This topic describes how to use Express Connect to allow Elastic Compute Service (ECS) instances in different VPC networks to communicate with the same Cloud Storage Gateway (CSG) instance.

Background information

CSG is a storage service that helps you seamlessly integrate on-premises applications, infrastructure, and data storage with Alibaba Cloud. You can deploy virtual devices complied with standard storage protocols in your on-premises data centers or on Alibaba Cloud. This allows you to seamlessly connect on-premises storage applications and workloads to Alibaba Cloud storage and computing services.

On Alibaba Cloud, many enterprise users interconnect multiple VPC networks to run a large number of ECS clusters. However, CSG V1.0.31 and earlier versions only support interconnecting ECS instances that are deployed in the same VPC network. These versions do not support interconnecting ECS instances that are deployed in different VPC networks. CSG V1.0.31 and later versions support multiple VPC CIDR blocks, including 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8. This example

shows how to configure networks, Express Connect, and security groups to enable ECS instances in three different VPC networks to communicate with the same CSG instance.

003
  • SG represents security group.
  • VPC represents virtual private network. 172.16.0.0/12 and other CIDR blocks represent the supported CIDR blocks.

Create a CSG instance

  1. Log on to the Cloud Storage Gateway console.
  2. Select the region where you want to create a file gateway.
  3. On the Gateway Clusters page, create a CSG instance.

    When you create the CSG instance, select the VPC-172 VPC network, which falls into the 172.16.0.0/12 CIDR block.

Configure VPC networks and Express Connect

  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, click VPC-to-VPC and then click Create Peering Connection.
  3. On the Express Connect-Peering connections (Prepaid) page, select the specification. For more information, see Interconnect two VPCs under the same account.

    This example shows how to establish peering connections from VPC-172 to VPC-10 and VPC-192. VPC-172 is the requester VPC network.

  4. After the peering connections are established, add routes for the interconnected VPC networks.
    1. Find and click the requester instance.
    2. On the Basic Information page, click Add Route.
    3. Enter the CIDR block of the accepter VPC network or VSwitch, and click Confirm.

      In this example, enter the following CIDR blocks of the accepter VPC networks: 192.168.0.0/16 (VPC-192) and 10.0.0.0/8 (VPC-10).

    4. After you configure the route settings, test the connectivity between the requester and accepter VPC networks.

      In this example, you can successfully ping the ECS instances in VPC-192 and VPC-10 from the ECS instance in VPC-172.

Create security group rules

You can create security groups for the CSG instance to enable all Cloud Enterprise Network (CEN) instances to share the same CSG instance. In this example, you need to create the following security groups: SG-10 and SG-192.

  1. Log on to the ECS console.
  2. Choose Network & Security > Security Groups.
  3. On the Security Groups page, find the target security group and click Add Rules.
  4. On the Security Group Rules page, click Add Security Group Rule.
  5. In the Add Security Group Rule dialog box that appears, set the required parameters.

    Set Authorization Type to IPv4 CIDR Block. For more information about the other parameters, see Add security group rules.

    If you need to use Lightweight Directory Access Protocol (LDAP) and Active Directory (AD), set Protocol Type to Customized TCP or Customized UDP, and Port Range to 53/636.

After you configure security group rules, all ECS instances in the VPC networks can access the CSG instance through Express Connect. CSG supports standard storage protocols NFS, SMB, and iSCSI, allowing instances using these protocols to store volumetric data on Object Storage Service (OSS) for other instances using new storage protocols. This facilitates storage expansion, cross-region data sharing, data distribution, compatibility with legacy applications, and backup data archiving and transfer. For more information, see Cloud Storage Gateway scenarios.

Access the CSG instance

  • Access file gateways
    • For more information about how to access file gateways from a client that runs the Linux operating system, see Access NFS shares.
    • For more information about how to access file gateways from a client that runs the Windows operating system, see Access SMB shares.
  • Access block gateways