You can use two physical connections to connect an on-premises data center to Alibaba Cloud. In this way, a high-quality and highly reliable intranet communication can be established between the on-premises data center and Alibaba Cloud.

Example

This topic takes the following scenario as an example to describe how to connect an on-premises data center to Alibaba Cloud through redundant physical connections.

A company has an on-premises data center (CIDR block: 172.16.0.0/12) in Qingdao, and has an Alibaba Cloud VPC (CIDR block: 192.168.0.0/16) in the China (Qingdao) region. To solve the issue of SPOFs, the company plans to apply for two physical connections that are provided by two different service providers to connect the on-premises data center to Alibaba Cloud.

Step 1: Apply for a physical connection interface

Set the name of this first physical connection interface to leasedline1. This topic provides only general configuration information. For detailed configuration information, see Apply for a physical connection interface.
  1. Apply for a physical connection interface and pay the initial installation fee.
    • Region: Select the region where the leased line is deployed.
    • SP: Select the service provider of the leased line. In this example, select China Unicom.
    • Access Point: Select an access point that is closest in geographical proximity to your on-premises data center. In this example, select Qingdao-Laoshan-A-CU.
    • Port specification: Select the required port specification. Note that different specifications incur different resource occupation fees.
    • Port Type: Select the access port of the physical connection. In this example, select 1000Base-LX.
    • Redundant Connection ID: Select None.
  2. Click Apply for LOA in the Actions column. On the Apply for LOA page, enter your company name, the name of the data center cable installation company, the scheduled installation date and time, and the contact information of data center cable installation technician or representative, and select a construction type.
  3. After your application is approved, download the LOA to view installation information in the console, such as the location of the installation site (the Alibaba Cloud data center site), cabinet location, and port information.

    At this stage, we recommend that you instruct your installation company to start installation. After the installation is complete, click Delivery Report on the Physical Connection Interfaces page, enter the leased line code and the label numbers of cables at the installation site, and click OK. The physical connection interface enters the Waiting state.

  4. Alibaba Cloud will connect the cables to the corresponding CSW ports according to the information you provided. After you confirm that the physical connection interface has been deployed, pay the resource fee. When the physical connection interface changes to the Enabled state, the leased line connection is completed.

Step 2: Apply for a second physical connection interface

Set the name of the second physical connection interface to leasedline2. This topic provides only general configuration information. For detailed configuration information, see Apply for a physical connection interface.
  1. Apply for a physical connection interface and pay the initial installation fee.
    • Region: Select the region where the leased line is deployed.
    • Access Point: Select an access point that is closest in geographical proximity to your on-premises data center. In this example, select Qingdao-Laoshan-A-CU.

    • SP: Select the service provider of your leased line. In this example, select China Unicom.

    • Port Specification: Select the required port specification. Note that different specifications incur different resource fees.
    • Port Type: Select the port type of the physical connection. In this example, select 1000Base-LX.

    • Redundant Connection ID: Select the first physical connection interface you have applied for. Make sure that you have paid the initial installation fee.
      Note
      • If the access point of the second physical connection interface is the same as that of the first physical connection interface, select the ID of the first physical connection interface. Make sure that you have paid the initial installation fee for the first physical connection interface.
      • If the access point of the second physical connection interface is different from that of the first physical connection interface, the two connections create a redundant connection by default, so you do not need to select a physical connection ID.
  2. Click Apply for LOA in the Actions column. On the Apply for LOA page, enter your company name, the name of the data center cable installation company, the scheduled installation date and time, and the contact information of data center cable installation technician and representative, and select a construction type.
  3. After your application is approved, download the LOA to view installation information in the console, such as the location of the installation site (the Alibaba Cloud data center site), cabinet location, and port information.

    At this stage, we recommend that you instruct your installation company to start installation. After the installation is complete, click Delivery Report on the Physical Connection Interfaces page, enter the leased line code and the label numbers of cables at the installation site, and click OK. The physical connection interface enters the Waiting state.

  4. Alibaba Cloud will connect the cables to the corresponding CSW ports according to the information you provided. After you confirm that the physical connection interface has been deployed, pay the resource fee. When the physical connection interface changes to the Enabled state, the leased line connection is completed.

