This topic describes how to configure redundant network connectivity by using peering connections. If one connection is faulty, service traffic is switched to the other connection without interruptions. You must configure health checks and weighted routes for the VBR-to-VPC peering connections.

Prerequisites

Before you perform the configuration, make sure that the following conditions are met:
  • Two leased line interfaces are requested to connect the virtual border routers (VBRs) on Alibaba Cloud and the on-premises data center.
  • Two VBR-to-VPC peering connections are created. For more information, see Create a dedicated physical connection and Connect a VBR and a VPC.
  • Static routes are configured, and BGP is not used for the connections between the VBRs and on-premises data center.

Background information

Each XGW on Alibaba Cloud sends a ping packet to the IP address of the on-premises data center from the health check IP address every 2 seconds. If no response is returned for eight consecutive ping packets, service traffic is switched to the other connection.
Note If control panel throttling policies are configured for network devices in the on-premises data center, health check packets may be discarded, which causes instability in the health check links. Control panel throttling policies include Control Plane Policing (CoPP) on Cisco devices and attack defense policies on Huawei devices. We recommend that you disable these policies.
Network topology used to connect the VPC and on-premises data center
The following table provides details of the network topology.
Item CIDR block
VPC 192.168.0.0/16
On-premises data center 172.16.0.0/16
Connection between the first VBR and the on-premises data center
  • VBR gateway: 10.10.10.1
  • Gateway of the on-premises data center: 10.10.10.2
  • Subnet mask: 255.255.255.252
Connection between the second VBR and the on-premises data center
  • VBR gateway: 10.10.11.1
  • Gateway of the on-premises data center: 10.10.11.2
  • Subnet mask: 255.255.255.252
First health check connection
  • Source IP address: 192.168.10.1
  • Destination IP address: 10.10.10.2
Second health check connection
  • Source IP address: 192.168.10.2
  • Destination IP address: 10.10.11.2

Step 1: Configure health checks

You must configure health checks for both peering connections.

  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, choose VPC Peering Connections > VBR-to-VPC.
  3. Find the required peering connection, click More icon in the Actions column, and select Health Check.
  4. On the Health Check page, click Configure.
  5. On the Edit VBR page, configure health check information.
    Figure 1. Edit VBR
    The following table describes the parameters.
    Parameter Description
    Source IP An idle private IP address in the connected VPC.
    Destination IP The interface IP address of the network device in the on-premises data center.

    If you want to send ICMP packets to perform health checks from the on-premises data center to the VPC, enter the source IP address of the health check connection. Then, add routes to this address.

  6. Click OK.
  7. Repeat the preceding steps to configure the health check for the other peering connection.
    Note The source IP address of the other health check peering connection cannot be the same as that of the previous peering connection.

Step 2: Configure weighted routes

For this example, configure load balancing routes.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, click Route Tables.
  3. Find the VPC for which you want to configure weighted routes to implement load balancing and click the ID of the route table.
  4. On the Route Table Details page, click Add Route Entry.
    Configure the following route information:
    • Destination CIDR Block: Enter the destination Classless Inter-Domain Routing (CIDR) block.
    • Next Hop Type: Select Router Interface (To VBR). Traffic destined for IP addresses within the destination CIDR block is forwarded to the router interface of a VBR.

      Click the Load Balancing Routing tab. Configure the VBRs that are connected to the VPC as the next hops and specify their weights. The weight is an integer ranging from 1 to 255. The default value is 100. Specify the weights of the two VBRs to the same, so traffic is evenly distributed to them.

    Load Balancing Routing
  5. Click Add Route Entry again and add a route from the first VBR to the on-premises data center.
    Configure the following route information:
    • Destination CIDR Block: Enter the destination CIDR block.
    • Next Hop Type: Select Router Interface (To VBR). Traffic destined for IP addresses within the destination CIDR block is forwarded to the router interface of a VBR.

      Click the General Routing tab and set the first VBR as the next hop.

  6. Click Add Route Entry again and add a route from the second VBR to the on-premises data center.
    Configure the following route information:
    • Destination CIDR Block: Enter the destination CIDR block.
    • Next Hop Type: Select Router Interface (To VBR). Traffic destined for IP addresses within the destination CIDR block is forwarded to the router interface of a VBR.

      Click the General Routing tab and set the second VBR as the next hop.

    The following figure shows the configured routes.Route Entry List

Step 3: Configure static routes to the source IP addresses of the health check connections on the CPE device of the on-premises data center

In this example, static routes are configured to connect the on-premises data center and the VBRs, and BGP is not used. Configure the following static routes on the customer premise equipment (CPE) device of the on-premises data center:
  • The route to the source IP address of the first health check connection. Set the next hop to the IP address of the first VBR.
  • The route to the source IP address of the second health check connection. Set the next hop to the IP address of the second VBR.

Step 4: Test the network connectivity

Disable a leased line and ping an ECS instance in the VPC. If the ECS instance is reachable, the redundant connection is available.

Note If BGP is used on the VBRs and the CPE device of the on-premises data center, advertise the BGP routes to the source IP addresses of the health check connections on the VBRs.
  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, choose Exclusive Physical Connection > Virtual Border Routers (VBRs).
  3. Click the ID of the first VBR. On the Routes tab, click Add Route.
  4. On the Add Route page, add a route to the source IP address of the first health check connection.
    Configure the following parameters:
    • Destination Subnet: Enter the source IP address of the first health check connection. For this example, enter 192.168.10.1/32.
    • Next Hop Type: Select VPC. Then, set the connected VPC as the next hop.
  5. On the Advertised BGP Subnets tab, click Advertise BGP Subnet.
  6. On the Advertise BGP Subnet page, enter the source IP address of the first health check connection.
    Advertise BGP Subnet
  7. Repeat the preceding steps to advertise the BGP route to the source IP address of the second health check connection on the second VBR.