This topic describes how to configure health checks and route weights for peering connections that are established on each virtual border router (VBR). This ensures that a standby Express Connect circuit can take over when the active Express Connect circuit is not working as expected.

Prerequisites

Background information

Alibaba Cloud sends a ping packet to the IP address of the data center from the source IP address every 2 seconds. If no response is returned for eight consecutive ping packets, the other Express Connect circuit takes over.
Note If Copp policies or anti-attack policies are configured for the network device of the data center, such as a Cisco device, probe packets of health checks may be dropped and oscillation may occur in health check connections. We recommend that you disable speed throttling for the network device of the data center.
Access from the data center to the VPC
The following table provides details of the network topology.
Configuration IP address/CIDR block
VPC 192.168.0.0/16
Data center 172.16.0.0/16
Connection between the first VBR and the data center
  • IP address of the VBR gateway: 10.10.10.1
  • IP address of the data center gateway: 10.10.10.2
  • Subnet mask: 255.255.255.252
Connection between the second VBR and the data center
  • IP address of the VBR gateway: 10.10.11.1
  • IP address of the data center gateway: 10.10.11.2
  • Subnet mask: 255.255.255.252
Health checks for the first peering connection
  • Source IP address: 192.168.10.1
  • Destination IP address: 10.10.10.2
Second health check
  • Source IP address: 192.168.10.2
  • Destination IP address: 10.10.11.2

Step 1: Configure health checks

You must configure health checks for both peering connections.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and choose VPC Peering Connections > VBR-to-VPC in the left-side navigation pane.
  3. Find the peering connection and choose The Hide/Show icon > Health Check in the Actions column.
  4. In the Health Check panel, click Settings.
  5. In the Modify VBR panel, set the following parameters and click OK.
    Parameter Description
    Source IP address An idle private IP address of the connected VPC.
    Destination IP address The IP address of the network device interface in the data center.

    If you want to send ICMP packets from the data center to the VPC to perform health checks, we recommend that you enter the source IP address of the health check. Then, configure routes that point to the new destination IP address.

  6. Repeat the preceding steps to configure health checks for the other peering connection.
    Note The source IP address for health checks of the second peering connection cannot be the same as that of the first peering connection.

Step 2: Configure route weights

In this example, load balancing routes are configured.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click Route Tables.
  3. On the Route Tables page, find the VPC where you want to configure load balancing routes and click its ID. Then, click the ID of the route table.
  4. On the Route Entry List tab, click Custom, and then click Add Route Entry.
  5. Set the following parameters and click OK.
    • Destination CIDR Block: Enter the destination CIDR block.
    • Next Hop Type: Select Router Interface (To VBR). Traffic destined for IP addresses within the destination CIDR block is forwarded to the router interface of the VBR.

      Select Load Balancing Routing as the routing method and specify the two VBRs that are connected to the VPC as the next hop. The weight must be an integer from 1 to 255. The default value is 100. The weights of the instances must be the same. This way, traffic can be evenly distributed to the next-hop instances.

  6. Click Add Route Entry and set the following parameters to add a route from the first VBR to the data center.
    • Destination CIDR Block: Enter the destination CIDR block.
    • Next Hop Type: Select Router Interface (To VBR). Traffic destined for IP addresses within the destination CIDR block is forwarded to the router interface of the VBR.

      Select General Routing as the routing method and specify the first VBR interface as the next hop.

  7. Click Add Route Entry and set the following parameters to add a route from the second VBR to the data center.
    • Destination CIDR Block: Enter the destination CIDR block.
    • Next Hop Type: Select Router Interface (To VBR). Traffic destined for IP addresses within the destination CIDR block is forwarded to the router interface of the VBR.

      Select General Routing as the routing method and specify the second VBR interface as the next hop.

Step 3: Configure static routes for the source IP addresses of health checks on the CPE device of the data center

Static routes are configured for the VBR and data center. If BGP is not used, you must configure the following static routes for the customer-premises equipment (CPE) of the data center.
  • Set the next hop of the source IP address for the first peer connection health checks as the IP address of the first VBR.
  • Set the next hop of the source IP address for the second peer connection health checks as the IP address of the second VBR.

Step 4: Test the network connectivity

Disable an Express Connect circuit and ping the cloud resources deployed in the VPC to test whether the standby Express Connect circuit can work as expected.

Note If BGP is used on the VBRs and the CPE device of the data center, the VBR must advertise BGP CIDR blocks for the IP addresses used in health checks.
  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region to which the VBR belongs, and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the details page of the VBR, click the Routes tab and click Add Route.
  4. In the Add Route panel, set the following parameters and click OK.
    • Destination CIDR Block: Enter the source IP address of health check. 192.168.10.1/32 is used in this example.
    • Next Hop Type: Select VPC.
    • Next Hop: Select the VPC that you want to connect.
  5. On the VBR details page, click Advertised BGP Subnets, and then click Advertise BGP Subnet.
  6. On the Advertise BGP Subnet page, enter the source IP address of the health check.
  7. Repeat the preceding steps to advertise BGP CIDR blocks for health checks of the second VBR.