×
Community Blog Building an Enterprise-Grade Cloud Backbone: Connecting VPCs with Alibaba Cloud CEN

Building an Enterprise-Grade Cloud Backbone: Connecting VPCs with Alibaba Cloud CEN

This article introduces how to use CEN to establish a private communications channel between two VPC networks within the same account, enabling seamless intercommunication between all resources.

by Sunny Jovita, Solution Architect Alibaba Cloud Indonesia.

In cloud architecture, isolating resources into different Virtual Private Clouds (VPCs) is a standard security practice. However, there are often scenarios where resources in separate VPCs need to communicate privately and efficiently.

While you can use VPC Peering or VPN Gateways, Alibaba Cloud Cloud Enterprise Network (CEN) offers a robust, enterprise-level solution for creating interconnected networks.

In this tutorial, we will walk through how to use CEN to establish a private communications channel between two VPC networks within the same account, enabling seamless intercommunication between all resources.

Prerequisites

Before beginning the configuration, ensure you have the following cloud resources ready:

ECS Instances: At least two instances (one in each VPC).

VPC Networks: Two distinct VPCs. For this example, we are using:

  • VPC1: vpc-rj9ikihs6sw77l1oqn2yi (CIDR: 192.168.0.0/16)
  • VPC2: vpc-rj9lx3538jo13c1iyfuq9 (CIDR: 172.16.0.0/12)

Account: Both VPCs must be under the same Alibaba Cloud account.

Imagine you have two sets of resources deployed in separate VPCs under the same account:

1

Without a connecting bridge, an ECS instance in VPC1 (e.g., 192.168.1.24) cannot communicate with an ECS instance in VPC2 (e.g., 172.16.1.56). Even with security groups configured to allow ICMP traffic, a ping test between these instances will fail because there is no routing path between the two networks.

Step 1: Configure Security Groups

By default, security groups may block external traffic. To test connectivity via ping, we need to allow ICMP traffic.

  1. Navigate to the Security Group rules for both ECS instances.
  2. Add an Inbound Rule allowing ICMP (IPv4) traffic.
  3. Ensure this rule is applied to both instances in VPC1 and VPC2.

Note: Once this rule is added, the ECS instance can be pinged from other instances within the same VPC network. However, cross-VPC (different region or different account) ping will still fail until CEN is configured.

2
3

Step 2: Verify Initial Connectivity (The "Before" State)

Before setting up CEN, it is good practice to verify that the networks are indeed isolated.

  1. Log in to the command line of the ECS instance in VPC1.
  2. Attempt to ping the private IP of the ECS instance in VPC2 (e.g., 172.16.1.56).
  3. Result: The ping test will fail. This is expected because the two ECS instances belong to different VPC networks without a routing path between them.

4

Step 3: Attach VPC Networks to a CEN Instance

Now, we will bridge the gap using Cloud Enterprise Network.

1.  Create/Access CEN: Go to the CEN console and create a CEN instance (or use an existing one).

2.  Attach First VPC:

  • Click the sign for Adding VPC.
  • Select VPC1 from the list.
  • System Action: A Transit Router is automatically created when you add the first VPC.

3.  Attach Second VPC:

  • Repeat the process to add VPC2 to the same CEN instance.

4.  Verification: Ensure both VPCs are listed as "Attached" in the CEN console.

5
6
7
8
9
10
11
12

Step 4: Verify Connectivity (The "After" State)

With the CEN instance connecting both VPCs, the routing tables are updated automatically.

  1. Return to the command line of the ECS instance in VPC1.
  2. Ping the private IP of the ECS instance in VPC2 again.
  3. Result: The ping is successful.

This confirms that the two VPC networks are now connected via a private channel.

13
14

Summary

While VPC Peering and VPN Gateways are viable options, CEN provides distinct advantages for enterprise-level networks:

High Speed & Low Latency: CEN provides high-speed network transmission. The maximum rate of local intercommunication reaches the port forwarding rate of your local IDC.

Global Access: CEN has access and forwarding nodes in over 60 regions around the world.

Private Backbone: Users can access Alibaba Cloud through nearby nodes to bypass public networks. This avoids latency and potential packet damage, ensuring quick intercommunication between your local IDC and Alibaba Cloud resources.

Scalability: It supports the creation of an enterprise-level interconnected network, allowing intercommunication between all resources easily.

Connecting VPCs doesn't have to be complex. By leveraging Alibaba Cloud CEN, you can transform isolated networks into a unified, high-performance enterprise network. Whether you are connecting resources in the same region or across the globe, CEN ensures low latency and high reliability.

Ready to optimize your cloud network? Log in to your Alibaba Cloud console and try setting up CEN today!

0 0 0
Share on

Alibaba Cloud Indonesia

124 posts | 21 followers

You may also like

Comments

Alibaba Cloud Indonesia

124 posts | 21 followers

Related Products

  • Alibaba Cloud PrivateZone

    Alibaba Cloud DNS PrivateZone is a Virtual Private Cloud-based (VPC) domain name system (DNS) service for Alibaba Cloud users.

    Learn More
  • VPC

    A virtual private cloud service that provides an isolated cloud network to operate resources in a secure environment.

    Learn More
  • VPN Gateway

    VPN Gateway is an Internet-based service that establishes a connection between a VPC and your on-premise data center.

    Learn More
  • Apsara Stack

    Apsara Stack is a full-stack cloud solution created by Alibaba Cloud for medium- and large-size enterprise-class customers.

    Learn More