Creates a Virtual Border Router (VBR) connection on an Enterprise Edition transit router in the same region to enable private network peering between the VBR network instance and the transit router.
Operation description
-
For information about the regions and zones supported by Enterprise Edition transit routers, see What is Cloud Enterprise Network (CEN)?.
-
You can create a VBR connection on an Enterprise Edition transit router in the following ways:
If you have already created an Enterprise Edition transit router instance in the target region, you can create a VBR connection by specifying VbrId, RegionId, and TransitRouterId.
If you do not have an Enterprise Edition transit router instance in the target region, you can create a VBR connection by specifying VbrId, CenId, and RegionId. The system automatically creates an Enterprise Edition transit router instance when the VBR connection is created.
-
CreateTransitRouterVbrAttachment is an asynchronous operation. After you send a request, the system returns a VBR connection ID but the VBR connection is not yet created. The creation task runs in the background. You can call ListTransitRouterVbrAttachments to query the status of the VBR connection.
If the VBR connection is in the Attaching state, the VBR connection is being created. In this state, you can only query the VBR connection and cannot perform other operations on it.
If the VBR connection is in the Attached state, the VBR connection is created.
-
The Alibaba Cloud account that owns the transit router and the Alibaba Cloud account that owns the VBR instance must belong to the same enterprise.
-
Transit routers support connections to VBR instances that belong to the same account or a different account. Before creating a cross-account VBR connection, obtain authorization from the VBR instance owner. For more information, see Cross-account authorization for network instances.
-
After a VBR connection is created, the VBR connection does not establish route learning or association forwarding relationships with any transit router route table by default.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
cen:CreateTransitRouterVbrAttachment |
create |
CenInstance
TransitRouter
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| ClientToken |
string |
No |
The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters. Note
If you do not specify this parameter, the system automatically uses the RequestId of the API request as the ClientToken. The RequestId may be different for each API request. |
02fb3da4-130e-11e9-8e44-001**** |
| CenId |
string |
No |
The Cloud Enterprise Network (CEN) instance ID. |
cen-j3jzhw1zpau2km**** |
| TransitRouterId |
string |
No |
The Enterprise Edition transit router instance ID. |
tr-bp1su1ytdxtataupl**** |
| RegionId |
string |
No |
The region ID of the VBR instance. You can call DescribeRegions to query the most recent region list. |
cn-hangzhou |
| TransitRouterAttachmentName |
string |
No |
The name of the VBR connection. The name can be empty or 1 to 128 characters in length, and cannot start with http:// or https://. |
testname |
| TransitRouterAttachmentDescription |
string |
No |
The description of the VBR connection. The description can be empty or 1 to 256 characters in length, and cannot start with http:// or https://. |
testdesc |
| VbrId |
string |
Yes |
The VBR instance ID. |
vbr-bp1svadp4lq38janc**** |
| VbrOwnerId |
integer |
No |
The Alibaba Cloud account ID of the Alibaba Cloud account that owns the VBR instance. The default value is the Alibaba Cloud account ID of the current logon account. Note
This parameter is required if you want to load a network instance that belongs to a different account. |
1250123456123456 |
| AutoPublishRouteEnabled |
boolean |
No |
Specifies whether to allow the Enterprise Edition transit router to automatically publish routes to the VBR instance.
|
false |
| DryRun |
boolean |
No |
Specifies whether to perform a dry run, including permission and instance status verification. Valid values:
|
false |
| Tag |
array<object> |
No |
The tag information. You can specify up to 20 tags at a time. |
|
|
object |
No |
|||
| Key |
string |
No |
The tag key of the resource. The tag key cannot be an empty string. The tag key can be up to 64 characters in length and cannot start with You can specify up to 20 tag keys at a time. |
TagKey |
| Value |
string |
No |
The tag value of the resource. The tag value can be an empty string or up to 128 characters in length. It cannot start with Each tag key corresponds to one tag value. You can specify up to 20 tag values at a time. |
TagValue |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
The response parameters. |
||
| TransitRouterAttachmentId |
string |
The ID of the VBR connection. |
tr-attach-ia340z7xis7t5s**** |
| RequestId |
string |
The request ID. |
C087A369-82B9-43EF-91F4-4B63A9C6E6B6 |
Examples
Success response
JSON format
{
"TransitRouterAttachmentId": "tr-attach-ia340z7xis7t5s****",
"RequestId": "C087A369-82B9-43EF-91F4-4B63A9C6E6B6"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | NoPermission.AliyunServiceRolePolicyForCEN | You are not authorized to create the service linked role. Role Name: AliyunServiceRolePolicyForCEN. Service Name: cen.aliyuncs.com. Make sure that the user has been granted the ram:CreateServiceLinkedRole permission. | The error message returned because you do not have the permissions to create the service-linked role whose role name is AliyunServiceRolePolicyForCEN and service name is cen.aliyuncs.com. You must acquire the ram:CreateServiceLinkedRole permission before you can create the service-linked role. |
