Enable cross-border replication acceleration

When container images are automatically or manually replicated between the Chinese mainland and regions outside the Chinese mainland, the replication speed may be slow. Container Registry provides the cross-border replication acceleration and custom replication link features to accelerate cross-border image replication. This topic describes how to use the cross-border replication acceleration and custom replication link features.

Background information

The cross-border replication acceleration and custom replication link features have the following differences:

Cross-border replication acceleration: This feature uses scheduling policies and optimized network links to accelerate image replication between the Chinese mainland and regions outside the Chinese mainland.
Custom replication links: This feature uses custom Cloud Enterprise Network (CEN) network to build private network channels for different regions and implement cross-region network communication. If the cross-border replication acceleration feature cannot meet your requirements for the latency of instance replication, you can use the custom replication link feature to further accelerate image replication.

Note

You cannot replicate images from a public cloud region to a non-public cloud region, such as a Alibaba Cloud Finance region or a Alibaba Gov Cloud region.

Log on to the Container Registry console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Instances.
On the Instances page, click the Enterprise Edition instance that you want to manage.
On the management page of the Container Registry Enterprise Edition instance, choose Distribution > Instance Replication.
In the upper-left corner of the Instance Replication page, turn on Cross-border Replication Acceleration.
In the Tips message, click OK.
After you enable the cross-border replication acceleration feature, you can create a replication rule to replicate images from an instance to another instance. For more information, see Replicate images within the same account and Replicate images across accounts. When images are replicated, Container Registry automatically uses the cross-border replication acceleration feature.

Reference data for cross-border acceleration

The following table describes the latency of image replication in March 2022 after cross-border replication acceleration is enabled. The table collects the TP95 replication latency values of single-layer 1 GB images in different regions around the world. The latency values do not include the queue time of additional replication tasks beyond the maximum allowed concurrent replication tasks. In this example, the China (Hangzhou) region is used to represent the Chinese mainland.

Note

TP95 refers to the maximum latency of the 95th percentile of image replication tasks. For example, assume that 100 tasks have been executed. The latencies of the tasks are sorted in ascending order, and then the 95th value is taken as the TP95 value.

ACR

The cells in the preceding table are color-coded based on the latency of replication tasks.

Green: The latency is not greater than 30 seconds.
Blue: The latency is greater than 30 seconds and not greater than 1 minute.
Yellow: The latency is greater than 1 minute and not greater than 2 minutes.
Red: The latency is greater than 2 minutes and not greater than 3 minutes.

Custom replication link

Note

To use the custom replication link feature, submit a ticket.

You must complete the following operations before you can use the custom replication link feature:

A virtual private cloud (VPC) is created in the same regions as the source Container Registry instance and the destination Container Registry instance respectively. For more information, see Create and manage a VPC. In this topic, images in the China (Hangzhou) region are replicated to the Singapore region. You need to create a VPC separately in the China (Hangzhou) region and the Singapore region. The VPCs in the two regions are named test1 and test2.
A CEN instance is created. For more information, see Create a CEN instance.

If you use a Resource Access Management (RAM) user, you must grant the following permissions to the RAM user. For more information, see Attach custom policies to a RAM user.

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "cr:CreateSyncCustomLink",
                "cr:GetSyncCustomLink",
                "cr:UpdateSyncCustomLink",
                "cr:ListSyncCustomLink",
                "cr:DeleteSyncCustomLink"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

Step 1: Add the VPCs in the regions of the source instance and destination instance to the CEN instance

Create transit routers.
1. Log on to the CEN console.
2. On the Instances page, click the ID of the CEN instance that you want to manage.
3. On the Transit Router tab, click Create Route Router.
4. In the Create Transit Router dialog box, select Singapore from the Region drop-down list, configure Name and Description, and then click OK.
5. Repeat the preceding steps to create a transit router for the China (Hangzhou) region.
Associate the VPCs in the regions of the source instance and destination instance with the transit routers.
1. On the Transit Router tab, click Create Connection in the Actions column that corresponds to the transit router in the Singapore region.
2. On the Connection with Peer Network Instance page, set Instance Type to Virtual Private Cloud (VPC) and Region to Singapore. Configure Resource Owner ID, set Network Instance to test2, and select a primary zone and secondary zone for the transit router. Configure vSwitch and click OK.
3. Repeat the preceding steps to associate the VPC named test1 with the transit router in the China (Hangzhou) region.

