edit-icon download-icon

Access a VPC under the same account through a physical connection

Last Updated: Jan 09, 2018

As shown in the following figure, this tutorial provides a step-by-step guidance on connecting an on-premises IDC to the Alibaba Cloud VPC by using the physical connection.

Access a VPC over a physical connection

Step 1: Apply for and install a physical connection

An access point is a data center connecting to the backbone network of Alibaba Cloud. Each region has one or more access points. Before applying for a physical connection, you need to open a ticket to obtain the approximate location of the access point and its according carrier. Then, consult with the carrier regarding the price.

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, click Physical Connection > Leased Line.

  3. Click Apply for Leased Line Access.

  4. Provide the leased line information and then click Apply.

    The following are the settings used in this tutorial. For more information, refer to Apply for leased line access.

    • Leased Line Name: Beijing_Local

    • Access Point: Beijing Beijing-Daxing-A

    • Carrier: China, Other

    • Access Port Type: 100Base-T-100M electrical port

    • Access Bandwidth: 100 Mbit/s

    • Peer Address of Leased Line: No. XX, XX Street, XX District, Beijing

    • Redundant Leased Line: None

  5. Wait for Alibaba Cloud for reviewing and approving the application.

    The approve process usually takes two workdays. Once approved, the status of the leased line changes to Approved.

  6. After the application is approved, click Pay Access Fee to pay the fee.

    The system automatically assigns you a port and a physical connection ID and the leased line status changes to Access Construction in Progress. You can click View to check the leased line details.

  7. Instruct your carrier to connect the leased line to the allocated port.

  8. The carrier provides a list of staff who will be sent to the designated Alibaba Cloud data center (including their names, ID numbers, and phone numbers).

    1. Open a ticket to Alibaba Cloud to inform the after sales staff about the carrier staff list, the acquired connection ID, and when the carrier staff will go to the data center.

    2. In the following workday, Alibaba Cloud after sales staff will schedule an appointment at the data center for the carrier staff. Inform the carrier of the appointment information.

  9. After the carrier completes deployment in the Alibaba Cloud data center, Alibaba Cloud after sales staff changes the leased line status to Waiting for Confirmation.

  10. After the carrier notifies you that the connection is deployed, find the leased line on the console and click Confirm. The leased line status then changes to Normal. The installation of the leased line is now completed.

Step 2: Create a VBR on the physical connection

Virtual border router (VBR) works as a router between the IDC and VPC VRouter, forwarding your data between your VPC and IDC.

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, click Physical Connection > Virtual Border Router.

  3. Click Create VBR.

  4. Complete the required information. The following are the settings used in this tutorial. For more information, refer to Create a virtual border router.

    • Object: This Account
    • Name: Beijing_Border_Router

    • Description: Beijing leased line

    • Leased Line: In the drop-down list, select the leased line on which to establish a VBR. In this example, select Beijing_Local.

    • VLAN ID: 0 (VLAN ID=0 indicates a router layer-3 route port)

    • Circuit Code: MSTPxxxx

    • Addresses: Alibaba Cloud Side: 10.100.0.1; Customer Side: 10.100.0.10; Subnet Mask: 255.255.255.0

  5. Click Confirm Creation.

    Note: The status of VBR is Normal indicates that the VBR has been created successfully.

Step 3: Connect the VBR to the VPC through router interfaces

A router interface is a virtual device used to set up a communication channel and control the working status. Create a router interface for the VPC and VBR separately to create a communication channel for the VPC and VBR.

When creating a router interface, designate the router interface as initiator or receiver. Only the initiator can initiate a connection, and only the initiator is charged. The router interface of VBR must serve as the initiator.

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, click VPC Connection > Router Interface.

  3. Click Create Router Interface and configure the router interface.

    The following are the settings used in this tutorial.

    • Billing Method: Subscription

    • Scenario: Physical Access

    • Router Creation: Create Initiator and Receiver

    • Router Type: VBR

    • Local Region: China North 2 (Beijing)

    • Access Point: Beijing Beijing-Daxing-B

    • Local VBR ID: Beijing_Border_Router

    • Peer Region: China East 1 (Hangzhou)

    • Peer Router Type: VRouter

    • Peer VPC ID: Cloud_Data_Center

  4. Click Buy Now to create the router interfaces.

    Note: In this scenario, after creating the local router interface, the system automatically creates a peer router interface for you.

  5. Go back to the Router Interface List page to check the two router interfaces created in China North 2 (Beijing) region and China East 1 (Hangzhou) region. When the status is Connected indicating the router interfaces work normally.

    Create router interfaces

Step 4: Configure routing

You have to configure routing separately for the VPC, VBR and IDC to route the traffic through them. For more information, refer to Configure a route.

Configure routing for VBR

Follow these steps to route the traffic destined for the IDC (CIDR Block: 172.16.0.0/12) to the leased line:

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, click Physical Connection > Virtual Border Router.

  3. Click the ID of the target VBR.

  4. Click Add Route Entry and configure the route entry. Click OK.

    • Destination CIDR Block: The CIDR block of the IDC. In this example, enter 172.16.0.0/12.

    • Next Hop Direction: To Leased Line

      To test the configuration, ping the Alibaba Cloud address 10.100.0.1 on an IDC server.

Follow these steps to route the traffic destined for the VPC (CIDR Block: 192.168.0.0/16) to the VPC router interface:

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, click Physical Connection > Virtual Border Router.

  3. Click the ID of the target VBR.

  4. Click Add Route Entry and configure the route entry. Click OK.

    • Destination CIDR Block: The CIDR Block of the peer VSwitch. In this example, enter 192.168.0.0/16.

    • Next Hop Direction: To VPC

    • Next Hop: In the drop-down list, choose the router interface serves as data outlet of the VBR, namely, the router interface of the VBR.

Add route entry for VPC

Follow these steps to route the traffic destined for the IDC to the VBR:

  1. Log on to Express Connect console.

  2. On the Router Interface List page, find the target VPC router interface.

  3. Click Route Configuration.

  4. Click Add Route Entry and configure the route entry. Click OK.

    • Destination CIDR Block: The CIDR block of the IDC. In this example, enter 172.16.0.0/12.

    • Next Hop Type: Router Interface

    • Router Interface: Click General Routing. In the drop-down list, choose the router interface used as data outlet of the VPC, namely, the router interface of the VPC.

Add route entry for IDC access device

Now the route configuration is completed for the Alibaba Cloud side. However, to establish the connection from the IDC to the VPC, you have to add a route entry for the equipment of you IDC to route traffic destined for the VPC to the IP of the Alibaba Cloud side.

For example:

  1. ip route 192.168.0.0/16 10.100.0.1

You can also use BGP to connect the VBR and the IDC. To establish a BGP communication channel, follow these steps:

  1. Create a BGP peer group, see Create BGP peer groups.

  2. Add BGP peers to the BGP group, see Create BGP peers.

  3. Advertise the BGP network in the VBR, see Advertise BGP network.

    Note: Ensure the destination CIDR block of the BGP route entry is the static route that you have configured. In this tutorial, it is 192.168.0.0/16.

Thank you! We've received your feedback.