All Products
Document Center

CSG supports interconnected VPCs in Cloud Enterprise Network (CEN)

Last Updated: Sep 17, 2019


CSG is a storage service that integrates your on-premise applications, infrastructure, and data storage with Alibaba Cloud. You can deploy CSG with industry-standard storage protocols and connect the existing storage applications and workloads to SCG. This allows you to directly access the storage and computing services of Alibaba Cloud.

CSG is currently in beta testing. It supports automatic deployment and simplifies the operation process. CSG supports ECS instances in the same VPC by default. In Alibaba Cloud, a large number of enterprise users connect multiple VPCs to support large-scale ECS clusters. CSG V1.0.31 and earlier versions only support connecting ECS instances that are in the same VPCs. They do not support instances in interconnected VPCs. CSG V1.0.32 and later versions support CIDR blocks of multiple interconnected VPCs and all VPC network CIDR blocks that meet the following Alibaba Cloud standards:,, and The following example describes how to configure the CEN and security groups in three interconnected VPCs so that ECS instances in these VPCs can access CSG services.


The following example uses three interconnected VPCs in CEN to introduce how to share CSG services in all VPC CIDR blocks.

Network topology and configuration

To use CEN services, you only need to add multiple VCPs into the same CEN. For more information, see documentation of CEN. After you have configured CEN, the instances are interconnected. You do not need to configure security groups for the VPCs.

The following figure describes the network topology between VPCs and CSG.


Configure security group rules

You can create multiple security groups in a VPC and configure security group rules as needed. The following example describes how to configure CSG security groups to allow instances in CEN to use the same CSG, as shown in the following figure: You need to enable three more ports. In the CSG console, select Security Group in Authorization Type, and enter security groups SG-10 and SG-192 in Authorization Objects. This allows your existing ECS instances to access CSG services.


Configure security group rules, as shown in the following figure:


Configure security group rules for security group SG-10 in VPC-10 and security group SG-192 in VPC-192, as shown in the following figure:


If you need to use the LDAP and AD, add two more rules in the security group: TCP 53/636 and UDP 53/636.

Attach share service to a client

The ECS instance that you have configured is connected with CSG services.

1.You can use the following command to mount the NFS share service to a Linux client. For more information, see Access an NFS share from a client.

mount.nfs<nfs shared name> <linux local folder>

After the configuration is complete, you can use the df -ah command to view the results, as shown in the following figure:


The local directory/mnt/test is connected with OSS. OSS serves as a local folder.

2.You can also mount SMB share service on a Windows client, as shown in the following figure. For more information, see Access an SMB share from a client.


3.For configuring volumes on a Windows or Linux client, see Access volumes.

Notes on upgrading CSG

CSG V1.0.32 and later versions support CIDR blocks of VPCs that are connected with each other. Due to the deployment limitations of the previous network environment, earlier versions of CSG cannot support all CIDR blocks. Supported CIDR blocks are listed in the following table.



By configuring security group rules, ECS instances in CEN can receive files transferred using the NFS, CIFS, and iSCSI protocols and store them in OSS. CSG provides services for multiple scenarios such as storage extension, sharing and distributing data across regions, and archiving and storing backup data. It is also compatible with traditional applications. For more information, see CSG Applicable Scenarios.