All Products
Search
Document Center

Cloud Enterprise Network:Connect branches to a data center by using CEN

Last Updated:Feb 22, 2024

This topic describes how to use routing policies of Cloud Enterprise Network (CEN) to connect the branches of an enterprise to the data center of the enterprise.

Prerequisites

Note

This feature is supported only by Basic Edition transit routers.

Background information

The system automatically adds a default routing policy to the transit router of a CEN instance. The priority value of the default routing policy is 5000 and the action policy is Reject. This routing policy forbids the virtual border routers (VBRs) and the CCN instances that are attached to the CEN instance to communicate with each other. However, in some scenarios, you may need to allow the VBRs and CCN instances to communicate with those that are also attached to the CEN instance.

分支与IDC间互通

The proceeding figure shows that the data center of an enterprise is deployed in the China (Beijing) region. The data center is connected to Alibaba Cloud by using a VBR. A branch of the enterprise (Branch 1) is located in the China (Shanghai) region. Another branch of the enterprise (Branch 2) is located in the China (Hangzhou) region. Branch 1 is connected to a CCN instance by using an SAG instance (SAG 1). Branch 2 is connected to the same CCN instance by using another SAG instance (SAG 2). By default, the data center cannot communicate with Branch 1 or Branch 2. You can add a routing policy to allow the data center and Branch 1 to communicate with each other.

Step 1: Add a routing policy to allow the data center to access Branch 1

Perform the following steps to add a routing policy to allow the data center to access Branch 1:

  1. Log on to the CEN console.

  2. On the Instances page, click the ID of the CEN instance that you want to manage.

  3. On the instance details page, find the region where you want to add a routing policy and click the ID of the transit router in the region.

  4. On the details page of the transit router, click the Route Table tab and click Routing Policies.

  5. On the Routing Policies tab, click Add Routing Policy. Set the following parameters and click OK:

    • Routing Policy Priority: Enter a priority value for the routing policy. A smaller value indicates a higher priority. In this example, 20 is entered.

    • Region: Select the region to which you want to apply the routing policy. In this example, China (Beijing) is selected.

    • Policy Direction: Select the direction in which you want to apply the routing policy. In this example, Egress Regional Gateway is selected.

    • Match Conditions: Configure match conditions for the routing policy. In this example, the following match conditions are specified:

      • Source Instance ID List: The ID of SAG 1 is selected.

      • Destination Instance ID List: The ID of the VBR is selected.

      • Route Prefix: 172.16.0.0/24 is used.

    • Action Policy: Select the action that you want to perform on routes that meet the match conditions. In this example, Allow is selected.

    After you add the routing policy, you can go to the Network Routes tab to view the routes that allow the data center to access Branch 1.分支和IDC互通-策略1

Step 2: Add a routing policy to allow the CCN instance to access the data center

Perform the following steps to add a routing policy to allow the CCN instance to access the data center:

  1. Log on to the CEN console.

  2. On the Instances page, click the ID of the CEN instance that you want to manage.

  3. On the instance details page, find the region where you want to add a routing policy and click the ID of the transit router in the region.

  4. On the details page of the transit router, click the Route Table tab and click Routing Policies.

  5. On the Routing Policies tab, click Add Routing Policy. Set the following parameters and click OK:

    • Routing Policy Priority: Enter a priority value for the routing policy. A smaller value indicates a higher priority. In this example, 20 is entered.

    • Region: Select the region to which you want to apply the routing policy. In this example, Chinese Mainland CCN is selected.

    • Policy Direction: Select the direction in which you want to apply the routing policy. In this example, Egress Regional Gateway is selected.

    • Match Conditions: Configure match conditions for the routing policy. In this example, the following match conditions are specified:

      • Source Instance ID List: The ID of the VBR is selected.

      • Target Instance ID List: the ID of the CCN instance is selected.

      • Route Prefix: 192.168.0.0/24 is used.

    • Action Policy: Select the action that you want to perform on routes that meet the match conditions. In this example, Allow is selected.

    After you add the routing policy, you can go to the Network Routes tab to view the routes that allow the CCN instance to access the data center.分支和IDC互通-策略2

Step 3: Test network connectivity

Perform the following steps to test the network connectivity between the data center and Branch 1:

  1. Open the command prompt on a computer in the data center.

  2. Run the ping command to ping the IP address of a computer in Branch 1.

    The result shows that the data center can access Branch 1.IDC可以访问分支1

  3. Open the command prompt on a computer in Branch 1.

  4. Run the ping command to ping the IP address of a computer in the data center.

    The result shows that Branch 1 can access the data center.分支1可以访问IDC

Perform the following steps to test the network connectivity between the data center and Branch 2:

  1. Open the command prompt on a computer in the data center.

  2. Run the ping command to ping the IP address of a PC in Branch 2.

    The result shows that the data center cannot access Branch 2.IDC不能访问分支2