All Products
Search

This Product

    Express Connect:Connect servers in a data center to the Internet by using ECR and EIP

    Document Center

    Express Connect:Connect servers in a data center to the Internet by using ECR and EIP

    Last Updated:Dec 15, 2025

    You can use services such as Elastic IP Address (EIP), IPv4 gateway, and Express Connect Router (ECR) to connect servers in a data center to the Internet. To implement the connection, you must associate an EIP with the data center.

    Scenario

    The following figure shows the scenario in this example. An enterprise creates a virtual private cloud (VPC) in the China (Hangzhou) region and deploys an IPv4 gateway in the VPC. The enterprise wants to connect servers in a data center in the same region to the Internet. The enterprise can deploy an ECR and connect the VPC and virtual border routers (VBRs) to the ECR. The IPv4 gateway forwards traffic from servers in the data center based on routes and performs NAT to translate internal IP address to an EIP to implement Internet access from the servers.

    The following table describes the CIDR block plan in this example.

    China (Hangzhou)

    vSwitch

    vSwitch zone

    CIDR block

    VPC

    Primary CIDR block: 10.1.0.0/16

    VSW1

    Zone G

    10.1.1.0/24

    VBR1

    N/A

    N/A

    • IPv4 address at the Alibaba Cloud side: 169.254.1.2

    • IPv4 address at the customer side: 169.254.1.1

    • IPv4 subnet mask: 255.255.255.252

    VBR2

    N/A

    N/A

    • IPv4 address at the Alibaba Cloud side: 169.254.2.2

    • IPv4 address at the customer side: 169.254.2.1

    • IPv4 subnet mask: 255.255.255.252

    Data center

    VSW3

    N/A

    172.16.1.0/24

    image

    Preparations

    • The IP Target feature is enabled for EIP within your Alibaba Cloud account. To enable this feature, contact your Alibaba Cloud customer manager.

    • A VPC is created in the China (Hangzhou) region, and vSwitch VSW1 is created in the VPC in Zone G. For more information, see Create and manage a VPC.

    • An IPv4 gateway is created and activated in the VPC, and the system route table of the VPC has a default route that points to the IPv4 gateway. For more information, see Create and manage an IPv4 gateway.

    • An EIP is purchased in the region in which the VPC resides. For more information, see Apply for EIPs.

    • An ECR is created. For more information, see Create and manage ECRs.

    Procedure

    image

    Step 1: Associate the EIP with the data center

    1. Log on to the EIP console.

    2. In the top navigation bar, select the region in which the EIP resides. In this example, China (Hangzhou) is selected.

    3. On the Elastic IP Addresses page, find the created EIP and click Associate with Resource in the Actions column.

    4. In the Associate EIP with Resource dialog box, configure the parameters that are described in the following table and click OK.

      Parameter

      Description

      Instance Type

      The type of resource to be associated with the EIP. In this example, IP is selected.

      Resource Group

      The resource group to which the resource belongs.

      VPC

      The ID of the VPC. In this example, vpc-bp1qphnoexflojnve**** is selected.

      IP Address

      The IP address of the data center. In this example, 172.16.1.0 is entered.

    Step 2: Associate the VPC with the ECR

    1. Log on to the Express Connect console.

    2. In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click its ID. The details page of the ECR appears.

    3. On the ECR details page, click the VPC tab. On the VPC tab, click Associate VPC.

    4. In the Associate VPC dialog box, configure the parameters that are described in the following table and click OK.

      Parameter

      Description

      Resource Owner

      The type of account to which the VPC belongs. In this example, Current Account is selected.

      Region

      The region in which the VPC resides. In this example, China (Hangzhou) is selected.

      VPC ID

      The ID of the VPC. In this example, vpc-bp1qphnoexflojnve**** is selected.

    Step 3: Associate VBRs with the ECR

    1. Log on to the Express Connect console.

    2. In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click its ID. The details page of the ECR appears.

    3. Click the VBR tab. On the VBR tab, click Associate VBR.

    4. In the Associate VBR dialog box, configure the parameters that are described in the following table and click OK.

      Parameter

      Description

      Resource Owner

      The type of account to which the VBR belongs. In this example, Current Account is selected.

      Region

      The region in which the VBR resides. In this example, China (Hangzhou) is selected.

      Network Instance

      The name or ID of the VBR. In this example, vbr-gw8tpcdqylgy99vos**** is selected.

    Step 4: Add a route prefix for the associated VPC

    1. Log on to the Express Connect console.

    2. In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click its ID. The details page of the ECR appears.

    3. On the VPC tab, find the VPC for which you want to update the route prefixes and click the edit.png icon in the Dynamic CIDR Block Propagation column.

    4. In the Update Prefix List dialog box, enter the allowed route prefixes. In this example, 0.0.0.0/0 is entered.

    5. Select the check box to agree to the service agreement and click OK.

    Step 5: Add a route entry for the IPv4 gateway in the VPC

    Check whether the route table of the IPv4 gateway contains a route entry whose destination CIDR block is that of the data center and the next hop is the ECR. If not, perform the following steps to add a route entry:

    1. Log on to the VPC console.

    2. In the top navigation bar, select the region in which the VPC resides. In this example, China (Hangzhou) is selected.

    3. On the VPC page, click the ID of the VPC.

    1. On the details page of the VPC, click the Resource Management tab and then click the number below Route Table.

    2. On the Route Table page, find the route table whose Associated Resource Type is Border Gateway and click its ID.

    1. On the details page of the route table, click the Route Entry List tab and then the Custom Route subtab. Click Add Route Entry.

