This topic describes how to configure health checks and routes for redundant physical connections. To make sure that traffic is forwarded to the standby physical connection when the active physical connection fails, you must configure health checks for the associated VBR-to-VPC peering connections and configure routes.

Prerequisites

Before you configure health checks and routes, make sure that the following operations are completed:
  • Two physical connection interfaces are applied for and the connection between the on-premises data center and Alibaba Cloud is established.
  • Two VBR-to-VPC peering connections are created. For more information, see Create a dedicated physical connection and Interconnect a VPC and a VBR.
  • Static routing is configured between the Virtual Border Routers (VBRs) and the on-premises data center. No BGP is used.

Background information

Alibaba Cloud sends a ping packet once every two seconds from the health check IP address to the customer-side IP address of the on-premises data center. If no response is received for the ping packet for eight consecutive times on the physical connection, traffic is switched to the other physical connection.
Note If Control Plane Policing (Copp) (such as Cisco devices) or Local Attack Defense Policy (such as Huawei devices) is configured on the on-premises data center network device, health check packets may be discarded and the health check link shocks. Therefore, we recommend that you cancel the speed limitation on the network device of the on-premises data center.
本地数据中心访问VPC
In this topic, the following network configurations are used as an example:
Configuration CIDR block
The connected VPC 192.168.0.0/16
On-premises data center 172.16.0.0/16
The connection between one VBR and the on-premises data center
  • VBR gateway IP address: 10.10.10.1
  • Gateway IP address of the on-premises data center: 10.10.10.2
  • Subnet mask: 255.255.255.252
The connection between the other VBR and the on-premises data center
  • VBR gateway IP address: 10.10.11.1
  • Gateway IP address of the on-premises data center: 10.10.11.2
  • Subnet mask: 255.255.255.252
Health checks for one VBR-to-VPC peering connection
  • Source IP address: 192.168.10.1
  • Destination IP address: 10.10.10.2
Health checks for the other VBR-to-VPC peering connection
  • Source IP address: 192.168.10.2
  • Destination IP address: 10.10.11.2

Step 1: Configure health checks

You must configure health checks for the two peering connections. To do so, follow these steps:

  1. In the left-side navigation pane, choose VPC Peering Connections > VBR-to-VPC.
  2. Find the target peering connection and choose 更多按钮 > Health Check in the Actions column.
  3. On the Health Check page, click Configure.
  4. On the Edit VBR page, configure health checks.
    The following table shows the required parameters.
    Parameter Description
    Source IP Any idle private IP address in the connected VPC.
    Destination IP The interface IP address of the network device of the on-premises data center.

    If you need to perform ICMP health checks from the on-premises data center to the VPC, enter the health check IP address of the VPC as the destination IP address and configure a route that points to this new health check destination.

    健康检查
  5. Click OK.
  6. Repeat the preceding steps to configure health checks for the other peering connection.
    Note The source IP address of the health checks for the other peering connection cannot be the same as that for the first peering connection.

Step 2: Configure routes

In this example, load balancing routing is configured.

  1. In the left-side navigation pane, choose Route Tables.
  2. Find the target VPC and click the ID of the corresponding route table.
  3. On the Route Table page, click Add Route Entry and configure the load balancing route.
    Configure the load balancing route according to the following information:
    • Destination CIDR Block: Enter the destination CIDR block to which traffic is forwarded.
    • Next Hop Type: Select Router Interface (To VBR), which means forwarding the traffic with a destination IP address that falls into the destination CIDR block to the router interface associated with the VBR.

      Select Load Balancing Routing for the routing type, select the two VBRs connected with the VPC as the next hop, and set weights for the two VBRs. Value range of the weights of the VBRs: 1 to 255. Default value: 100. The weights of the two VBRs must be the same so that traffic can be evenly distributed to them.

    负载路由配置
  4. Click Add Route Entry and add a route from one VBR to the on-premises data center.
    Configure the route according to the following information:
    • Destination CIDR Block: Enter the destination CIDR block.
    • Next Hop Type: Select Router Interface (To VBR), which means forwarding the traffic with a destination IP address that falls into the destination CIDR block to the router interface associated with the VBR.

      Select General Routing for the routing type and select one VBR as the next hop.

  5. Click Add Route Entry and configure a route from the other VBR to the on-premises data center.
    Configure the route according to the following information:
    • Destination CIDR Block: Enter the destination CIDR block.
    • Next Hop Type: Select Router Interface (To VBR), which means forwarding the traffic with a destination IP address that falls into the destination CIDR block to the router interface associated with the VBR.

      Select General Routing for the routing type and select the other VBR as the next hop.

    The following figure shows the configured routes.路由条目

Step 3: Configure static routes on the network device of the on-premises data center

If no BGP is used, the following static routes need to be configured between the on-premises data center and the VBRs on the network device of the on-premises data center:
  • A route entry with the health check source IP address of one peering connection as the destination IP address and the IP address of the corresponding VBR (Alibaba Cloud-side IP address) as the next hop.
  • A route entry with the health check source IP address of the other peering connection as the destination IP address and the IP address of the corresponding VBR as the next hop.

Step 4: Test the network connectivity

Ping an instance in the VPC when one physical connection fails to check if the redundant physical connection works.

Advertise BGP CIDR blocks

If you have configured BGP for your on-premises data center and the VBRs, the VBRs need to advertise BGP CIDR blocks.

  1. In the left-side navigation pane, choose Physical Connections > Virtual Border Routers (VBRs).
  2. Find one of the two VBRs and click the VBR ID. On the Routes tab, click Add Route.
  3. On the Add Route page, configure a route pointing to the health check source IP address.
    Configure the route according to the following information:
    • Destination Subnet: Enter the source IP address of health checks. In this example, enter 192.168.10.1/32.
    • Next Hop Type: Select VPC. Then, select the connected VPC as the next hop.
  4. Click the Advertised BGP Subnets tab and click Advertise BGP Subnet.
  5. On the Advertise BGP Subnet page, enter the source IP address of health checks.
    宣告BGP网段
  6. Repeat the preceding steps to advertise BGP CIDR blocks for the health check source IP address of the other VBR.