Create a Virtual Border Router for an Express Connect circuit - Express Connect

After an Express Connect circuit is provisioned, you can create a Virtual Border Router (VBR) for the circuit. The VBR forwards traffic between your Virtual Private Cloud and your on-premises data center.

Background information

A VBR is a router that connects customer-premises equipment (CPE) in your on-premises data center to a VPC. A VBR has a route table that you can configure with route entries to manage traffic forwarding. VBRs provide the following features:

Acts as an intermediate router to exchange data packets between a VPC and an on-premises data center.
Determines the port mode of the Express Connect circuit interface: a Layer 3 routed interface or a VLAN-based Layer 3 subinterface.
In Layer 3 subinterface mode, a VBR can recognize or attach VLAN tags.
Supports dynamic routing with Border Gateway Protocol (BGP).

Create a VBR instance

Log on to the Express Connect console.
In the top navigation bar, select the target region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
On the Virtual Border Routers (VBRs) page, click Create VBR.

In the Create VBR panel, configure the following parameters and click OK.

Parameter	Description
Account type	The account where you want to create the VBR. Current Account is selected by default, which creates the VBR for the current Alibaba Cloud account.
Name	Enter a name for the VBR.
Resource Group	Select a resource group for the VBR. You can also add the VBR to a resource group after it is created. To do this, find the VBR instance and click Add to Resource Group in the Resource Group column.
Tags	Select an existing tag key and value, or enter a new key-value pair. By binding tags to VBR instances, you can categorize and manage them more effectively.
Express Connect circuit	Select the type of Express Connect circuit interface to bind to the VBR. Make sure the Express Connect circuit is provisioned and running. Then, select a specific Express Connect circuit interface from the drop-down list. The following interface types are supported: Dedicated Connection: Create a VBR for a Dedicated Connection. Hosted Connection: Create a VBR for a Hosted Connection.
VLAN ID	Enter a VLAN ID for the VBR. The value must be an integer from 0 to 2999. Description of VLAN IDs: If the VLAN ID is 0, the physical switch port of the VBR uses Layer 3 routed interface mode instead of VLAN mode. In this mode, each Express Connect circuit corresponds to one VBR. If the VLAN ID is from 1 to 2999, the physical switch port of the VBR uses VLAN-based Layer 3 subinterfaces. In this mode, each VLAN ID corresponds to one VBR. This allows the Express Connect circuit to connect to VPCs in different Alibaba Cloud accounts. VBRs in different VLANs are isolated at Layer 2 and cannot communicate with each other. Configuration notes: When you configure a VLAN ID for a Dedicated Connection, ensure that any Layer 2 or Layer 3 device between the carrier's circuit, the Alibaba Cloud VBR, and your on-premises access device has VLAN trunking enabled for your VLAN tag. This ensures the device recognizes your VLAN tag and allows traffic to pass through without performing VLAN translation. Otherwise, you may experience connectivity issues. If the VLAN ID of a Dedicated Connection is set to 0, you cannot create subinterfaces with other VLANs for this VBR. When you configure a VLAN ID for a Hosted Connection, the VLAN ID is automatically set to that of the Hosted Connection and cannot be changed.
VBR bandwidth	Set the bandwidth for the VBR. For a Hosted Connection, you do not need to configure this parameter. The VBR inherits its bandwidth from the Hosted Connection.
Alibaba Cloud-side IPv4 address	Enter the IPv4 address of the gateway for traffic from the VPC to the on-premises data center. The Alibaba Cloud-side IPv4 address and the Customer-side interconnect IP must be in the same CIDR block.
Customer-side interconnect IP	Enter the IPv4 address of the gateway for traffic from the on-premises data center to the VPC. Note If cloud services in your VPC need to access the Alibaba Cloud-side or customer-side interconnect IPv4 addresses, you must add a route entry to the VBR route table. The destination of the route entry must be the CIDR block that contains the interconnect IPv4 addresses, and the next hop must point to the Express Connect circuit. For more information about how to add a route entry, see Add a custom route entry.
IPv4 subnet mask	The subnet mask for the Alibaba Cloud-side and customer-side IPv4 addresses. Because only two IP addresses are required, you can use a subnet mask with a long prefix.
IPv6 support	Select whether to enable IPv6 for the VBR. Disable: Default. Disables the IPv6 feature. Enable: Enables the IPv6 feature for the VBR. After you enable IPv6, you cannot disable it. Configure the following parameters for the VBR: Alibaba Cloud-side IPv6 address: Enter the IPv6 address of the gateway for traffic from the VPC to the on-premises data center. The Alibaba Cloud-side IPv6 address and the Customer-side interconnect IP must be in the same CIDR block. Customer-side interconnect IP: Enter the IPv6 address of the gateway for traffic from the on-premises data center to the VPC. IPv6 subnet mask: The subnet mask for the Alibaba Cloud-side and customer-side IPv6 addresses.

