All Products
Search
Document Center

Elastic Compute Service:Connect an instance in a classic network to a VPC

Last Updated:Oct 19, 2023

You can set up ClassicLink connections to allow Elastic Compute Service (ECS) instances located in a classic network to communicate with ECS instances located in a virtual private cloud (VPC) over private IP addresses. This topic describes how to connect an instance in a classic network to a VPC by using ClassicLink.

Background information

ClassicLink is a feature provided by Alibaba Cloud that allows you to set up private connections between Alibaba Cloud classic networks and VPCs. Classic networks and VPCs are two types of network on Alibaba Cloud. By default, classic networks are isolated from VPCs. You can use the ClassicLink feature to connect classic networks to VPCs. This way, resources in the classic networks can communicate with resources in the VPCs. For more information, see Overview of ClassicLink.

Limits

Before you use the ClassicLink feature, take note of the following limits:
  • You can associate up to 1,000 classic network-connected ECS instances with a VPC.
  • For one Alibaba Cloud account in one region, a classic network-connected ECS instance can be associated with only one VPC.

    If you want to associate an ECS instance of Account A with a VPC of Account B, you must first transfer the ECS instance from Account A to Account B.

  • Classic network-connected ECS instances can communicate only with ECS instances in the primary CIDR block of a VPC. Classic network-connected ECS instances cannot communicate with ECS instances in the secondary CIDR block of the VPC.
  • To enable the ClassicLink feature for a VPC, the following conditions must be met.
    VPC CIDR blockLimit
    172.16.0.0/12The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
    10.0.0.0/8
    • The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
    • Make sure that the CIDR block of the vSwitch to communicate with the classic network-connected ECS instances is within 10.111.0.0/16.
    192.168.0.0/16
    • The VPC does not contain a custom route entry whose destination CIDR block is 10.0.0.0/8.
    • Add a custom route entry to the ECS instance that is deployed in the classic network. The destination CIDR block of the route entry is 192.168.0.0/16 and the next hop is the private network interface controller (NIC). You can add the route by using the provided script. Download routing script.
      Note Before you run the script, read the readme.txt file.

Procedure

Step 1: Enable the ClassicLink feature

  1. Log on to the VPC console.
  2. In the upper-left corner of the top navigation bar, select a region. 地域

  3. In the list of VPCs, find the VPC to which you want to connect and click the ID of the VPC.

  4. On the Basic Information tab, click Enable ClassicLink in the upper-right corner.

  5. In the message that appears, click OK.

Step 2: Add a ClassicLink security group rule

  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Instances & Images > Instances.

  3. In the upper-left corner of the top navigation bar, select a region. 地域

  4. Add a ClassicLink rule to a security group of an ECS instance that resides in a classic network.

    1. Find an ECS instance that resides in a classic network. In the Actions column, choose More > Network and Security Group > Connect to VPC.

    2. In the dialog box that appears, select the VPC to which you want to connect the instance and click Confirm.

    3. Click Go to the instance security group list and add ClassicLink rules.

      添加classicLink安全组规则
    4. Find a security group of the ECS instance. In the Actions column, click Add Rules.

    5. On the Security Group Rules page, click Add ClassicLink Rule in the upper-right corner. In the dialog box that appears, configure the parameters that are described in the following table.

      Parameter

      Description

      Classic Security Group

      The name of the classic-network security group is displayed.

      Select VPC

      The VPC to which to connect the instance.

      VPC-type Security Groups

      The security groups from the selected VPC that you want to associate with the instance. You can select up to five security groups.

      Mode

      The access mode.

      • Classic <=> VPC (recommended): allows mutual access between resources in the classic network and resources in the VPC.

      • Classic Network => VPCs: allows resources in the classic network to access resources in the VPC.

      • VPCs => Classic Network: allows resources in the VPC to access resources in the classic network.

      Protocol Type

      The communication protocol. Example: Custom TCP.

      Port Range

      The port range. Specify a port range in the <Start port number>/<End port number> format. Example: 80/80, which indicates port 80.

      Priority

      The priority of the rule. A smaller value indicates a higher priority. Example: 1.

      Description

      The description of the rule.

    6. Click OK.

Step 3: Test the connectivity between the instance and the VPC

Perform the following steps to test the connectivity between the instance and the VPC:

  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Instances & Images > Instances.

  3. In the upper-left corner of the top navigation bar, select a region. 地域

  4. (Optional) Click the 设置 icon in the upper-right corner. In the dialog box that appears, select Connection Status and click OK.

  5. Check the Connection Status column corresponding to the instance.

    If the instance is connected to the VPC, Connected is displayed in the Connection Status column.