All Products
Search

This Product

    Container Registry:Accelerate image synchronization

    Document Center

    Container Registry:Accelerate image synchronization

    Last Updated:Nov 13, 2025

    When you synchronize images in Container Registry (ACR) across borders, such as between the Chinese mainland and other regions or between the Chinese mainland and Hong Kong (China), the default synchronization link can be slow or fail. This is caused by unstable public network connections. ACR offers two solutions for these scenarios: cross-border synchronization acceleration and custom synchronization links.

    How it works

    Solution

    Scenarios

    Network link

    Configuration method

    Cross-border synchronization acceleration

    Use this solution when the default ACR synchronization link does not meet your cross-border image synchronization needs and you have no special network requirements.

    Transmitted over the ACR acceleration link.

    Enable in the ACR console.

    For more information, see Solution 1: Use cross-border synchronization acceleration.

    Custom synchronization link

    Use this solution when the performance of cross-border synchronization acceleration does not meet your latency requirements, or when you need to perform advanced customization on the network link.

    Transmitted over a Cloud Enterprise Network (CEN) instance that you configure.

    • Establish network connectivity using CEN.

    • Configure the VPC networks for the ACR source instance and the target instance.

    • Configure a custom synchronization link for the ACR instance.

    For more information, see Solution 2: Use a custom synchronization link.

    Scope

    • Synchronization is supported only between public cloud regions. Synchronization to non-public cloud regions, such as Alibaba Finance Cloud or Alibaba Gov Cloud, is not supported.

    • This feature is available only for Premium Edition of ACR Enterprise instances.

    Solution 1: Use cross-border synchronization acceleration

    1. Log on to the Container Registry console.

    2. In the top navigation bar, select a region.

    3. In the navigation pane on the left, click Instance List.

    4. On the Instances page, click the Enterprise Edition instance that you want to manage.

    5. In the navigation pane on the left of the Enterprise instance management page, choose Distribution Management > Instance Sync.

    6. In the upper-left corner of the Instance Sync page, turn on the Cross-border Sync Acceleration switch.

    7. In the Prompt dialog box, click OK.

      After you enable the cross-border synchronization acceleration feature, create a sync rule to sync images from the source instance to the target instance. For more information, see Sync images between instances within the same account and Sync images between instances across different accounts.

    Reference data for cross-border synchronization acceleration performance

    The following table shows the P95 latency values for synchronizing a single-layer 1 GB image between different regions worldwide. The data was collected in March 2022 after the cross-border synchronization acceleration feature was enabled. The latency values do not include queuing time caused by exceeding the maximum number of concurrent sync tasks. The Hangzhou region is used as an example for the Chinese mainland.

    Note

    The P95 value is the 95th percentile of task completion times over a statistical period. This means that 95% of tasks were completed in a time less than or equal to this value.

    ACR

    Scenario 2: Use a custom sync link

    Step 1 (Optional): Grant permissions to a RAM user

    A Resource Access Management (RAM) user needs the following permissions to use the custom link feature. For more information, see Grant permissions to a RAM user using a custom policy.

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "cr:CreateSyncCustomLink",
                "cr:GetSyncCustomLink",
                "cr:UpdateSyncCustomLink",
                "cr:ListSyncCustomLink",
                "cr:DeleteSyncCustomLink"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    Step 2 (Optional): Create a VPC

    Create a virtual private cloud (VPC) in the source region and the destination region. In this example, an instance in the Hangzhou region is synchronized to the Singapore region. The VPC in the Hangzhou region is named test1, and the VPC in the Singapore region is named test2.

    Step 3: Connect the networks using a CEN instance

    Create a Cloud Enterprise Network (CEN) instance and configure a transit router in the source and destination regions. For more information, see Connect VPCs across regions.