    2. In the Add Route Entry dialog box, configure the parameters that are described in the following table and click OK.

      Parameter

      Description

      Name

      The name of the route.

      Resource Group

      The resource group to which the resource belongs.

      Destination CIDR Block

      The destination CIDR block to which traffic is forwarded. In this example, 172.16.1.0/24 is entered.

      Next Hop Type

      Select the type of next hop. In this example, ECR is selected.

      ECR

      The ECR that is associated with the VPC.

      Description

      The description of the route entry.

    Step 6: Enable BFD for VBRs

    Enable BFD for the VBRs to accelerate route convergence.

    1. Log on to the Express Connect console.

    2. In the top navigation bar, select a region. In the left-side navigation pane, click Virtual Border Routers (VBRs).

    3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click Edit in the Actions column.

    4. In the Edit VBR panel, configure the parameters and click OK.

      The following table describes the parameters related to BFD. Use default values for other parameters.

      Parameter

      Description

      Submission Interval

      The time interval at which BFD packets are sent. Unit: millisecond.

      Default value: 1000. In this example, the default value is used.

      Reception Interval

      The time interval at which BFD packets are received. Unit: millisecond.

      Default value: 1000. In this example, the default value is used.

      Detection Time Multiplier

      The detection time multiplier that is used to determine the maximum number of lost packets.

      Default value: 3. In this example, the default value is used.

    5. On the Virtual Border Routers (VBRs) page, click the ID of the VBR for which you want to configure BGP routing.

    6. On the details page of the VBR, click the BGP Peers tab.

    7. Find the BGP peer that you want to manage and click Edit in the Actions column.

    8. In the Modify BGP Peer panel, select Enable BFD, configure the BFD Hop Count parameter, and then click OK.

      Note

      BFD supports single-hop and multi-hop authentication. You can specify hops based on your network configurations.

    Step 7: Configure BGP routing

    Configure Border Gateway Protocol (BGP) routing between the data center and VBRs. You can use the autonomous system (AS) path attribute to configure route priorities in the data center.

    1. Configure the data center and VBRs as BGP peers and advertise routes. For more information, see Configure and manage BGP.

      The autonomous system number (ASN) of Alibaba Cloud is 45104. The data center can use 2-byte or 4-byte ASNs.

    2. Specify the destination CIDR block of the BGP routes that you want to advertise to Alibaba Cloud. In this example, the destination CIDR block is 172.16.1.0/24. To implement load balancing between routes from Alibaba Cloud to the data center, specify the AS path length to determine route priorities.

    Express Connect circuit 1 is connected to CPE1, and Express Connect circuit 2 is connected to CPE2. You can set the AS path length to configure route priorities. A shorter AS path indicates a higher priority. The following table describes how BGP routing is configured on the CPEs in the data center. For more information about the commands, contact the service provider of the CPE.

    Parameter

    CPE1

    CPE2

    VLAN Tag

    110

    120

    Network

    172.16.1.0/24

    172.16.1.0/24

    BGP ASN

    6***3

    6***4

    Interface IP

    169.254.1.1/24

    169.254.2.1/24

    AS-Path

    B, A

    B, A

    An ECR automatically learns and advertises routes. After you configure BGP routing, the ECR automatically learns routes based on routing rules such as route weights. The following tables describe the route learning details.

    • The following table describes the BGP routing information about the VBRs.

      Item

      VBR1

      VBR2

      Destination CIDR block

      172.16.1.0/24

      172.16.1.0/24

      Next hop

      169.254.1.1

      169.254.2.1

      The VBRs learn the routing rules from BGP peers. After a VBR is associated with an ECR, the VBR advertises the BGP routing information learned from the data center to the ECR, including AS paths.

    • The following table describes the global route configurations.

      Route configurations of the CPEs

      Configuration

      CPE1

      CPE2

      VLAN Tag

      110

      120

      Network

      172.16.1.0/24

      172.16.1.0/24

      BGP ASN

      6***3

      6***4

      Interface IP

      169.254.1.1/24

      169.254.2.1/24

      AS-Path

      B, A

      B, A

      Route configurations of the VBRs

      Configuration

      VBR1

      VBR2

      Destination CIDR block

      172.16.1.0/24

      172.16.1.0/24

      Next hop

      169.254.1.1

      169.254.2.1

      Route configurations in the data center

      Destination CIDR block

      10.1.0.0/16

      Next hop

      1. 169.254.1.2

      2. 169.254.2.2

    Step 8: Test network connectivity

    1. Log on to a server in the data center that is associated with the EIP.

    2. Run the following command to check whether the server can access the Internet and whether the IP address that is used to access the Internet is the EIP associated with the data center. 

      curl http://members.3322.org/dyndns/getip