All Products
Search
Document Center

Cloud Enterprise Network:How transit routers work

Last Updated:Feb 22, 2024

Transit routers can be used to establish network communication between network instances and forward network traffic within a region or across regions. Transit routers support various routing features. You can configure routes to define how network traffic is forwarded between network instances.

How Enterprise Edition transit routers work

Connect network instances

转发路由器工作原理-连接网络实例-原理图-2023年12.png

You can connect the following network instances to an Enterprise Edition transit router:

  • One or more virtual private clouds (VPCs)

    • If the region, such as China (Nanjing - Local Region), of an Enterprise Edition transit router supports only one zone, make sure that the VPC to be connected to the transit router has at least one vSwitch in the zone. In addition, the vSwitch must provide at least one idle IP address. When you connect the VPC to the Enterprise Edition transit router, the transit router creates an elastic network interface (ENI) in the vSwitch of the VPC. The ENI occupies one IP address in the vSwitch, and forwards network traffic between the VPC and Enterprise Edition transit router.

    • If the region, such as China (Hangzhou), of an Enterprise Edition transit router supports more than one zone, make sure that the VPC to be connected to the transit router has at least two vSwitches, which must be in different zones. Each vSwitch occupies one idle IP address. When you connect the VPC to the Enterprise Edition transit router, the transit router creates an ENI in each of the vSwitches. Each ENI occupies one IP address in the vSwitch and forwards network traffic between the VPC and Enterprise Edition transit router. The two vSwitches support zone-disaster recovery to ensure uninterrupted data transmission between the VPC and the transit router.

      Note
      • For more information about the regions and zones that support Enterprise Edition transit routers, see Regions and zones that support Enterprise Edition transit routers.

      • If your Enterprise Edition transit router is deployed in a region that supports multiple zones, we recommend that you create a vSwitch in each of the zones to support VPC connections. Make sure that each vSwitch can provide at least one idle IP address. This way, the network latency is reduced and the network performance is improved due to shorter data transmission distance. For more information, see How routes are selected for a VPC connection.

  • One or more virtual border routers (VBRs)

  • One or more IPsec-VPN connections

  • One or more transit routers

Manage routes

转发路由器工作原理-管控路由-原理图

  • Route tables

    After network instances are connected to an Enterprise Edition transit router, routes of the network instances are stored in route tables. The Enterprise Edition transit router forwards traffic of the network instances based on the routes in the route table.

    Each Enterprise Edition transit router has a default route table. You can also create custom route tables for Enterprise Edition transit routers. Default route tables are isolated from custom route tables to implement access control.

  • Associated forwarding

    Associated forwarding controls how the traffic of a network instance is forwarded. An Enterprise Edition transit router can forward network traffic for a network instance by querying routes in a route only after the network instance connection is associated with the route table.

    Each network instance connection can have an associated forwarding correlation with the route tables of only one Enterprise Edition transit router.

  • Route Learning

    Route learning controls how a network instance advertises routes. The routes of a network instance can be advertised to an Enterprise Edition transit router only after you enable route learning between the network instance connection and the route tables of the transit router.

    You can enable route learning between the network instance connection and the route tables of one or more Enterprise Edition transit router. Then, routes can be advertised from the network instance to the route tables.

  • Custom routes

    You can add custom routes to the route tables of an Enterprise Edition transit router. This way, you can control traffic forwarding for network instances.

  • Default routing behavior

    After a network instance is connected to an Enterprise Edition transit router, no routes are advertised to the network instance by default. You can enable the route synchronization feature to enable the Enterprise Edition transit router to advertise routes to the network instance. For more information, see Route synchronization.

  • Click to show more routing features

    • Prefix lists

      The route tables of Enterprise Edition transit routers can be associated with prefix lists. After the route table of an Enterprise Edition transit router is associated with the prefix list of a VPC, the system automatically adds the routes that point to the CIDR blocks in the prefix list to the route table of the transit router. This way, you do not need to add routes one by one.

    • Routing policies

      You can configure routing policies to control route advertisement for the route tables of an Enterprise Edition transit router. You can add a routing policy to specify whether to advertise the routes in the route tables of an Enterprise Edition transit router to network instances or other Enterprise Edition transit routers. You can modify routing policies to adjust the attributes of routes.

      When you add a routing policy, you must specify a route table of an Enterprise Edition transit router. The routing policy is associated with the specified route table and is used to filter and modify the routes in the route table.

      If a VBR or an IPsec-VPN connection is connected to an Enterprise Edition transit router, the system automatically adds a route whose priority is 5000, action is Reject, and direction is Egress Regional Gateway to the route table of the Enterprise Edition transit router. This route forbids network communication between the VBR or IPsec-VPN connection and other VBRs or IPsec-VPN connections that are also connected to the transit router. For more information, see Default routing policy.

    • Aggregate routes

      After you connect a VPC to an Enterprise Edition transit router, you can aggregate multiple specific routes in the transit router route table that is associated with the VPC into one aggregate route. After route synchronization is enabled for the VPC, the aggregate route, instead of the specific routes, is automatically advertised to the VPC. Route aggregation reduces the number of routes and accelerates route synchronization.

    • Multi-region equal-cost multi-path routing (ECMP)

      An Enterprise Edition transit router may learn routes from multiple VBRs. If the routes have the same attributes other than region IDs, network traffic is forwarded based on the region IDs in alphabetical order. If multi-region ECMP routing is enabled for VBRs and the routes have the same attributes other than region IDs, those routes are considered equal-cost routes.

How Basic Edition transit routers work

Important

Beginning March 31, 2022, Basic Edition transit routers are supported only in Cloud Connect Network (CCN) areas. They are not available for purchase in Alibaba Cloud regions. By default, only Enterprise Edition transit routers are available for purchase in Alibaba Cloud regions. If your Basic Edition transit routers reside in regions that no longer support Basic Edition transit routers, we recommend that you upgrade the Basic Edition transit routers to Enterprise Edition, which supports more features and a greater networking capacity. For more information, see Upgrade Basic Edition transit routers.

转发路由器工作原理-基础版连接网络实例-原理图

Connect network instances

You can connect the following network instances to a Basic Edition transit router:

Manage routes

  • Route tables

    After network instances are connected to a Basic Edition transit router, routes of the network instances are stored in route tables. The Basic Edition transit router forwards traffic of the network instances based on the routes of the route table.

    Each Basic Edition transit router has one default route table. You cannot create custom route tables for Basic Edition transit routers.

  • Route advertisement

    After network instances are connected to a Basic Edition transit router, all routes of the network instances are advertised to the default route table of the Basic Edition transit router. Then, the Basic Edition transit router advertises the routes to all network instances that are also connected to the transit router to enable communication among the network instances.

  • Routing policies

    You can configure routing policies to control route advertisement for the route tables of a Basic Edition transit router. You can configure routing policies to specify whether to advertise the routes in the route table of a Basic Edition transit router to the network instances connected to the transit router. You can also configure routing policies to modify the attributes of the routes in the route table of a Basic Edition transit router.

    If both VBRs and CCN instances are connected to a Basic Edition transit router, the system automatically creates a routing policy whose priority is 5000, action is Reject, and direction is Egress Regional Gateway. This routing policy forbids the VBRs and CCN instances from communicating with other VBRs and CCN instances that are also connected to the Basic Edition transit router. For more information, see Default routing policy.