Modify the VBR bandwidth

You can modify the bandwidth of a VBR instance.

Log on to the Express Connect console.
In the top navigation bar, select the target region. In the left-side navigation pane, click Express Connect circuits.
On the Express Connect circuits page, click the ID of the target Express Connect circuit interface.
On the details page of the Express Connect circuit instance, find the target VBR instance and click Actions in the Bandwidth Settings column.
In the Bandwidth Settings panel, select a Bandwidth Cap and click OK.

Modify VBR instance information

Log on to the Express Connect console.
In the top navigation bar, select the target region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
On the Virtual Border Routers (VBRs) page, find the target VBR instance and click Actions in the Modify column.

Modify the VBR instance information and click OK.

Parameter	Description
VLAN ID	Enter a VLAN ID for the VBR. The value must be an integer from 0 to 2999. If the VLAN ID is 0, the physical switch port of the VBR uses Layer 3 routed interface mode instead of VLAN mode. In this mode, each Express Connect circuit corresponds to one VBR. If the VLAN ID is from 1 to 2999, the physical switch port of the VBR uses VLAN-based Layer 3 subinterfaces. In this mode, each VLAN ID corresponds to one VBR. This allows the Express Connect circuit to connect to VPCs under different Alibaba Cloud accounts. VBRs in different VLANs are isolated at Layer 2 and cannot communicate with each other. For example, if multiple departments or subsidiaries of a company have separate Alibaba Cloud accounts, each with its own VPC, the parent company can apply for the Express Connect circuit and assign a unique VLAN ID to each department or subsidiary. When creating router interfaces, you can use these VLAN IDs to segment the departments or subsidiaries that share the circuit. This isolates them from each other at Layer 2. Note If the connection type is a Hosted Connection, you cannot modify the VLAN ID. To modify it, contact your partner for assistance.
Alibaba Cloud-side IPv4 address	Enter the IPv4 address of the gateway for traffic from the VPC to the on-premises data center.
Customer-side interconnect IP	Enter the IPv4 address of the gateway for traffic from the on-premises data center to the VPC.
IPv4 subnet mask	The subnet mask for the Alibaba Cloud-side and customer-side IPv4 addresses. Because only two IP addresses are required, you can use a subnet mask with a long prefix.
IPv6 support	Select whether to enable IPv6 for the VBR. Disable: Default. Disables the IPv6 feature. Enable: Enables the IPv6 feature for the VBR. After you enable IPv6, you cannot disable it. Configure the following parameters for the VBR: Alibaba Cloud-side IPv6 address: Enter the IPv6 address of the gateway for traffic from the VPC to the on-premises data center. The Alibaba Cloud-side IPv6 address and the Customer-side interconnect IP must be in the same CIDR block. Customer-side interconnect IP: Enter the IPv6 address of the gateway for traffic from the on-premises data center to the VPC. IPv6 subnet mask: The subnet mask for the Alibaba Cloud-side and customer-side IPv6 addresses.
Support Jumbo Frame	If you enable this feature, the VBR supports jumbo frames (MTU=8500). By default, this feature is disabled (MTU=1500). Note the following: You can enable jumbo frames only after you bind the VBR to an Express Connect Router (ECR). Modifying the VBR's jumbo frame setting temporarily interrupts your network connection. Ensure that you have failover measures in place. The Path MTU Discovery (PMTUD) mechanism determines the effective MTU for an entire path based on the smallest MTU value of any link in that path. If a device on the communication path does not support jumbo frames, the path's effective MTU is 1500. For example: If two VBRs use Equal-Cost Multi-Path (ECMP) routing and one of them has jumbo frames disabled, the MTU for the entire path is 1500. If two VBRs are configured for active/standby failover and the primary VBR has jumbo frames enabled while the standby VBR has them disabled, the MTU of the primary path is 8500. If the primary path fails, traffic switches to the standby path, and the path MTU becomes 1500. For information about ECS instance types that support jumbo frames, see Instance types that support jumbo frames.
BFD parameters	After you enable Bidirectional Forwarding Detection (BFD), the system establishes a BFD session between the Alibaba Cloud side and your on-premises data center. After the session is established, both ends periodically send BFD packets. If one end does not receive a BFD packet from the other within the detection time, the system considers the link faulty. Note The BFD parameters take effect only after you enable BFD. For information about how to enable BFD, see Configure and manage BGP. Submission interval: The interval at which BFD packets are sent. Valid values: 200 to 1000. Unit: ms. Reception interval: The interval at which BFD packets are received. Valid values: 200 to 1000. Unit: ms. Detection time multiple: The number of BFD packets that can be missed before a link is declared down. Valid values: 3 to 10.

