You can connect a data center to Alibaba Cloud through a standby Express Connect circuit. Then, the data center can communicate with Alibaba Cloud virtual private clouds (VPCs) over high-quality and reliable connections that are established by the standby Express Connect circuit. Alibaba Cloud supports at most four Express Connect circuits to achieve equal-cost multi-path (ECMP) routing.

Example

The following example is used in this topic to describe how to connect a data center to Alibaba Cloud through a standby Express Connect circuit.

A company has a data center in Beijing with a private CIDR block of 172.16.0.0/12. The company also has a VPC deployed in the China (Hangzhou) region with a CIDR block of 192.168.0.0/16. To solve a single point of failure (SPOF), the company plans to apply for two Express Connect circuits from two Internet service providers (ISPs). The Express Connect circuits are used to connect the data center to Alibaba Cloud access points in Beijing.

Scenario

Step 1: Apply for the first Express Connect circuit

When you create a dedicated connection over an Express Connect circuit, you can contact an Alibaba Cloud partner or apply for it in the Express Connect console. This example describes how to apply for an Express Connect circuit in the Express Connect console. For more information, see Create a dedicated connection over an Express Connect circuit.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region to which the Express Connect circuit belongs, and click Exclusive Physical Connection.
  3. On the Exclusive Physical Connection page, click Apply for New Interface.
  4. Set the following parameters on the buy page and click Buy Now. On the Confirm Order page, click Pay.
    • Region: Select a region where you want to deploy the Express Connect circuit. In this example, China (Beijing) is selected.
    • SP: Select an ISP for the Express Connect circuit. In this example, Others is selected.
    • Access Point: Select the nearest access point to the data center. In this example, Beijing-Daxing-A-GDS is selected.
    • Understand Billing Rules: Make sure that you understand the billing rules of Express Connect circuits. In this example, Yes is selected.
    • Port Specification: Select a port specification. In this example, 10G is selected.
    • Port Type: Select a port type. In this example, 10GBase-LR is selected.
    • Redundant Connection ID: In this example, None is selected because this is the first Express Connect circuit.
  5. Return to the Exclusive Physical Connection page and view the Express Connect circuit.

    The Express Connect circuit is in the To Apply for LOA state.

  6. In the Actions column that corresponds to the Express Connect circuit, click Apply for LOA.
  7. On the Apply for LOA page, set the required parameters and click OK.

    Then, the Express Connect circuit enters the In Application state.

    In most cases, Alibaba Cloud will finish reviewing your application on the second business day. If your application is approved, the state of the Express Connect circuit changes to Approved. Then, you can proceed with the following steps.

  8. After your application is approved, click Pay for Connection to complete the payment.

    After the payment is completed, the system automatically assigns a port and ID to the Express Connect circuit. In this example, the ID pc-123xyz is assigned to the Express Connect circuit.

Step 2: Apply for the second Express Connect circuit

Apply for the second Express Connect circuit. For more information, see Step 1: Apply for the first Express Connect circuit.

Note When you select an access point for the second Express Connect circuit, make sure that the access point belongs to the region where the first Express Connect circuit is deployed.
  • If you select the same access point for both Express Connect circuits, specify the first Express Connect circuit as the standby connection. In this case, make sure that the initial installation fee of the first Express Connect circuit is paid.
  • If you select a different access point for the second Express Connect circuit, each Express Connect circuit can take over when the other Express Connect circuit is not working as expected. Therefore, select None for Redundant Connection ID.

Step 3: Complete installation

After you apply for Express Connect circuits, the ISPs must complete installation of the Express Connect circuits.

  1. View port information about the Express Connect circuits

    After the system assigns ports, both Express Connect circuits enter the Under Construction state. You can click View on the right to view construction information about the Express Connect circuits, including data center location, server rack location, and port information.

  2. Inform the ISPs of the port information and ask the ISPs to deploy cables.

    After the ISPs complete the pre-installation survey, they will provide you with the information about the engineers. The information includes the time when the engineers will go to the Alibaba Cloud data center, and the IDs of the Express Connect circuits.