Step 2: Configure the bandwidth for cross-region communication

Purchase a bandwidth plan.
For information about the billing of bandwidth plans, see Billing rules.
1. Before you purchase a bandwidth plan, you must submit your enterprise information on the Apply for cross-border Express Connect circuits page.
  Note
  You need to apply for a cross-border Express Connect circuit and purchase a cross-border bandwidth plan only if you replicate images from the Chinese mainland to a region outside the Chinese mainland. As shown in this example, images are replicated from China (Hangzhou) to Singapore. If you want to replicate images between regions outside the Chinese mainland, you do not need to apply for a cross-border Express Connect circuit and only need to purchase a non-cross-border bandwidth plan.
2. Log on to the CEN console.
3. On the Instances page, click the ID of the CEN instance that you want to manage.
4. On the Bandwidth Plans tab, click Purchase Bandwidth Plan (Subscription).
5. On the CEN Bandwidth Plan (Subscription) page, set Commodity Type to Cross-border, configure CEN ID, Area, Bandwidth, Bandwidth Package Name, and Order Time, and then click Buy Now.
  In this example, Area A is set to Mainland China and Area B is set to Asia Pacific.
  Note
  If you want to replicate images between regions outside the Chinese mainland, you must set Commodity Type to Non-cross-border on the CEN Bandwidth Plan (Subscription) page, and then set parameters such as CEN ID and Area.
6. On the Confirm Order page, click and read Alibaba Cloud International Website Product Terms of Service and Service Level Agreement. Then, click Pay.
Configure the bandwidth for cross-region communication.
1. On the Instances page of the CEN console, click the ID of the CEN instance that you want to manage.
2. On the Bandwidth Plans tab, click Allocate Bandwidth for Inter-region Communication.
3. On the Connection with Peer Network Instance page, set Instance Type to Inter-region Connection, Region to China (Hangzhou), Peer Region to Singapore, and Bandwidth Allocation Mode to Allocate from Bandwidth Plan, configure Bandwidth Plan and Bandwidth, and then click OK.

Step 3: Add the VPCs to the source instance and destination instance

Log on to the Container Registry console.
In the top navigation bar, select a region.
On the Instances page, click the card of the source Container Registry instance in the China (Hangzhou) region.
In the left-side navigation pane of the management page of the source instance, choose Repository > Access Control.
On the VPC tab, click Add VPC.
In the Add VPC dialog box, select test1 from the Existing VPC drop-down list, select a vSwitch, and click Confirm.
Repeat the preceding steps to add the VPC named test2 to the destination Container Registry instance in Singapore.
Note
Container Registry allows you to add a VPC to multiple destination instances in the same region. After you add a VPC to multiple destination instances in the same region, the multiple destination instances can use the link to replicate images.

Step 4: Create a custom replication link

Note

You can create only one custom replication link for the same cross-border regions. For example, you can create only one replication link from the China (Hangzhou) region to the Singapore region.

Log on to the Container Registry console.
In the top navigation bar, select a region.
On the Instances page, click the card of the source Container Registry instance in the China (Hangzhou) region.
In the left-side navigation pane of the management page of the source instance, choose Distribution > Synchronization Link. On the right side of the page that appears, click Add Synchronization Link.

In the Network Instance step of the Add Synchronization Link wizard, configure parameters and then click Next. The following table describes the parameters that you need to configure.

Parameter	Description
Link Name	Specify a name for the replication link.
Link Description	Enter a description for the replication link.
Instance ID/Name	Select the ID of the CEN instance.
Source Network	Configure the network parameters of the region where the source instance resides. Parameters: VPC: Select the VPC of the source instance. In this example, select test1. Note Before you select a VPC in the region of the source instance, the VPC must be added to the source instance and a cross-region bandwidth must be configured for the CEN instance. Otherwise, you cannot select the VPC. VSwitch: Select a vSwitch. vSwitches vary based on zones and regions. Follow the on-screen instructions to select a vSwitch. Security Group: Select a security group to make the link secure. Note Allow ports 80 and 443 in the inbound rule of the security group. Managed security groups are not supported.
Destination Network	Configure the network parameters of the region where the destination instance resides. Parameters: Region: Select the region where the destination instance resides. In this example, select Singapore. VPC: Select the VPC of the destination instance. In this example, select test2. Note Before you select a VPC in the region of the destination instance, the VPC must be added to the destination instance and a cross-region bandwidth must be configured for the CEN instance. Otherwise, you cannot select the VPC.

In the Interconnection Bandwidth step of the Add Synchronization Link wizard, configure parameters and then click Create. The following table describes the parameters that you need to configure.

Parameter	Description
Maximum Bandwidth	Configure the maximum bandwidth that you want to use when you use the replication link to replicate images. After you configure a maximum bandwidth, the current replication tasks on this link share the bandwidth and dynamically adjust individual bandwidths.
Maximum Synchronization Tasks	Configure the maximum replication tasks that you allow to concurrently use the replication link. The tasks beyond the maximum must be queued. Note A Standard Edition Container Registry instance supports 5 replication tasks. An Advance Edition Container Registry instance supports 10 replication tasks.

On the Synchronization Link page, click Enable in the Actions column that corresponds to the replication link.
In the Tips message, click OK.
After you enable the replication link, you can create a replication rule to replicate images from the source instance to the destination instance. For more information, see Replicate images within the same account and Replicate images across accounts. When images are replicated, Container Registry automatically uses the replication link to accelerate image replication.

View the link type

To view the type of the link used by a replication task, in the left-side navigation pane of the management page of the Container Registry Enterprise Edition instance, choose Distribution > Replication Record. On the Replication Record page, you can view the link type. Link types include:

Default Link: The replication task uses the default link of the Container Registry Enterprise Edition instance.
Cross-border Acceleration Link: The replication task uses the cross-border replication acceleration feature to accelerate image replication.
Custom Link: The replication task uses a custom replication link to accelerate image replication.

References

You can also call API operations to create a replication task. For more information, see CreateRepoSyncTaskByRule and CreateRepoSyncTask.