You can connect a data center to a virtual private cloud (VPC) on Alibaba Cloud by using an Express Connect circuit. This enables the data center and the VPC to exchange data through private connections.
Sample scenario
As shown in the following figure, an enterprise has a data center in Hangzhou, China, and deploys a VPC in the China (Hangzhou) region. The enterprise needs to apply for an Express Connect circuit to connect the data center to the VPC.
Item | IP address/CIDR block |
VPC CIDR block | 192.168.0.0/16 and 10.0.0.0/16 |
CIDR block of the data center | 172.30.0.0/24 |
Peer IP addresses configured on the VBR |
|
Prerequisites
A VPC is created in the China (Hangzhou) region. For more information, see Create a VPC with an IPv4 CIDR block.
A transit router is created in China (Hangzhou) and is associated with a VPC. For more information, see Create a VPC connection.
NoteBefore you connect an Enterprise Edition transit router to a VPC, ensure that the VPC has at least one vSwitch in a zone that supports Enterprise Edition transit routers. The vSwitch must have at least one idle IP address. In this example, the transit router is deployed in the China (Hangzhou) region, and the supported zones are Zone H and Zone I.
An access point of an Express Connect circuit is chosen, and a pre-installation site survey is completed by your connectivity provider. For more information, see Preparations.
You have read and understand the billing rules of dedicated Express Connect circuits. For more information, see Billing overview.
Step 1: Apply for an Express Connect circuit and install it
Log on to the Express Connect console, click Create Physical Connection, and select Classic Mode.
Parameter
Description
Region
Select the region where you want to create a connection over an Express Connect circuit. In this example, China (Hangzhou) is selected.
Leased Line Provider
Select a connectivity provider. The available access points vary based on the connectivity provider. In this example, China Mobile is selected.
NoteIf you choose China Unicom, China Telecom, or China Mobile as the ISP, you can lease lines only from the selected ISP. You are not allowed to lease lines from other ISPs. China Unicom, China Telecom, and China Mobile do not support bare optical fiber access.
Access Point
Select the access point that is nearest to your data center. In this example, Hangzhou-Xiaoshan-D is selected.
Port Type
Select the port type. In this example, 1 GE Single-Mode Optical Port is selected.
The resource occupation fees vary based on the port type. Choose the port type that best meets your business requirements.
After you purchase a port, follow the steps in Apply for an LOA and Install the Express Connect circuit and pay the resource occupation fee.
Step 2: Create a virtual border router (VBR)
After the Express Connect circuit is installed, you must create a VBR to exchange data between the VPC and the data center.
Log on to the Express Connect console.
In the top navigation bar, select a region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
Create a VBR.
On the Virtual Border Routers (VBRs) page, click Create VBR.
In the Create VBR panel, configure the following parameters and click OK.
The following table describes only the most relevant parameters. For more information, see Create and manage a VBR.
Parameter
Description
Account
By default, Current Account is selected.
Name
Enter a name for the VBR.
Physical Connection Information
In this example, Dedicated Physical Connection is selected. Then, select the Express Connect circuit created in Step 1: Apply for an Express Connect circuit and install it.
VLAN ID
Enter the VLAN ID of the VBR. In this example, 110 is entered.
Set VBR Bandwidth Value
Set the bandwidth of the VBR.
IPv4 Address (Alibaba Cloud Gateway)
Enter an IPv4 address for the VBR to route network traffic between the VPC and the data center. In this example, 10.0.0.1 is entered.
IPv4 Address (Data Center Gateway)
Enter an IPv4 address for the gateway device in the data center to route network traffic between the data center and the VPC. In this example, 10.0.0.2 is entered.
Subnet Mask (IPv4)
Enter the subnet mask of the IPv4 addresses that you specified for the Alibaba Cloud gateway and the data center gateway. In this example, 255.255.255.252 is entered.
Step 3: Create an Express Connect Router (ECR)
Log on to the Express Connect Console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, click Create ECR.
In the Create ECR dialog box, configure the parameters that are described in the following table, select I have read and understand the billing rules, and then click OK.
Parameter
Description
Name
The name of the ECR.
