This topic describes how to use physical connections and Cloud Enterprise Network (CEN) to connect an on-premises data center to Alibaba Cloud, and enable the on-premises data center to communicate with VPCs in different regions.

Overview

To configure active/standby links to access Alibaba Cloud, follow these steps:
  1. Build redundant physical connections

    Create redundant physical connections to connect the on-premises data center to Alibaba Cloud. Configure BGP routing between the on-premises data center and the Virtual Border Routers (VBRs).

  2. Configure health checks

    Configure health checks so that when the active link fails, traffic is distributed to the standby link.

  3. Attach the VBRs and VPCs that the on-premises data center requires to connect to the created CEN instance.
  4. Configure routes

    You can set the routing priority by configuring the length of the AS-Path. For more information, see Advertise BGP routes and set the route weights at the on-premises data center.

Network topology

The network topology used in this topic is as follows:
  • The on-premises data center is connected to different VBRs through redundant physical connections. The BGP protocol is used between the on-premises data center and the VBRs.
  • Separate VPCs are created in the China (Beijing), China (Shanghai), and Hong Kong regions.
  • The CIDR blocks used in this topic are as follows:
    Network CIDR block
    On-premises data center 10.1.1.0/24
    Beijing VPC 192.168.1.0/24
    Hong Kong VPC 192.168.2.0/24
    Shanghai VPC 192.168.3.0/24

Advertise BGP routes and set the route weights at the on-premises data center

Assume that BGP peering sessions have been established between the on-premises data center and each VBR (for more information, see Configure BGP).

You must configure the BGP route (10.1.1.0/24) advertised to Alibaba Cloud and set the AS-Path to determine the route weights at the on-premises data center to implement active/standby routes from Alibaba Cloud to the on-premises data center.

As shown in the preceding figure, the green line (CPE1) is the active link and the red line (CPE2) is the standby link. The BGP configurations of the two CPEs are as follows.

You can set the routing priority by configuring the AS-Path length. The shorter the As-Path length is, the higher the priority is.

Configuration CPE1 CPE2
Vlan Tag 110 120
Network 10.1.1.0/24 10.1.1.0/24
BGP ASN XXX XXX
Interface IP 172.16.1.1/24 172.16.2.1/24
As-Path B,A C,B,A
CEN can automatically learn and distribute route entries. After routes are configured, CEN synchronizes the routes to attached networks based on the route weights.
  • BGP routes in VBRs

    As shown in the following figure, the route tables of VBR1 and VBR2 contain routes and next hops learned from the BGP peers. The VBRs, which are attached to the CEN instance, send the BGP routes learned from the on-premises data center to the CEN instance, including AS-Path configurations.

  • All routes in the CEN instance

    After the VPCs and VBRs are attached to the CEN instance, the BGP routes learned from the VBRs are distributed to the CEN instance. The CEN instance then synchronizes the routes to all other attached networks based on the route weights.

    The BGP routes that the VBRs learn from the on-premises data center share the same destination CIDR block but have different route weights. The physical connection connected to VBR1 acts as the active link (the AS-Path is shorter), and the one connected to VBR2 acts as the standby link. CEN will synchronize this routing configuration to other attached networks, such as VPCs. As shown in the route tables of the VPCs, all routes destined for 10.1.1.0/24 point to VBR1.

    Additionally, CEN redistributes CEN system routes to the BGP network. Therefore, the BGP route table of the on-premises data center includes the learned CEN routes and the next hops are the interface IP addresses of the two VBRs.

    Similarly, if you want to configure active/standby links that connect an on-premises data center to the Alibaba Cloud IP address (192.168.0/24),