| 400 | OperationUnsupported.TransitRouterRegionId | The specified TransitRouterRegion does not support the operation. | |
| 400 | InvalidCenId.NotFound | CenId is not found. | The error message returned because the specified CEN instance does not exist. |
| 400 | InvalidStatus.ResourceStatus | The resource is not in a valid state for the attachment operation. | The error message returned because the status of the specified resource does not support this operation. Try again later. |
| 400 | InvalidTransitRouterId.NotFound | TransitRouterId is not found. | The error message returned because the ID of the transit router does not exist. |
| 400 | Forbbiden.TransitRouterServiceNotOpen | The user has not open transit router service. | The error message returned because the transit router is disabled. Enable the transit router and try again. |
| 400 | OperationUnsupported.TransitRouterType | The specified TransitRouterType does not support the operation. | The error message returned because this operation is not supported by the specified type of transit router. |
| 400 | MissingParam.CenIdOrRegionId | Either CenId or RegionId must be specified. | The error message returned because the CenId or RegionId parameter is not set. |
| 400 | IncorrectStatus.Vpc | The resource is not in a valid state for the attachment operation. | The error message returned because the status of the VPC does not support this operation. Try again later. |
| 400 | Forbidden.VbrDeviceModel | Attach VBR on some access device models are forbidden. | The error message returned because the mode of the VBR does not support this operation. |
| 400 | IllegalParam.AssociateRouteTableId | The specified AssociateRouteTableId is illegal. | The error message returned because the specified route table ID (AssociateRouteTableId) is invalid. |
| 400 | Forbbiden.AttachChildInstanceAcrossBid | Operation is invalid, please apply for cross-bid attaching. | |
| 400 | IllegalParam.RegionId | RegionId is illegal. | The error message returned because the specified region is invalid. |
| 400 | OperationUnsupported.CenFullLevel | CEN full level does not support TransitRouter | The error message returned because CEN instances of the Full type do not support Enterprise Edition transit routers. |
| 400 | OperationUnsupported.VbrAttachment | This region not support vbr attachment. | The error message returned because VBR attachments are not supported in the specified region. |
| 400 | InvalidOperation.CenInstanceStatus | The CEN instance is not in a valid state for the operation. | |
| 400 | OperationUnsupported.CloudBoxVbrNotSupport | Cloud Box Vbr does not support. | The error message returned because the instance cannot be connected to a CloudBox. |
| 400 | IncorrectStatus.VbrResource | The resource is not in a valid state for the attachment operation. | The error message returned because this operation is not supported when the specified VBR is in an unstable state. Wait until all operations related to the VBR are completed. |
| 400 | IncorrectStatus.TransitRouter | The status of TransitRouter is incorrect. | The error message returned because the status of the transit router does not support this operation. Try again later. |
| 400 | QuotaExceeded.CenQuotaVbrAttachPerTransitRouter | The maximum number of VBR attachment per Transit Router is exceeded. | The error message returned because specified number of VBRs to be attache to the transit router exceeds the upper limit. You can submit a ticket to request a quota increase. |
| 400 | QuotaFull.ChildInstanceRelatedCen | The childinstance has exceed the quota of the times that a childinstance can be attached as an attachment. | The error message returned because the number of CEN instances to which the instance is attached has reached the upper limit. You cannot attach the instance to more CEN instances. |
| 400 | Forbidden.ResourceOwnerTransitRouterServiceNotOpen | The resource owner user has not opened transit router service. | The transit router service for the resource owner's account is not currently opened. Please inform them to open the transit router service and then try again. |
| 400 | InvalidOperation.VbrAttachedToEcr | VBR has alreay attached to ECR. | VBR has alreay attached to ECR. |
| 400 | Forbidden.ResourceOwnerTransitRouterServiceExpired | The transit router service of the account to which the resource belongs has been suspended due to arrears. Please notify the other party to renew the service and try again. | The transit router service of the account to which the resource belongs has been suspended. Please notify the other party to renew the service and try again. |
| 400 | Forbidden.TransitRouterServiceExpired | The transit router service is out of service. | The transit router service has been suspended due for payment. Please renew the service and try again. |
| 400 | InvalidParameter | Invalid parameter. | The error message returned because the parameter is set to an invalid value. |
| 400 | Unauthorized | The AccessKeyId is unauthorized. | The error message returned because you do not have the permissions to perform this operation. |
| 400 | InvalidParameter.ResourceType | The specified parameter ResourceType is invalid. | |
| 400 | InvalidParameter.TagValue | The specified parameter TagValue is invalid. | The input parameter Tag Value is invalid. |
| 403 | Forbidden.VbrDeviceModel | The attached VBR on some access device models are not supported. Please submit a ticket to continue using this VBR on CEN. | The error message returned because the mode of the VBR does not support this operation. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.