  3. Submit a ticket to inform Alibaba Cloud of the circuits that are deployed by ISP engineers.

    Alibaba Cloud will make an appointment with the ISP engineers on the second business day, and provide you with the contact information about the reception staff in the data center. In addition, Alibaba Cloud will inform the ISP of the preceding information. After the ISP completes installation in the Alibaba Cloud data center, the state of the Express Connect circuit changes to Pending.

  4. After the ISPs inform you that the installation is completed, click OK.

    After the installation is completed, both Express Connect circuits enter the Normal state.

Step 4: Create VBRs for both Express Connect circuits

After both Express Connect circuits are enabled, you must create a virtual border router (VBR) for each one. A VBR is used to transfer data between the VPC and data center.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region to which the VBR belongs, and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, click Create VBR.
  4. Set the following parameters to create a VBR for the first Express Connect circuit.
    • Account: By default, you can select only Current account. This indicates that you are creating a VBR for the current Alibaba Cloud account.
    • Name: Enter a name for the VBR. In this example, VBR1 is used.
    • Physical Connection Interface: Select the ID of the first Express Connect circuit. In this example, pc-123xyz is selected.
    • VLAN ID: Set the value to 0. This indicates that Layer 3 router interfaces are used.
    • IPv4 Address of Gateway at Alibaba Cloud Side: Enter the IP address of the gateway that routes traffic from the VPC to the data center. In this example,10.100.0.1 is used.
    • IPv4 Address of Gateway at Customer Side: Enter the IP address of the gateway that routes traffic from the data center to the VPC. In this example,10.100.0.10 is used.
    • Subnet Mask (IPv4 Address): Enter the subnet mask of the IP addresses on the Alibaba Cloud side and on the customer side. 255.255.255.0 is used in this example.
  5. Repeat the preceding step to create another VBR for the second Express Connect circuit. In this example, VBR2 is created.

Step 5: Create a peering connection

When you establish a standby connection, you must establish a peering connection between the VPC and each VBR to forward messages.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and choose VPC Peering Connections > VBR-to-VPC in the left-side navigation pane.
  3. On the VBR-to-VPC page, click Create Peering Connection.
  4. On the VBR-to-VPC page, click Create Peering Connection.
  5. Set the following parameters to establish a peering connection between VBR1 and the VPC.
    Parameter Description
    Product Type Select a billing method. In this example, PrePaid is selected.
    Account

    Specify whether the VBR and VPC belong to the same Alibaba Cloud account.

    • Same-account: The VBR and VPC belong to the same Alibaba Cloud account. In this case, the system creates the initiator and acceptor, and automatically establishes a connection.
    • Cross-account: The VBR and VPC belong to different Alibaba Cloud accounts. In this case, you must create the initiator and acceptor, and initiate a connection request from the initiator.

    In this example, Same-account is selected.

    Connection Type

    Select the type of the peering connection.

    • VPC-to-VPC: The peering connection is established between two VPCs.
    • VBR-to-VPC: The peering connection is established between a VPC and a VBR.

    In this example, VBR-to-VPC is selected.

    Routers to Create Select the scenario where the VBR is created. In this example, Initiator and Acceptor is selected. This indicates that both the initiator and acceptor are created. After the initiator VBR and acceptor VBR are created, the initiator VBR automatically connects to the acceptor VBR.
    Router Type Select the type of the router that you want to create. In this example, Virtual Border Router (VBR) is selected.
    Region and Zone Select the region where the Express Connect circuit is deployed. In this example, China (Beijing) is selected.
    Local Access Point Select an access point for the Express Connect circuit. In this example, Beijing-Daxing-A is selected.
    Local VBR ID Select the ID of VBR1. In this example, Local VBR ID is selected.
    Peer Region Select the region where the peer VPC is deployed. In this example, China (Hangzhou) is selected.
    Peer VPC ID Select the ID of the peer VPC.
    Bandwidth Specify a bandwidth value for the peering connection.

    You do not need to specify a bandwidth value for the acceptor VBR. The default bandwidth is used.

    Validity Select a validity period for the Express Connect circuit.

    To enable automatic renewal upon expiration, select Auto-renewal.

  6. Click Buy Now and complete the payment.
  7. Repeat the preceding step to create a peering connection between VBR2 and the VPC.

