Redundant physical connection

Last Updated: Jan 08, 2018

You can use redundant leased lines to connect your on-premises IDC to your VPC. Redundant physical connection provides intranet communication featuring high quality and high reliability. Alibaba Cloud now supports up to 4 leased lines to achieve ECMP.

Scenario

This tutorial uses the following scenario to illustrate how to connect an on-premises IDC to a VPC on Alibaba Cloud by using redundant leased lines:

A company has an on-premises IDC (CIDR block: 172.16.0.0/12) in Beijing, and has a VPC (CIDR block: 192.168.0.0/16) in the region of China East 1 (Hangzhou) (CIDR block: 192.168.0.0/16). To solve single point of failure, the company plans to apply for two leased lines provided by two different carriers separately to connect the on-premises IDC to the access point of Alibaba Cloud in Beijing.

6

Step 1: Apply for leased lines

Follow these steps to apply for two leased lines:

Apply for the first leased line

  1. Log on to the Express Connect console.

  2. In the left-side navigation pane, select Physical Connection > Leased Line.

  3. Click Apply for Leased Line Access.

  4. Configure the leased line. The following are configurations used in this tutorial. For more information, see Apply for leased line access.

    • Leased Line Name: Beijing_Local_1

    • Access Point: China North 2 (Beijing) > ap-cn-beijing-dx-A

    • Carrier: Other (China)

    • Access Port Type: 100Base-T - 100M Electrical Port

    • Bandwidth for Access: 100

    • Peer Address of Leased Line: No. XX, XX Street, XX District, Beijing

    • Redundant Leased Line: -

  5. Click Apply. On the Leased Line page, the status of the leased line is Application in Progress.

    Alibaba Cloud will examine and approve your application, which is generally approved the next workday. After the application is approved, the leased line status changes to Approved.

  6. After the application is approved, click Pay Access Fee. Then the system automatically assigns you a port and a leased line ID. In this tutorial, the leased line ID is “pc- 123xyz”.

Apply for the second leased line

  1. Go back to the Leased Line page on the Express Connect console.

  2. Click Apply for Leased Line Access. Configure the second leased line according to the following information. For more information, see Apply for leased line access.

    • Leased Line Name: Beijing_Local_2

    • Access Point: China North 2 (Beijing) > ap-cn-beijing-dx-A

    • Carrier: Other (China)

    • Access Port Type: 100Base-T - 100M Electrical Port

    • Bandwidth for Access: 100

    • Peer Address of Leased Line: No. XX, XX Street, XX District, Beijing

    • Redundant Leased Line: pc-123xyz

      Note: For the second leased line, you can select any access point in the same region. If you select the same access point as the first connection, use the ID of the first leased line as its redundant leased line. If you select a different access point, the two lines will be inherently redundant and you do not need to select Redundant Leased Line.

  3. Click Apply. On the Leased Line page, the status of the leased line is Application in Progress.

    Alibaba Cloud will examine and approve your application, which is generally approved the next workday. After the application is approved, the leased line status changes to Approved.

  4. After the application is approved, click Pay Access Fee. Then the system automatically assigns you a port and a leased line ID.

Step 2: Complete leased line construction

Follow these steps to complete the construction of the two leased lines:

  1. After the system complete port allocation and the status of the leased lines change to Access Construction in Progress, click View on the right side to view information about leased line construction, such has datacenter location, network cabinet location, and port information.

  2. Inform your carrier of the port information and ask the carrier to connect the leased line. After completing investigation, the carrier will provide you a file containing names of personnel dispatched to the data center of the access point and related information, time of on-site construction, leased line ID and so on. At this time, you need to Open a Ticket to inform Alibaba Cloud aftersales personnel of information about leased line laying by the construction personnel of the carrier.

    In the following workday, Alibaba Cloud after sales staff will schedule an appointment at the data center for the carrier staff. Inform the carrier of the appointment information. After the carrier completes deployment in the Alibaba Cloud data center, Alibaba Cloud after sales staff changes the leased line status to Awaiting Confirmation.

  3. Click Confirm when the carrier informs you that the leased line construction has been completed. The leased line access is completed when the leased line status changes to Normal.

Step 3: Create a VBR for each leased line

  1. Log on to the Express Connect console.

  2. In the left-side navigation pane, select Physical Connection > Virtual Border Router.

  3. Click Create VBR.

  4. Create a VBR for the first leased line. The following configurations are used in this tutorial. For more information, see Create a virtual border router

    VBR 1:

    • Object: This Account

    • Name: VBR_1

    • Description: Leased_Line_1

    • Leased Line: pc-123xyz

    • VLAN ID: 0 (0 indicates that layer-3 router interfaces are directly used)

    • Circuit Code: Enter the circuit code provided by the carrier.

    • IP Address: Set according to the following information:

    • Alibaba Cloud-Side: Enter the IP address used as the gateway to connect to the on-premises IDC. In this tutorial, enter 10.100.0.1.

    • Customer-Side: Enter the IP address used as the gateway to connect to the VPC. In this tutorial, enter 10.100.0.10.

    • Subnet Mask: The subnet mask for the Alibaba-side IP address and the customer-side IP address. In this tutorial, enter 255.255.255.0.

  5. Repeat the preceding steps to create a VBR for the second leased line, namely “VBR_2”.

Step 4: Create router interfaces

To achieve redundant leased line access, you need to create a pair of router interfaces between each VBR and the VPC, so that the VPC and each VBR can forward messages to one the other through the router interfaces. Follow these steps to create router interfaces:

  1. Log on to the Express Connect console.

  2. In the left-side navigation pane, click VPC Connection > Router Interface.

  3. In the upper-right corner, click Create Router Interface.

  4. Create a router interface for VBR_1 and the VPC according to the following information. For more information, see Create a router interface.

