You can use the physical connection function of Express Connect to establish a connection between a VPC and an on-premises IDC.
Assume that you have a VPC with CIDR block 172.16.0.0/12, and an on-premises data center with CIDR block 192.168.0.0/16. When the cloud services needs to access the on-premises data center, you can apply for a leased line to create a connection between them.
Apply for a leased line.
A leased line is used to connect the IDC with the access point of Alibaba Cloud.
Create a virtual border router.
A virtual border router (VBR) is a bridge between the IDC and the VPC for forwarding your data from your VPC to IDC.
After creating the VBR, the system automatically establishes a connection between the router interface (RI3 in the figure) and the IDC through the leased line.
Create a router interface.
Create a router interface to connect the VPC and the VBR. When creating the router interface, set the router interface of the VBR as the local side, and the VPC as the peer side.
After creating the router interface, the system automatically establishes a connection between the VPC and VBR through two router interfaces (RI2 and RI3 in the figure).
Add route entries.
Finally, you need to add route entries to route the network traffic between the VPC and IDC.
Custom route entries added in VPC
Destination CIDR block Next hop type Next hop 192.168.0.0/16 Router interface RI1
Custom route entries added in VBR
Destination CIDR block Next hop type Next hop 192.168.0.0/16 Leased line RI3 172.16.0.0/12 VPC RI2
Route in IDC
Add a route pointing to the leased line in the IDC router.
For more details, refer to Leased line access.