You can use Cloud Enterprise Network (CEN) or VPN Gateway to connect ApsaraMQ for Kafka instances deployed in different virtual private clouds (VPCs). Both services establish network connectivity between VPCs so that Kafka producers and consumers in one VPC can reach brokers in another.
Choose the right solution
| Criteria | CEN | VPN Gateway |
|---|---|---|
| Network path | Private backbone channels | Encrypted IPsec-VPN tunnels over the internet |
| Cross-account support | Same account and different Alibaba Cloud accounts | Not specified |
| Latency | Lower (private backbone) | Higher (internet-dependent) |
| Reliability | At least four standby connections between two nodes; automatic failover | Hot-standby architecture with failover in seconds |
| Cost | Not specified | Lower (uses existing internet bandwidth; more cost-efficient than leased lines) |
| Setup complexity | Not specified | Low (out-of-the-box, immediate effect) |
CEN
CEN establishes private channels between VPCs using automatic route distribution and learning, which accelerates network convergence, improves cross-network communication quality and security, and establishes connection among network-wide resources.
Use a CEN instance to connect VPCs that belong to the same Alibaba Cloud account or different accounts.
CEN benefits:
Global reach -- CEN is an enterprise-class network that connects global network resources of Alibaba Cloud and enterprises connected to Alibaba Cloud. IP addresses are guaranteed to be unique and non-conflicting. Access points and nodes in more than 60 regions. Controllers automatically learn and distribute routes for fast convergence on a global scale.
Low latency, high speed -- Transfers data at the highest rate supported by device ports, with lower latency than internet connections.
Built-in redundancy -- At least four standby connections between any two nodes. If a connection fails, standby connections take over without service interruption or network jitter.
Route conflict detection -- Systematic network monitoring automatically detects route conflicts caused by system changes, which helps maintain network stability.
For more information, see What is CEN?
VPN Gateway
VPN Gateway is an internet-based service that supports route-based IPsec-VPN connections between VPCs.
For setup instructions, see Establish IPsec-VPN connections between two VPCs.
VPN Gateway benefits:
Security -- Uses IKE and IPsec protocols to encrypt data in transit.
High availability -- Hot-standby architecture supports failover in seconds with session persistence and zero service downtime.
Low cost -- Encrypted connections over the internet cost less than leased lines.
Immediate setup -- Out-of-the-box service. Configurations take effect immediately.