Redundant physical connection

Last Updated: Aug 04, 2017

Application scenario

You can apply redundant physical connection to connect your on-premises IDC to your VPC. Redundant physical connection provides a disaster tolerant environment, delivering a more efficient and resilient intranet communication.

Physical connection is comprised with a leased line and a VBR. You can apply up to four leased lines to set up redundant physical connection.

In the following example, we apply two leased lines to build redundant physical connection. Assume that you have:

  • An IDC (private CIDR Block: 172.16.0.0/12) in China North 2 (Beijing) region
  • A VPC (name: Cloud_Data_Center, CIDR Block: 192.168.0.0/16) in the China East 1 (Hangzhou) region

You then apply for two 100 Mbit/s leased lines from two carriers separately to connect your Beijing IDC with the Alibaba Cloud access point in Beijing.

6

Procedure

To set up redundant physical connection:

Step 1: Apply for leased lines

Step 2: Offline physical connection deployment

Step 3: Create VBRs

Step 4: Create router interfaces

Step 5: Configure routes on the two VBRs

Step 6: Open a ticket to apply for ECMP health check

Step 7: Forward equivalent route traffic from the VPC to the VBR

Step 1: Apply for leased lines

Open a ticket to Alibaba Cloud to get the approximate geographical location of the access point, and then inquiry carriers about price according to the location.

Apply for the first leased line:

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, select Leased Line.

  3. Click Apply for Leased Line Access.

  4. Complete the required information, for example:

    • Leased Line Name: Beijing_Local
    • Access Point: Beijing Beijing-Daxing-A
    • Carrier: China, Other
    • Access Port Type: 100Base-T-100M electrical port
    • Access Bandwidth: 100 Mbit/s
    • Peer Address: No. XX, XX Street, XX District, Beijing
    • Redundant Leased Line: None
  5. Click Confirm Application.

  6. On leased line list page, choose China North 2 (Beijing) on the top of the page. Find the leased line you applied for, the status of the physical connection is Application in Progress.

    Note: The application is approved in the following workday in most cases. Then, the physical connection status changes to Approved.

  7. After the application is approved, click Pay Access Fee. Then the system automatically assigns you a port and physical connection ID. In this example, the physical leased line ID is pc- 123xyz.

    Note: After the system assigned you a port, the leased line status changes to Access Construction in Progress.

  8. Click View to see the leased line construction information, such as the machine room location, server rack location, and port information.

Apply for the second leased line:

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, select Leased Line.

  3. Click Apply for Leased Line Access.

  4. Complete the required information, for example:

    • Leased Line Name: Beijing_Local

    • Access Point: Beijing Beijing-Daxing-A

    • Carrier: China Telecom

    • Access Port Type: 100Base-T-100M electrical port

    • Access Bandwidth: 100 Mbit/s

    • Peer Address: No. XX, XX Street, XX District, Beijing

    • Redundant Leased Line: pc-123xyz
      Note: For the second leased line, you can select any access point in the same region. If you select the same access point as the first connection, use the ID of the first leased line as its redundant leased line. If you select a different access point, the two lines will be inherently redundant and you do not have to select Redundant Physical Connection.

  5. Click Confirm Application. After approval, pay the fee to receive the port location.

Step 2: Offline physical connection deployment

  1. Provide the port information to your carrier and instruct them to connect the leased line to this port.

    After the carrier investigates the resources, they provide a staff list detailing who will be sent to the designated Alibaba Cloud data center (including their names, ID numbers, and phone numbers).

  2. Open a ticket to Alibaba Cloud to inform the after-sales staff of when the carrier staff will visit the data center and provide them with your received staff list and the acquired connection ID.

    The next working day, Alibaba Cloud after-sales staff schedules an appointment at the data center for the carrier staff and provide you with contact information.

  3. Inform the carrier the contact information.

  4. After the carrier completes deployment in the Alibaba Cloud data center, Alibaba Cloud after-sales staff change the connection status to Waiting for Confirmation.

