You can use Cloud Enterprise Network (CEN) to establish network communications between virtual private clouds (VPCs) in different regions. CEN offers a high-bandwidth and low-latency private network, providing a stable environment for your business.
Scenario
As shown in the figure, two VPCs have been created. Each has two vSwitches in different zones for disaster recovery, and one Elastic Compute Service (ECS) instance to verify connectivity.
VPC1
Region: China (Hangzhou)
IPv4 CIDR block: 10.0.0.0/16
vSwitch 1 in Zone J. CIDR block: 10.0.0.0/24
vSwitch 2 in Zone K. CIDR block: 10.0.1.0/24
ECS1 address: 10.0.0.1
VPC2
Region: China (Shanghai)
IPv4 CIDR block: 172.16.0.0/16
vSwitch 1 in Zone M. CIDR block: 172.16.0.0/24
vSwitch 2 in Zone N. CIDR block: 172.16.1.0/24
ECS2 address: 172.16.0.1
You can leverage CEN to connect the two VPCs in different regions.
When you plan the network, ensure that the CIDR blocks of the VPCs do not overlap.
Procedure
Step 1: Create a CEN instance
| |
| |
|
Step 2: Create two transit routers
| |
| |
| |
|
Step 3: Create an inter-region connection
| |
Keep the other parameters as their defaults, and click OK. Note When you select pay-by-data-transfer, the fee is settled by Cloud Data Transfer (CDT). Enable the CDT service if it is not activated. | |
|
Step 4: Attach the VPC to the transit router
| |
Keep the other parameters as their defaults, and click OK. Note To achieve cross-zone disaster recovery, the system automatically selects the two zones under the current VPC. If your VPC has only one vSwitch, you need to create at least one more vSwitch in a different zone. | |
| |
| |
|
Step 5: Verify connectivity
Before proceeding, ensure that the security group rules of both ECS instances permit ICMP protocol access. For more details, see View security group rules and Add security group rules.
Log on to ECS1 and run the ping command to access ECS2:
ping 172.16.0.1
A successful ping
command as shown in the figure confirms that the connection between VPC1 and VPC2 is working.
Related steps
Connect VPCs in more than two regions: If you need to create connections for VPCs in more than two regions, follow the steps in this topic. Create a transit router in each region, establish a connection between each pair of regions, and attach the VPCs to the transit router in the corresponding region. Make sure the CIDR blocks of VPCs do not overlap.
Quality of Service (QoS) bandwidth control: To manage inter-region traffic, you can classify and mark business traffic, and allocate bandwidth accordingly to enhance network quality and usage. For more information, see Use traffic scheduling to limit bandwidth for inter-region connections.
Traffic analysis: Transit routers capture traffic information of inter-region connections and generate flow logs. You can analyze inter-region traffic transmission by querying flow logs. For more information, see Configure flow logs.
Topology visualization: CEN generates a topology diagram based on your actual resources. To view the topology, go to the details page of the CEN instance and view it under the Network Topology tab.
FAQs
How is inter-region connection charged?
You can choose either the pay-by-data-transfer or subscription modes. In the subscription mode, you purchase bandwidth plans and allocate bandwidth to connections. For more information, see Billing rules.
What is the maximum bandwidth for an inter-region connection?
If you choose Pay-By-Data-Transfer as the bandwidth allocation mode, the maximum bandwidth is limited by quota constraints. For more information, see Quota.
If you choose Allocate from Bandwidth Plan, the maximum bandwidth is the value specified in your bandwidth plan. For more details, see Purchase bandwidth plan.
What is the latency of an inter-region connection?
Inter-region connections use the dedicated intranet lines of Alibaba Cloud, which have lower latency and a stabler connection than the Internet.