This topic describes how to establish load-balancing connections between a data center and Alibaba Cloud by using two Express Connect circuits. Under normal circumstances, both Express Connect circuits transmit data between the data center and Alibaba Cloud at the same time. If Alibaba Cloud detects that one of the Express Connect circuits is not working normally, the other Express Connect circuit automatically takes over. This ensures the availability of your services.

Scenarios

The following scenario shows how to establish load-balancing connections between a data center and Alibaba Cloud by using two Express Connect circuits.

An enterprise has a data center in Shanghai and a virtual private cloud (VPC) in the China (Shanghai) region. The private CIDR block of the data center is 172.16.0.0/12, and the CIDR block of the VPC is 192.168.0.0/16. To prevent single points of failure (SPOFs), the enterprise plans to apply for two Express Connect circuits from two Internet service providers (ISPs), and use the two Express Connect circuits to transmit data between the data center and Alibaba Cloud at the same time.

Architecture of load-balancing connections

The following table describes the configurations of the virtual border routers (VBRs) that are connected to the two Express Connect circuits.

Parameter VBR1 (VBR connected to Express Connect Circuit 1) VBR2 (VBR connected to Express Connect Circuit 2)
VLAN ID 0 0
IPv4 Address of Gateway at Alibaba Cloud Side 10.0.0.1 10.0.0.5
IPv4 Address of Gateway at Customer Side 10.0.0.2 10.0.0.6
Subnet Mask (IPv4 Address) 255.255.255.252 255.255.255.252

Procedure

Procedure for establishing load-balancing connections

Step 1: Establish two connections over Express Connect circuits

You can establish two dedicated connections or two hosted connections over Express Connect circuits.

  • Dedicated connections: You must establish the connections by yourself. For more information, see Create a dedicated connection over an Express Connect circuit.

    If you select this method, you must configure Express Connect Circuit 2 based on the access point.

    • If Express Connect Circuit 1 and Express Connect Circuit 2 have the same access point, select the ID of Express Connect Circuit 1 as the Redundant Connection ID when you establish a connection over Express Connect Circuit 2. This ensures that the two Express Connect circuits access different devices. Make sure that you have paid the initial installation fees for Express Connect Circuit 1.
    • If Express Connect Circuit 1 and Express Connect Circuit 2 have different access points, the ID of Express Connect Circuit 1 becomes the Redundant Connection ID by default.
  • Hosted connections: You can establish the connections through Express Connect partners. For more information, see Create a hosted connection over an Express Connect circuit.

Step 2: Create two VBRs and add routes to the VBRs

You must create a VBR for each of the two Express Connect circuits and add a route to each VBR. The route must point to the data center.

  1. Log on to the Express Connect console.
  2. Create a VBR for Express Connect Circuit 1.
    1. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
    2. On the Virtual Border Routers (VBRs) page, click Create VBR.
    3. In the Create VBR panel, configure the following parameters and click OK.
      • Account: Select the type of the account that is used to create the VBR. In this example, Current Account is selected.
      • Name: Specify a name for the VBR. In this example, VBR1 is entered.
      • Physical Connection Interface: Select the Express Connect circuit that you want to associate with the VBR. The Express Connect circuit must be enabled and work as expected. In this example, Express Connect Circuit 1 is selected.
      • VLAN ID: Enter the VLAN ID of the VBR. In this example, 0 is entered.
      • IPv4 Address of Gateway at Alibaba Cloud Side: Enter the IPv4 address of the gateway that routes traffic from the VPC to the data center. In this example, 10.0.0.1 is entered.
      • IPv4 Address of Gateway at Customer Side: Enter the IPv4 address of the gateway that routes traffic from the data center to the VPC. In this example, 10.0.0.2 is entered.
      • Subnet Mask (IPv4 Address): Enter the IPv4 subnet mask on the Alibaba Cloud side and on the customer side. In this example, 255.255.255.252 is entered.
  3. Add a route to VBR1. The route must point to the data center.
    1. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
    2. On the Virtual Border Routers (VBRs) page, click the ID of VBR1.
    3. On the details page of VBR1, click the Routes tab and click Add Route.
    4. On the Add Route page, configure the following parameters and click OK.
      • Next Hop Type: In this example, Physical Connection Interface is selected.
      • Destination Subnet: Enter the CIDR block of the data center. In this example, 172.16.0.0/12 is entered.
      • Next Hop: Select the Express Connect circuit that you want to connect to the data center. In this example, Express Connect Circuit 1 is selected.
  4. Repeat the preceding steps to create VBR2 for Express Connect Circuit 2 and add a route to VBR2. The route must point to the data center.