  5. After the carrier notifies you that the connection is deployed, go to the physical connection page on the console and click Confirm.

    This will change the connection status to Normal. The physical connection is now in operation.

Step 3: Create VBRs

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, select Virtual Border Router.

  3. Click Create VBR.

  4. Complete the relevant parameters. For example:

Note:
• VLAN ID: If you need to use logical lines, use 1- 2999 to define the logical VLAN. For a simple interconnection that does not need to be divided into logical channels, use VLAN0.
• The interconnection IP address of each VBR must be mutually independent, and the addresses for the two VBRs should belong to different CIDR Blocks.

VBR 1:

  • Name: Beijing_Border_Router 1

  • Description: Beijing leased line

  • Physical Connection: pc-123xxx (the ID for “Beijing_Local_Connection1”)

  • VLAN ID: 0 (When VLAN ID=0, this indicates a router is used. If you do not have special requirements, enter 0.)

  • Circuit Code: MSTPxxx1

  • Addresses: Alibaba Cloud side: 10.100.0.1; customer side: 10.100.0.10; subnet mask: 255.255.255.0


VBR 2:

  • Name: Beijing_Border_Router 2

  • Description: Beijing leased line

  • Physical Connection: pc-456xxx (the ID for “Beijing_Local_Connection2”)

  • VLAN ID: 0 (When VLAN ID=0, this indicates a router is used. If you do not have special requirements, enter 0.)

  • Circuit Code: MSTPxxx2

  • Addresses: Alibaba Cloud side: 10.100.1.1; customer side: 10.100.1.10; subnet mask: 255.255.255.0

Step 4: Create router interfaces

Connect VBR 1 to the VPC through a router interface

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, choose Create Router Interface.

  3. In the router interface purchase page, complete the required information, for example:

    • Billing Method: Subscription
    • Scenario: Physical Access

    • Router Creation: Create Initiator and Receiver

    • Router Type: VBR

    • Local Region: China North 2 (Beijing)

    • Access Point: Beijing Beijing-Daxing-A

    • Local VBR ID: Beijing_Border_Router1

    • Peer Region: China East 1 (Hangzhou)

    • Peer Router Type: VRouter

    • Peer VPC ID: Cloud_Data_Center

  4. Click Buy Now.

  5. Check the router interface status. When this status changes to Active, two router interface instances are created:

    • The router interface instance connecting VBR 1 to the VPC router: ri-VBR1-to-VPC.
    • The router interface instance connecting the VPC router to VBR 1: ri-VPC-to-VBR1.

Connect VBR 2 to the VPC through a router interface

  1. Log on to Express Connect console.

  2. In the left-side navigation pane, choose Create Router Interface.

  3. In the router interface purchase page, complete the required information, for example:

    • Billing Method: Subscription
    • Scenario: Physical Access

    • Router Creation: Create Initiator and Receiver

    • Router Type: VBR

    • Local Region: China North 2 (Beijing)

    • Access Point: Beijing Beijing-Daxing-A

    • Local VBR ID: Beijing_Border_Router2

    • Peer Region: China East 1 (Hangzhou)

    • Peer Router Type: VRouter

    • Peer VPC ID: Cloud_Data_Center

  4. Click Buy Now.

  5. Check the router interface status. When this status changes to Active, two router interface instances are created:

    • The router interface instance connecting VBR 2 to the VPC router: ri-VBR2-to-VPC.
    • The router interface instance connecting the VPC router to VBR 2: ri-VPC-to-VBR2.

Step 5: Configure routes on the two VBRs

VBR 1

Forward traffic to the IDC address “172.16.0.0/12”.

  1. Log on to Express Connect console.

  2. Select VBR 1, and click Manage to go to the VBR Details page.

  3. Click Add Route and complete the required information, for example:

    • Destination CIDR Block: The CIDR Block of IDC. In this example, enter 172.16.0.0/12.