ASN
The ASN of the ECR. Default value: 45104. Valid values: 45104, 64512 to 65534, and 4200000000 to 4294967294. The value of 65025 is reserved by Alibaba Cloud.
Resource Group
Select the resource group to which the ECR belongs.
Tag Key
Select or enter a tag key.
Tag Value
Select or enter a tag value.
Description
The description of the ECR.
Step 4: Associate the VBR with the ECR
Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR), and then on the Express Connect Router (ECR) page, click the ECR instance.
Click the VBR tab, and then click Associate VBR.
In the Associate VBR dialog box, configure the following parameters, and then click OK.
Parameter
Description
Resource Owner
The type of the account to which the VBR belongs. Valid values:
Current Account
Another Account: If you want to associate a VBR with the ECR across accounts, you must authorize the ECR that belongs to the current Alibaba Cloud account to access the VBR that belongs to another Alibaba Cloud account. For more information, see Grant permissions to the ECR by using the VBR.
In this example, Current Account is selected.
Region
The region in which the VBR resides.
Network Instance
Select the VBR created in Step 2.
Step 5: Configure BGP and enable BFD
Configure BGP
The data center and VBRs are specified as BGP peers and the BGP routes are advertised. For more information, see Configure and manage BGP.
NoteThe default Autonomous System Number (ASN) of the ECR is 45104. You can specify a custom ASN.
The ASN of Alibaba Cloud is the same as that of the ECR. The ASN must be 2 or 4 bytes in length.
Advertise the BGP route (172.30.0.0/24) on the data center to Alibaba Cloud.
Route configurations may vary based on the gateway device. For more information, consult the vendor of your gateway device.
Enable BFD
Enable BFD for the VBRs to accelerate network convergence.
Log on to the Express Connect console.
In the top navigation bar, select the region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click Edit in the Actions column.
In the Edit VBR panel, configure the parameters and click OK.
Only BFD-related parameters are listed. Use default values for the other parameters.
Configuration
Description
Submission Interval
The time interval at which BFD packets are sent. Unit: milliseconds.
Default value: 1000. In this example, the default value is used.
Reception Interval
The time interval at which BFD packets are received. Unit: milliseconds.
Default value: 1000. In this example, the default value is used.
Detection Time Multiplier
The detection time multiplier that is used to determine the maximum number of lost packets.
Default value: 3. In this example, the default value is used.
On the Virtual Border Routers (VBRs) page, click the ID of the VBR for which you want to configure BGP routing.
On the details page of the VBR, click the BGP Peers tab.
Find the BGP peer that you want to manage and click Edit in the Actions column.
In the Modify BGP Peer panel, select Enable BFD, configure the BFD Hop Count parameter, and then click OK.
NoteBFD supports single-hop and multi-hop authentication. You can set hops based on your network configuration.
If you use BFD in a multi-cloud environment or a fiber-optic direct connection network without any bridge device, you need to change the default BFD hop count from 255 to 1.
Step 6: Associate the ECR with the transit router
Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR), and then on the Express Connect Router (ECR) page, click the target ECR instance.
Click the TR tab. On the TR tab, click Associate TR.
In the Associate TR dialog box, configure the parameters that are described in the following table and click OK.
The following table describes only the key parameters. For more information, see Associate a transit router.
Parameter
Description
CEN ID
The ID of the CEN instance to which the TR belongs.
Region
Select China (Hangzhou), which is the region of the transit router.
TR
Select the transit router.
Step 7: Test network connectivity
You can run the ping command in the data center to check the connectivity between the data center and the VPC.
Open the command-line interface (CLI) on a server in the data center.
Run the
ping 192.168.0.10and ping 10.0.0.233 commands to check whether the data center can access the VPC.If the server in the data center receives echo reply packets, the data center and the VPC are connected.
References
For more information about how to troubleshoot connectivity issues between a data center and a VPC, see Troubleshooting.
You can test the data transfer rate of your Express Connect circuit to ensure that the Express Connect circuit meets your business requirements. For more information, see Test the performance of an Express Connect circuit.
For more information about how to troubleshoot issues related to Express Connect circuit installation, see FAQ about installing an Express Connect circuit.
For more information about how to troubleshoot issues related to Express Connect circuit connections, see FAQ about connections over Express Connect circuits.