Step 3: Attach the VBRs and the VPC to a CEN instance

To enable communication between the VBRs and the VPC, you must attach the VBRs and the VPC to a Cloud Enterprise Network (CEN) instance.

  1. Log on to the CEN console.
  2. On the Instances page, click the ID of the CEN instance that you want to manage.
    If you do not have a CEN instance, create one. For more information, see Create a CEN instance.
  3. Click the Networks tab and click Attach Network.
  4. In the Attach Network panel, click the Your Account tab to attach VBR1, and then click OK.
    • Network Type: Select Virtual Border Router (VBR).
    • Region: Select the region where VBR1 is deployed.
    • Networks: Select the ID of VBR1.
  5. Repeat the preceding steps to attach VBR2 and the VPC to the CEN instance.
    Notice If you have created route entries that point to Elastic Compute Service (ECS) instances, virtual private network (VPN) gateways, or high-availability virtual IP addresses (HAVIPs), advertise these routes to the CEN instance in the VPC console. For more information, see Publish a route to CEN.

Step 4: Configure health checks on Alibaba Cloud

Alibaba Cloud sends a ping packet every 2 seconds over the Express Connect circuits from the source IP address to the destination IP address in the data center. If no responses are returned for eight consecutive ping packets over one of the Express Connect circuits, the other Express Connect circuit takes over.

  1. Log on to the CEN console.
  2. In the left-side navigation pane, click Health Check.
  3. Select the region where VBR1 is deployed and click Set Health Check.
    In this example, China (Shanghai) is selected.
  4. On the Set Health Check page, configure the following parameters and click OK.
    Parameter Description
    CEN Instances Select the CEN instance to which the VBR is attached.
    VBR Select the VBR for which you want to monitor network connections.
    Source IP

    Valid values:

    • Automatic IP Address: The system automatically assigns an IP address from the 100.96.0.0/16 CIDR block.
    • Custom IP Address: You can specify an idle IP address from the 10.0.0.0/8, 192.168.0.0/16, or 172.16.0.0/12 CIDR block. The source IP address must not conflict with the IP address of the VBR interface that is connected to Alibaba Cloud or the customer-premises device. In addition, the source IP address must not conflict with the IP addresses with which the VBR communicates in the CEN.
    Destination IP The IP address of the VBR interface that is connected to the customer-premises device.
    Probe Interval (Seconds) The interval at which probe packets are sent for health checks. Unit: seconds.

    Default value: 2. Valid values: 2 to 3.

    Probe Packets The number of probe packets to be sent for health checks. Unit: packets.

    Default value: 8. Valid values: 3 to 8.

  5. Repeat the preceding steps to configure health checks for VBR2.

Step 5: Configure routes, health checks, and interaction rules for the data center

To establish the connections, you must configure routes and health checks for the data center. You must also configure interaction rules between the routes and health checks.

  1. Configure routes for the data center.

    The following example is only for reference. Route configurations may vary based on the vendor of the gateway device.

    ip route 192.168.0.0 255.255.0.0 10.0.0.1
    ip route 192.168.0.0 255.255.0.0 10.0.0.5
  2. Configure health checks.
    You can use Bidirectional Forwarding Detection (BFD) or Network Quality Analyzer (NQA) to check the routes from the data center to the VBRs. Consult the vendor of your gateway device for specific configuration commands. We recommend that you use the BFD method. This method allows the system to complete health checks within several milliseconds.
  3. Configure interaction rules between the routes and health checks.
    Configurations may vary based on the vendor of the gateway device. Consult the vendor for more information and configure interaction rules based on your business requirements.

Step 6: Test the connectivity

After you establish the connections, you must test the connectivity.

  1. Open a Command Prompt window on a computer in the data center.
  2. On the command line, run the ping command to check the connectivity between the data center and an ECS instance in the VPC. The CIDR block of the VPC is 192.168.0.0/16.
    If the ECS instance can be pinged, the connections are established.
  3. On the command line, run the tracert command to check whether the connections support load balancing.

References