All Products
Search
Document Center

:Use Express Connect to connect ECS instances to a CSG instance

Last Updated:Feb 23, 2024

This topic describes how to use Express Connect to allow Elastic Compute Service (ECS) instances in different virtual private clouds (VPCs) to communicate with the same Cloud Storage Gateway (CSG) instance.

Background information

CSG is a storage service that helps you seamlessly integrate on-premises applications, infrastructure, and data storage into Alibaba Cloud. You can deploy virtual devices compatible with standard storage protocols in an on-premises data center and on Alibaba Cloud to connect your storage applications and workloads to Alibaba Cloud storage and computing services.

On Alibaba Cloud, many enterprise users interconnect multiple VPCs to run a large number of ECS clusters. However, CSG V1.0.31 and earlier versions support interconnecting ECS instances that are deployed only in the same VPC. These versions do not support interconnecting ECS instances that are deployed in different VPCs. Starting from V1.0.32, CSG supports multiple VPC CIDR blocks, including 192.168.0.0/16, 172.16.0.0./12, and 10.0.0.0/8.

This example shows how to configure networks, Express Connect, and security groups to enable ECS instances in three different VPCs to communicate with the same CSG instance.

拓扑图

  • SG represents a security group.

  • VPC represents a virtual private cloud. 172.16.0.0/12 and other CIDR blocks are the supported CIDR blocks.

Create a CSG instance

  1. Log on to the CSG console.

  2. Select the region in which you want to create a file gateway. In this example, the region is China (Hangzhou).

  3. On the Gateways page, create a gateway.

    When you create the gateway, select VPC-172 (172.16.0.0./12).

Configure VPCs and Express Connect

  1. Log on to the Express Connect console.

  2. In the left-side navigation pane, choose VPC Peering Connections > VBR-to-VPC.

  3. In the top navigation bar, select the desired region. In this example, the region is China (Hangzhou).

  4. On the VBR-to-VPC page, click Create Peering Connection.

  5. On the Establish VBR-VPC Interconnection page, configure the parameters. For more information, see Connect two VPCs under the same Alibaba Cloud account.

    This example shows how to establish peering connections from VPC-172 to VPC-10 and VPC-192. VPC-172 is the requester VPC.

  6. After the peering connections are established, add routes for the interconnected VPCs.

    1. Find and click the requester instance.

    2. On the Basic Information page, click Add Route.

    3. Enter the CIDR block of the accepter VPC or vSwitch, and click OK.

      In this example, enter the following CIDR blocks of the accepter VPCs: 192.168.0.0/16 (VPC-192) and 10.0.0.0/8 (VPC-10).

    4. After you configure the route settings, test the connectivity between the requester and accepter VPCs.

      In this example, you can successfully ping the ECS instances in VPC-192 and VPC-10 from the ECS instance in VPC-172.

Create security group rules

You can create security groups for the CSG instance to enable all the Cloud Enterprise Network (CEN) instances to share the same CSG instance. In this example, you need to create the following security groups: SG-10 and SG-192.

  1. Go to the Security Groups page.

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Network & Security > Security Groups.

    3. In the top navigation bar, select the desired region. In this example, the region is China (Hangzhou).

  2. Find the security group in the security group list and click Manage Rules in the Operation column.

  3. In the Access Rule section, go to the Inbound tab. Click Add Rule or Quick Add, select a protocol type, specify a port range, and configure authorization objects.

    Different protocols use different ports. Specify the ports based on your actual business requirements.

    • HTTPS: 443.

    • NFS: 111 (TCP and UDP), 875 (TCP and UDP), 892 (TCP and UDP), 2049 (TCP and UDP), 32888 (TCP and UDP), and 32889 (TCP and UDP).

    • SMB: 137 (UDP), 138 (UDP), 139 (TCP), 389 (TCP), 445 (TCP and UDP), and 901 (TCP).

    • iSCSI: 860 (TCP) and 3260 (TCP).

    If you need to use LDAP and AD, configure ports (TCP 53/636 and UDP 53/636) in security group rules. For more information, see Security group rules.

By configuring security groups, ECS instances in Express Connect can use the NFS/SMB/iSCSI protocol conversion feature of CSG and access data in Object Storage Service (OSS). This way, you can easily scale storage, share and deliver data across regions, and meet business requirements in scenarios such as traditional applications and backup archiving. For more information, see Scenarios.

Access the CSG instance

  • Access file gateways
    • For more information about how to access file gateways from a client that runs the Linux operating system, see Access an NFS share.
    • For more information about how to access file gateways from a client that runs the Windows operating system, see Access an SMB share.
  • Access block gateways