Step 3: Create a VBR

To create a VBR, follow these steps:
  1. On the Virtual Border Routers (VBRs) page, click Create VBR.
  2. Configure the VBR. The VBR configurations in this example are as follows:
    • Account: Select Current account.
    • Name: Enter vbr1.
    • Physical Connection Interface: Select the first physical connection interface.
    • VLANID: Enter 2333.
    • Gateway IP Address on Alibaba Cloud Side: Enter 10.0.0.1.
    • Gateway IP Address on Customer Side: Enter 10.0.0.2.
    • Subnet Mask: Enter 255.255.255.252.
  3. Repeat the preceding steps to create a VBR named vbr2 for the second physical connection interface.

Step 4: Establish a peering connection

To establish a peering connection between your VBR and your VPC, follow these steps:
  1. On the VBR-to-VPC page, click Create Peering Connection.
  2. Configure the peering connection. The configurations in this example are as follows:
    • Connection Type: Select VBR-to-VPC.
    • Routers to Create: Select Initiator and Acceptor.
    • Local Region: Select the region of the VBR. In this example, select China (Qingdao).
    • Local VBR ID: Select the created VBR.
    • Peer Region: Select the region to which the VPC belongs. In this example, select China (Qingdao).
    • Peer VPC ID: Select the VPC to be connected.
    • Bandwidth: In this example, select 100Mb.
  3. Go back to the VBR-to-VPC page to view the status of the peering connection. The connection is established if the status of both the acceptor and the initiator is Activated.
  4. Repeat the preceding steps to establish a peering connection between the other VBR and the VPC.

Step 5: Configure routes

After establishing the peering connections, you must configure a route that points to the on-premises data center in the VPC, and configure two routes pointing to the VPC and the on-premises data center respectively in the two VBRs. Lastly, you must add a route pointing to the VPC in the access device of the on-premises data center.

To configure the routes, follow these steps:
  1. To configure routes for a VBR:
    1. On the VBR details page, click the Routes tab, and then click Add Route.
    2. Add a route directing to the VPC:
      • Destination Subnet: Enter the CIDR block of the VPC. In this example, enter 192.168.0.0/16.
      • Next Hop Type: Select VPC.
      • Next Hop: Select the VPC.
    3. Add a route pointing to the physical connection:
      • Destination Subnet: Enter the CIDR block of the on-premises data center. In this example, enter 172.16.0.0/12.
      • Next Hop Type: Select Physical Connection Interface.
      • Next Hop: Select the physical connection interface.
    4. Repeat the preceding steps to configure routes for the other VBR.
  2. To configure a route for the VPC:
    1. On the VBR-to-VPC page, find the created peering connection, and click the VPC ID of the acceptor to open the VPC details page. Here, you can view the ID of the route table.
    2. On the Route Tables page, click the target route table ID, and then click Add Route Entry.
    3. Configure the Destination CIDR Block by entering the CIDR block of the on-premises data center. In this topic, enter 172.16.0.0/12.
    4. Configure a route for the on-premises data center.
      You can configure a static route or BGP dynamic routing to forward data between the on-premises data center and VBR:
      • Static route

        Example:

        ip route 192.168.0.0/16 10.100.0.1
      • Dynamic routing
        You can also use BGP to forward data between the on-premises data center and the VBR. For more information, see Configure BGP.
        Note The advertised CIDR block must be the CIDR block of the VPC that will be used to communicate with the on-premises data center. In this example, enter 192.168.0.0/16.

Step 6: Configure health checks

You must configure the health check function for redundant physical connections. Alibaba Cloud sends a ping packet once every two seconds from each health check IP address to the customer-side IP address of the on-premises data center. If eight ping packets on one physical connection are sent in succession, and all packets fail to respond, the traffic is switched to the other physical connection.

To configure the health check function, follow these steps:

  1. On the VBR-to-VPC page, find the created peering connection, and then choose > Health Check.

  2. Click Configure, complete the following configurations and then click OK.
    • Source IP: Enter an idle IP of the VSwitch in the connected VPC.
    • Destination IP: Enter the interface IP address of the network device of the on-premises data center.
  3. Repeat the preceding steps to configure the health check function for the other peering connection.