You can use a physical connection that is already connected to an access point of Alibaba Cloud to connect multiple VPCs.

Note Currently, a physical connection can be used by five VPCs at most. You can open a ticket to increase the quota.

Background information

A company has opened account A on Alibaba Cloud and created VPC-A. The company has already opened a physical connection under account A to connect the local data center (172.16.0.0/12) of the company to VPC-A. A subsidiary of the company has open account B on Alibaba Cloud and VPC-B is under account B. The subsidiary wants to connect VPC-B to the local data center.

Because the company has purchased a physical connection under account A and connected the local data center to an access point of Alibaba Cloud, account B of the subsidiary can also use this physical connection to connect the VPC under account B to the local data center.

In this tutorial, the VPC and physical connection configurations are as follows:

Account A Account B
Account ID: 12345678 Account ID: 87654321
VPC
  • Name: VPC-A
  • Region: China (Beijing)
  • VPC ID: vpc-12345678
  • CIDR block: 10.10.0.0/16
VPC
  • Name: VPC-B
  • Region: China (Hangzhou)
  • VPC ID: vpc-87654321
  • CIDR block: 192.168.0.0/16
Physical connection
  • VBR name: VPC-Beijing
  • VBR ID: vbr-12345678
  • Physical connection ID: pc-AAA
  • VLAN ID: 1000
N/A

Prerequisites

Make sure that you have completed the following configurations:
  • You have accessed through the physical connection and route configurations are completed. The local data center has been connected to the VPC in Alibaba Cloud. For more information, see Connect a local IDC to a VPC through a physical connection.

  • Obtain the ID of the account to which the other VPC belongs.

Step 1: Create a VBR for account B

To create a VBR for account B on the existing physical connection, follow these steps:
  1. Use account A to log on to the Express Connect console.
  2. In the left-side navigation pane, click Physical Connections > Virtual Border Routers (VBRs).
  3. On the Virtual Border Routers (VBRs) page, click Create VBR.
  4. Configure the VBR.
    The configurations in this tutorial are as follows. For more information, see Create a virtual border router.
    • Account: Select Another Account.
      Note If the VPC you want to connect to the cloud and the physical connection belong to the same account, select Current Account.
    • Account: Enter the account ID of the VPC to access.
    • Physical Connection Interface: Select the applied physical connection interface.
    • VLAN ID: Enter a VLAN ID. In this tutorial, enter 1100.
    • Gateway IP Address on Alibaba Cloud Side: Enter the gateway address used by the VPC to access the local data center.
    • Gateway IP Address on Customer Side: Enter the gateway address used by the local data center to access the VPC.
    • Subnet Mask: Enter 255.255.255.252.
      Note Ensure that the gateway addresses are in the same CIDR block and do not conflict with the CIDR blocks of the VPC and the local data center.


Step 2: Create a peering connection

After you use account A to create a VBR for account B on the existing physical connection, you can use account B to build a peering connection between the VBR and the VPC.

To create a peering connection, follow these steps:

  1. Use account B to log on to the Express Connect console.
  2. In the left-side navigation pane, click Physical Connections > Virtual Border Routers (VBRs).
  3. Locate the VBR that you created, click Confirm Creation. View the configure information and click OK.

  4. Click the VBR ID. On the VBR Details page, click Peering Connections.
  5. Click Create Peering Connection.
  6. Create a peering connection between the created VBR and the VPC you want to connect to the cloud.

    The configurations in this tutorial are as follows. For more information, see Interconnect a VPC and a VBR.

    • Account: Select Same as Peer.
    • Connection Type: Select VBR-to-VPC.
    • Routers to Create: Select Initiator and Acceptor.
    • Local Region: Select China (Beijing).
    • Local Access Point: Select the access point of the physical connection.
    • Local VBR ID: Select the created VBR.
    • Peer Region: Select the region to which the target VPC belongs. In this tutorial, China (Hangzhou) is selected.
    • Peer VPC ID: Select the VPC to connect.
    • Bandwidth: Select a bandwidth for the intranet communication. In this tutorial, select 2 Mb.
    The connection is successfully established if the status of both the acceptor and the initiator is activated.

Step 3: Configure routes

After establishing the peering connection, you must configure routes in the VPC, VBR, and local data center.

  1. To configure routes for a VBR:
    1. On the VBR details page, click the Routes tab page, and then click Add Route.
    2. Add a route directing to the VPC:
      • Destination Subnet: Enter the CIDR block of the VPC. In this tutorial, enter 192.168.0.0/16.
      • Next Hop Type: Select VPC.
      • Next Hop: Select the VPC.
    3. Add a route pointing to the physical connection:
      • Destination Subnet: Enter the CIDR block of the local data center. In this example, enter 172.16.0.0/12.
      • Next Hop Type: Select Physical Connection Interface.
      • Next Hop: Select the physical connection interface.
    4. Repeat the preceding steps to configure routes for the other VBR.
  2. To configure a route for the VPC:
    1. On the VPC Peering Connections page, find the created peering connection, and click the VPC ID of the acceptor to open the VPC Details page. Here, you can view the ID of the route table.
    2. On the Route Tables page, click the target route table ID, and then click Add Route Entry.
    3. Configure a route:
      • Destination CIDR Block: Enter the CIDR block of the local data center. In this example, enter 172.16.0.0/12.
      • Next Hop Type: Select Router Interface (To VBR).
      • Next Hop: Select Load Balancing Routing, and then select the created VBR.


    4. Configure a route for the local data center.
      You can configure a static route or BGP dynamic routing to forward data between the local data center to VBR:
      • Static route

        Example:

        ip route 192.168.0.0/16 10.100.1.1
      • Dynamic routes
        You can also use BGP to forward data between the local data center and the VBR. For more information, see Configure BGP.
        Note The advertised CIDR block must be the CIDR block of the VPC that will be used to communicate with the local data center. In this example, enter 192.168.0.0/16.

Step 4: Test the access

After the VPC is connected to the local data center, test the speed of the physical connections to ensure that service needs are met. For more information, see Test the network performance of a physical connection.