    Step 4: Add VPCs to the source and destination ACR instances

    1. Log on to the Container Registry console.

    2. In the top navigation bar, select a region.

    3. On the Instance List page, click the target Enterprise instance.

    4. In this example, click the Enterprise Edition instance in the Hangzhou region.

    5. In the navigation pane on the left, choose Repository Management > Access Control.

    6. On the VPC tab, click Add VPC.

    7. In the Add VPC dialog box, set Existing VPC to test1, select a vSwitch, and then click OK.

    8. Repeat the preceding steps to add the VPC named test2 to the destination instance. Record the Access IP of the destination instance in the test2 VPC.

      You can add a VPC to multiple destination instances in the same region. After you add the VPC, all instances can use the link to sync images.

    9. On an ECS instance in the VPC that is associated with the source instance, run the following command to test the connection to the destination instance. Replace <Target_IP> with the IP address that you recorded in the previous step.

      telnet <Target_IP> 443

      Expected output:

      Trying <Target_IP>...
Connected to <Target_IP>.

    Step 5: Configure a custom sync link

    You can create only one sync link between two instances in different regions. Do not create duplicate links.

    1. Log on to the Container Registry console.

    2. In the top navigation bar, select a region.

    3. On the Instances page, click the source Enterprise Edition instance.

    4. In this example, click the Enterprise Edition instance in the Hangzhou region.

    5. In the navigation pane on the left, choose Distribution > Sync Link. On the page that appears, click Add Sync Link.

    6. In the Network Instance wizard, set the parameters and click Next.

      Parameter

      Description

      Link Name

      Enter a name for the sync link.

      Link Description

      Enter a description for the sync link.

      Instance ID/Name

      Select the ID of the CEN instance.

      Source Network

      Set the network parameters for the source instance region:

      • VPC: Select a VPC. In this example, select the VPC named test1 in the Hangzhou region.

        Note

        When you select a VPC in the source instance region, the VPC must be added to the source instance and a cross-region bandwidth must be configured in CEN. Otherwise, the VPC is not available.

      • vSwitch: Select a vSwitch.

        Different regions support vSwitches in different zones. Select a vSwitch in a zone as prompted on the interface.

      • Security Group: Select a security group to improve link security.

        Note

        • Ports 80 and 443 must be open in the inbound direction for the security group.

        • Managed security groups are not supported.

      Destination Network

      Set the network parameters for the destination instance region:

      • Region: Select the destination instance region.

      • VPC: Select a VPC. In this example, select the VPC named test2 in the Singapore region.

        Note

        When you select a VPC in the destination instance region, the VPC must be added to the destination instance and a cross-region bandwidth must be configured in CEN. Otherwise, the VPC is not available.

    7. In the Interconnect Bandwidth wizard, set the parameters and click Create.

      Parameter

      Description

      Maximum Bandwidth

      The maximum bandwidth that can be used by sync tasks on this link. After you set the maximum bandwidth, the bandwidth is evenly and dynamically distributed among the current sync tasks on the link.

      Total Sync Tasks

      The number of sync tasks that can use this link. Tasks that exceed this limit are queued.

      Note

      Standard Edition instances support up to 5 concurrent sync tasks. Premium Edition instances support up to 10 concurrent sync tasks.

    8. On the Sync Link page, find the target link and click Enable in the Actions column.

    9. In the Notice dialog box, click OK.

      After you enable the sync link, you can create sync rules to sync images from the source instance to the destination instance. For more information, see Sync images between instances within the same account and Sync images between instances across different accounts. When you sync images, the sync link is automatically used to accelerate the synchronization.

    FAQ

    How to check the current link type

    To check the current link type, log on to the Container Registry console. On the management page of the Enterprise Instance, in the navigation pane on the left, choose Distribution > Sync Records. On the Sync Records page, you can view the link type for the sync task. The following link types are available:

    • Default Link: Uses the default link of the Enterprise instance.

    • Cross-border Acceleration Link: Uses the cross-border synchronization acceleration feature to accelerate image synchronization.

    • Custom Link: Uses a custom sync link to accelerate image synchronization.

    References

    To create a sync task using an API operation, see CreateRepoSyncTaskByRule - Create an image repository sync task and CreateRepoSyncTask - Manually create a repository sync task.