    • Billing method: Select Subscription.
    • Scenario: Select Physical Access.

    • Router Creation: Select Create Initiator and Receiver. The system sets the router interface of the local side as the initiator, and automatically connects the initiator to the receiver.

    • Local Region: Select the region where the access point of the leased line is located. In this tutorial, select China North 2 (Beijing).

    • Access Point: Select the access point of the leased line. In this tutorial, select Beijing-Daxing-A

    • VBR ID: Select VBR_1.

    • Peer Region: Select the region where your VPC is located. In this tutorial, select China East 1 (Hangzhou).

    • Peer VPC ID: Select your VPC.

After the router interface is created, the system creates a router interface for the VRouter of the VPC and VBR_1 respectively and initiates the connection.

Repeat the preceding steps to create a router interface for VBR_2 and the VRouter of the VPC respectively.

Step 5: Apply for health check IPs

To monitor the status of the leased line in a real-time manner so that the traffic can be automatically forwarded to the other leased line when one leased line fails, you must open a ticket to apply for health check IP. After receiving your application, Alibaba Cloud will configure two source IP addresses for health check in your VPC within one workday.

The strategy for health check of redundant leased lines is: Alibaba Cloud sends a ping message from each source IP address to the customer-side IP address of each VBR every two seconds. If eight ping packets on one leased line consecutively fail to receive response, the traffic will be forwarded to the other leased line.

  1. - ip route 192.168.1.241/32 10.100.1.1
  2. - ip route 192.168.1.242/32 10.100.0.1

To ensure that a ping packet can return the corresponding source IP address, you need to configure a return route. If the IP addresses for health check are 192.168.1.241 and 192.168.1.242, respectively, you need to configure the leased line device of your datacenter. For example:

  1. - ip route 192.168.1.241/32 10.100.1.1
  2. - ip route 192.168.1.242/32 10.100.0.1

Step 6: Configure routes

After creating the router interfaces, you need to configure a route pointing to the on-premises IDC for the router interfaces newly created on the VPC, and configure routes pointing to the VPC and the corresponding leased line respectively for each newly created router interface on the two VBRs. At last you need to add a route pointing to the VPC on the access device of the on-premises IDC. Therefore, the interconnection between the on-premises IDC and the VPC is achieved.

Configure the route on the VPC

Follow these steps to forward traffic destined for on-premises IDC (CIDR block: 172.16.0.0/12) to the VBR:

  1. Log on to the Express Connect console.

  2. Select the region where the VPC is located.

  3. Click Route Configuration in the Actions column of the target router interface. Click Add Route Entry on the page of VBR details.

  4. In the displayed dialog box, configure the route according to the following information. For more information, see Add a route entry.

    • Destination CIDR Block: The CIDR Block of the on-premises IDC. In this tutorial, enter 172.16.0.0/12.

    • Next Hop Type: Select Router Interface.

    • Router Interface: Select ECMP Routing and then select the two router interfaces created on the VPC in step 4.

  5. Click OK.

Configure routes on the VBR

Add a route pointing to the leased line

Follow these steps to forward traffic destined for the on-premises IDC (CIDR block: 172.16.0.0/12) to the leased line:

  1. Log on to the Express Connect console.

  2. In the left-side navigation pane, click Physical Connection > Virtual Border Router.

  3. Select the region where the VBR is located.

  4. Click Manage in the Actions column of VBR_1 to enter the page of VBR details, and click Add Route Entry.

  5. In the displayed dialog box, configure the route entry according to the following information. For more information, see Add a route entry.

    • Destination CIDR Block: The CIDR Block of the on-premises IDC. In this tutorial, enter 172.16.0.0/12.

    • Next Hop Direction: Select To Leased Line.

    • Next Hop: Select the router interface pointing to the on-premises IDC created in step 4.

  6. Click OK to complete the configuration. Then you can access the Alibaba-side IP address 10.100.0.1 from the on-premises IDC.

Add a route pointing to the VPC

Follow these steps to forward traffic destined for the VPC to the VPC:

  1. Log on to the Express Connect console.

  2. In the left-side navigation pane, click Physical Connection > Virtual Border Router.

  3. Select the region where the VBR is located.

  4. Click Manage in the Actions column of VBR_1 to enter the page of VBR details, and click Add Route Entry.

  5. In the displayed dialog box, configure the route according to the following information. For more information, see Add a route entry.

    • Destination CIDR Block: The CIDR Block of the VPC. In this tutorial, enter 192.168.0.0/16.

    • Next Hop Direction: Select To VPC.

    • Next Hop: Select the router interface pointing to the VPC created in step 4.

  6. Repeat the preceding steps to configure routes pointing to the VPC and the on-premises IDC respectively for VBR_2.

Configure the route on the on-premises IDC

Till now, the route configuration on Alibaba Cloud has been completed. You still need to add a route entry pointing to the VPC CIDR block in the physical access device of the customer. You can configure a static route or BGP dynamic routing to forward data in the on-premises IDC to the VBR:

  • Static route

    Example:

    1. ip route 192.168.0.0/16 10.100.0.1
    2. ip route 192.168.0.0/16 10.100.1.1
  • Dynamic routing

You can also configure BGP dynamic routing to direct traffic to the VBR:

  1. Create BGP peer groups. For more information, see Manage BGP peer groups.

  2. Add BGP peers to the BGP groups, see Manage BGP peers.

  3. Advertise BGP network, see Advertise BGP network.

Note: The advertised network must be the VPC CIDR block to be communicated with the on-premises IDC. In this tutorial, enter 192.168.0.0/16.

Step 7: Performance test

After the two networks are connected with each other, test the speed of the leased lines to ensure it can meet service needs. For more information, see Test the network performance of a physical connection.

Thank you! We've received your feedback.