This tutorial describes how to use Express Connect to connect two VPCs under the same account.

Note If this is the first time that you are using Express Connect to interconnect two VPCs, we recommend that you use Cloud Enterprise Network (CEN). For more information, see Tutorial overview.

Example

This tutorial uses the following two VPCs as an example to show you how to fulfill VPC intercommunication by using Express Connect.

Prerequisites

The Classless Inter-Domain Routing (CIDR) blocks of the VPCs or VSwitches that you want to interconnect do not conflict.

Step 1: Create a peering connection

Perform the following steps to create a peering connection:

  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, click VPC Peering Connections > VPC-to-VPC.
  3. Select a region.

    In this example, select China (Qingdao).

  4. Click Create Peering Connection.

  5. Configure the peering connection.

    In this example, use the following configurations:

    • Connection Type: Select VPC-to-VPC.

    • Routers to Create: Select Initiator and Acceptor.

      The system sets the selected local VPC as the connection initiator, sets the peer VPC as the acceptor, and automatically connects the initiator and the acceptor.

    • Local Region: Select the region of the local VPC. In this example, select China (Qingdao).

    • Local VPC ID: Select the local VPC, that is, the initiator of the connection. In this example, select VPC1.

    • Peer Region: Select the region of the peer VPC. In this example, select China (Beijing).

    • Peer VPC ID: Select the peer VPC to be connected. In this example, select VPC2.

    • Specification: Select a bandwidth for the interconnection. In this example, select 2 Mb.

  6. Click Buy Now and complete the payment.
  7. Go back to the VPC Peering Connections page to check the created peering connection.
    When the initiator and the acceptor are both in the activated state, the connection is established successfully.

Step 2: Configure routes

After establishing the peering connection, add a route for each of the two interconnected VPCs.

Perform the following steps to configure the routes:

  1. On the VPC Peering Connections page, find the created peering connection.
  2. Click Route Settings under the initiator instance.

  3. Click Add Route Entry, enter the destination CIDR block of the VPC or VSwitch that you want to connect, and then click Confirm.

    In this example, enter the CIDR block of the peer VPC: 172.16.0.0/16.

  4. Click Route Settings under the acceptor instance.

  5. Click Add Route Entry, enter the destination CIDR block of the VPC or VSwitch that you want to connect, and then click Confirm.

Step 3: Configure security groups

After establishing the peering connection between the two VPCs, you need to configure security groups to enable the intercommunication of ECS instances in these two VPCs.

This tutorial uses the ECS instances and security groups in the following table as an example.
Configuration Account A Account A
Account ID AccountID_A AccountID_A
ECS instance ID InstanceID_A InstanceID_B
Security group ID SecurityGroupID_A SecurityGroupID_B
You can view the account ID in the Account Center.

Perform the following steps to configure the security group rule:
  1. Log on to the ECS console.
  2. In the left-side navigation pane, click Networks and Security > Security Groups.
  3. Select the region of the instance.
  4. Find the target security group and then click Add Rules.
  5. On the Security Group Rules page, click Add Security Group Rule.
  6. Configure the security group rule, select the protocol type, and enter the port range.
    Notice For cross-region VPC interconnection, select the CIDR block authorization type and enter the CIDR block of the peer VPC.

    If you select the security group authorization type, make sure that the VPCs are in the same region.

    In this example, select the CIDR block authorization type.

Step 4: Test the connection

After establishing the peering connection and adding the routes, you can log on to an ECS instance of either VPC and ping the IP address of an ECS instance in the other VPC. If the ping succeeds, the connection between the two VPCs is successful.