Increase the VBR quota

After you enable outbound traffic billing, you can create a maximum of five VBRs for each Express Connect circuit in your account. To request a quota increase:

Go to the Quota Center page, search for the ec_quota_same_acount_vbr_per_pconn quota, and click Submit Ticket in the Actions column.

Delete a VBR instance

You can delete VBR instances that you no longer need. Before you delete a VBR instance, you must release the following associated resources:

Delete all route entries. For more information, see Delete a custom route entry and Delete a prefix-based route.
Delete the BGP peers, BGP groups, and advertised BGP CIDR blocks. For more information, see the steps for deleting BGP groups, BGP peers, and advertised BGP CIDR blocks in Configure and manage BGP.
Delete the failover group. For more information, see Configure a failover group.
Unbind the Cloud Enterprise Network (CEN) instance. For more information, see Unbind from a CEN instance.
Delete the Peering Connection. For more information, see Delete a VBR uplink connection.
If the VBR instance is bound to multiple Express Connect circuit interfaces, you must first unbind them.

Log on to the Express Connect console.
In the top navigation bar, select the target region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
On the Virtual Border Routers (VBRs) page, find the target VBR instance and click Delete in the Actions column.
Note
If a VBR is bound to multiple Express Connect circuit interfaces and you want to delete it, you must first click the VBR instance ID. On the Express Connect circuit interfaces tab, find the target interface and click Unbind in the Actions column.
In the Confirm deletion dialog box, click OK.

Related APIs

AttachVbrToVpconn: Associates a VBR with a Hosted Connection.
CreateVirtualBorderRouter: Creates a VBR instance.
DescribeVirtualBorderRouters: Queries the VBR instances in your account.
DescribeVirtualBorderRoutersForPhysicalConnection: Queries the VBR instances under a specified Express Connect circuit, including VBR instances of the Express Connect circuit owner and other Alibaba Cloud accounts.
DeleteVirtualBorderRouter: Deletes a VBR instance.
ListVirtualPhysicalConnections: Queries information about Hosted Connections.
ModifyVirtualBorderRouterAttribute: Modifies the configuration of a VBR instance.
UpdateVirtualBorderBandwidth: Updates the outbound bandwidth limit of a VBR instance.