Step 6: Configure IP addresses for health checks

Alibaba Cloud sends a ping packet every 2 seconds from each source IP address for to the destination of the data center. If no responses are returned in one Express Connect circuit after eight consecutive ping packets, the system automatically switches to the other Express Connect circuit. You must configure IP addresses for health checks in the router interface of the VPC.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and choose VPC Peering Connections > VBR-to-VPC in the left-side navigation pane.
  3. On the VBR-to-VPC page, find the peering connection that you created in Step 4, and choose icon > Health Check in the Actions column.
  4. Click Settings, set the following parameters in the dialog box that appears, and then click OK.
    • Source IP: Specify an idle IP address of the VPC as the source IP address for health checks.
    • Destination IP: Specify a destination IP address for health checks. We recommend that you enter the IP address of a network device interface of the data center.
  5. Repeat the preceding step to configure health check IP addresses for another router interface.
    Note In scenarios where multiple VPCs are used, you must configure health check IP addresses for each router interface of the VPCs that are connected to standby Express Connect circuits. Otherwise, standby Express Connect circuits cannot work as expected.

Step 7: Configure routes

After you create VPC router interfaces, you must configure routes that point to the data center for them. Then, you must configure routes that point to the VPC and Express Connect circuits for VBR router interfaces. In addition, you must configure routes that point to the VPC for the access device of the data center. After you configure the preceding routes, the data center can connect to the VPC.

  1. Configure routes for the VPC to redirect traffic from the VPC to the data center (172.16.0.0/12) to the VBR.
    1. Log on to the Express Connect console.
    2. In the top navigation bar, select the region and choose VPC Peering Connections > VBR-to-VPC in the left-side navigation pane.
    3. On the VBR-to-VPC page, find the acceptor and click Route Configuration.
    4. In the Basic Information panel, click Add Peer Route.
    5. In the Destination CIDR Block field, enter 172.16.0.0/12, which is the CIDR block of the data center. Then, click OK.
  2. Configure routes for the VBR to forward traffic from the VBR to the data center (172.16.0.0/12) to the Express Connect circuit.
    1. Log on to the Express Connect console.
    2. In the top navigation bar, select the region to which the VBR belongs, and click Virtual Border Routers (VBRs) in the left-side navigation pane.
    3. On the Virtual Border Routers (VBRs) page, click the ID of VBR1.
    4. Click the Route Entry tab, and click Add Route Entry on the Route Entry tab.
    5. Set the following parameters and click OK.
      Parameter Description
      Next Hop Type Select Physical Connection Interface.
      Destination CIDR block The CIDR block of the data center. In this example, 172.16.0.0/12 is used.
      Next Hop Select the router interface that you created in Step 4 and that points to the data center.
  3. Add routes to forward traffic from the VBR to the VPC (192.168.0.0/16) to the VPC.
    1. Log on to the Express Connect console.
    2. In the top navigation bar, select the region to which the VBR belongs, and click Virtual Border Routers (VBRs) in the left-side navigation pane.
    3. On the Virtual Border Routers (VBRs) page, click the ID of VBR1.
    4. Click the Route Entry tab, and click Add Route Entry on the Route Entry tab.
    5. Set the following parameters and click OK.
      Parameter Description
      Next Hop Type Select VPC.
      Destination CIDR block The CIDR block of the VPC. In this example, 192.168.0.0/16 is used.
      Next Hop Select the router interface that you created in Step 4 and that points to the VPC.
  4. Repeat the preceding step to configure routes that point to the VPC and the data center for VBR2.
  5. Configure routes for the data center to forward traffic from the data center to the VBR. You can configure static routes or Border Gateway Protocol (BGP) dynamic routes.
    • Static routes

      Example:

        ip route 192.168.0.0/16 10.100.0.1
        ip route 192.168.0.0/16 10.100.1.1
    • Dynamic routes

      Create a BGP group, add BGP neighbors to it, and then advertise BGP CIDR blocks. For more information, see Configure BGP.

      You must advertise the CIDR block of the VPC which wants to communicate with the data center. In this example, 192.168.0.0/16, which is the VPC CIDR block, is advertised.

Step 8: Test the connectivity

After you complete the preceding steps, you can test the data transfer rate of the Express Connect circuits to ensure that your business requirements are met. For more information, see Test the network performance of an Express Connect circuit.