    • Next Hop Direction: Physical Connection

  4. Click OK to complete the configuration.

  5. Use a server in the IDC to ping the Alibaba Cloud address 10.100.0.1.

Forward traffic to the VPC address “192.168.0.0/16”.

  1. Log on to Express Connect console.

  2. Select the VBR, and click Manage.

  3. Click Add Route and complete the required information, for example:

    • Destination CIDR Block: The CIDR Block of peer VPC. In this example, enter 192.168.0.0/16.

    • Next Hop Direction: VPC

    • Next Hop: In the drop-down list, choose the router interface used as date outlet of the VBR, namely, the router interface of the VBR. In this example, choose Beijing_Router_Interface (ri-VBR1-to-VPC).

  4. Click OK to complete the configuration.

VBR 2

Forward traffic to the IDC address “172.16.0.0/12”.

  1. Log on to Express Connect console.

  2. Select VBR 1, and click Manage to go to the VBR Details page.

  3. Click Add Route and complete the required information, for example:

    • Destination CIDR Block: The CIDR Block of IDC. In this example, enter 172.16.0.0/12.

    • Next Hop Direction: Physical Connection

  4. Click OK to complete the configuration.

  5. Use a server in the IDC to ping the Alibaba Cloud address 10.100.1.1.

Forward traffic to the VPC address “192.168.0.0/16”.

  1. Log on to Express Connect console.

  2. Select the VBR, and click Manage.

  3. Click Add Route and complete the required information, for example:

    • Destination CIDR Block: The CIDR Block of peer VPC. In this example, enter 192.168.0.0/16.

    • Next Hop Direction: VPC

    • Next Hop: In the drop-down list, choose the router interface used as date outlet of the VBR, namely, the router interface of the VBR. In this example, choose Beijing_Router_Interface (ri-VBR2-to-VPC).

  4. Click OK to complete the configuration.

Step 6: Open a ticket to apply for ECMP health check


In ECMP traffic, Alibaba Cloud uses the hash algorithm to keep traffic on each of the two physical lines, and to keep the two lines one-on-one load balance.


After receiving your application, Alibaba Cloud reserves two IP addresses in your VPC within one business day. These addresses are used as health check source IP addresses. They are configured to send a ping packet every 3 seconds. If they send 5 consecutive pings, and do not receive a response, the system switches over to the other line.


At the same time, Alibaba Cloud generates two 32-bit host anaphora routes for you, from the Beijing IDC to the two health check addresses. If the health check addresses are 192.168.1.241 and 192.168.1.242, you need to configure the leased line on the user side. For example:

  1. ip route 192.168.1.241/32 10.100.1.1
  2. ip route 192.168.1.242/32 10.100.0.1

Step 7: Forward equivalent route traffic from the VPC to the VBR

  1. Log on to VPC console.

  2. Find the VPC, and click Manage.

  3. In the left-side navigation pane, select VRouter.

  4. Click Add Route and complete the required information, for example:

    • Destination CIDR Block: The CIDR Block of IDC. In this example, enter 172.16.0.0/12.

    • Next Hop Type: Router Interface

    • Route Type: Equivalent Route

    • Router Interface: In the drop-down list, choose the router interface used as data outlet of the local router. In this example, choose Beijing_Router_Interface1 (ri-VPC-to-VBR1) and Beijing_Router_Interface2 (ri-VPC-to-VBR2).

  5. Click OK to complete the configuration.

You have now finished route configurations on Alibaba Cloud. However, on the leased line access device of customer side, you need to add route entries forward traffic to the VPC.

  1. ip route 192.168.0.0/16 10.100.0.1
  2. ip route 192.168.0.0/16 10.100.1.1

Your total bandwidth is now the aggregate bandwidth of the two lines (100 Mbit/s*2). You can manage the access between IDC equipment and Alibaba Cloud products by adjusting the ECS security group rules, adding an RDS white list, or by using other methods as desired.

Thank you! We've received your feedback.