not need to buy devices by themselves or deploy their own IT centers. Users may apply for a group of IT resources from a data center to provide them with cloud computing services. The IT resources are managed by the data center. Hardware resources in the data center provide cloud services for the users in the form of virtual devices. For example, if an enterprise applies for N servers, the data center does not physically dispatch N servers for the user, but virtualizes from the hardware resources N servers for the enterprise according to user's requirements on, for example, CPU, memory, and hard disk size, for the servers. These virtual servers, that is, the resources applied for by the user, form a virtual private cloud.
The user desires that the VPC created in the data center accesses the user's VPN so that the enterprise user securely accesses the resources in the VPC. A network side PE and a data center gateway form a hierarchy of PE (HoPE) and the VPC access is implemented in hierarchy of VPN (HoVPN) mode. The use of HoVPN brings the following advantages: In one aspect, the network side is capable of preventing exposure of unnecessary internal network topologies to the data center gateway; in another aspect, the VPN routing pressure of the data center gateway is reduced. According to the VPC access method using the existing HoVPN mode, an operator needs to manually create an upper layer VPN instance and a first VPN instance on the network side PE and the data center gateway respectively. During dynamic creation and cancellation of the VPC, a binding relationship between the VPC and the VPN may also dynamically change. Consequently, according to the existing VPC access method by manually setting the HoVPN mode, the time cost and economic cost are high. The present invention provides a method for automatic access and cancellation of the VPC in HoVPN mode.