Cloud Enterprise Network (CEN) interconnects virtual private clouds (VPCs), virtual border routers (VBRs), Cloud Connect Network (CCN) instances, and IPsec-VPN connections through transit routers. Transit routers provide routing control, inter-region bandwidth management, multicast networking, and integrated monitoring for hybrid and multi-region network architectures on Alibaba Cloud.
Edition comparison
Transit routers are available in two editions: Basic Edition and Enterprise Edition.
Basic Edition transit routers support core connectivity (VPC, VBR, CCN, and transit router connections), inter-region communication, routing policies, and essential monitoring. Enterprise Edition transit routers add advanced routing (custom route tables, route learning, aggregate routes), IPsec-VPN connections, traffic scheduling, multicast, flow logs, and enhanced diagnostics. CCN connections are available only on Basic Edition transit routers.
Feature support matrix
In the following table, Supported indicates that the feature is available for the edition, and Not supported indicates that it is not available.
| Category | Feature | Basic Edition | Enterprise Edition |
|---|---|---|---|
| Network instance connections | VPC connections | Supported | Supported |
| VBR connections | Supported | Supported | |
| CCN connections | Supported | Not supported | |
| IPsec-VPN connections | Not supported | Supported | |
| Transit router connections | Supported | Supported | |
| Inter-region communication | Bandwidth plans | Supported | Supported |
| Inter-region connections | Supported | Supported | |
| Bandwidth multiplexing | Supported | Supported | |
| Traffic scheduling | Not supported | Supported | |
| Routes | Custom route tables | Not supported | Supported |
| Custom route entries | Not supported | Supported | |
| Associated forwarding | Not supported | Supported | |
| Route learning | Not supported | Supported | |
| Prefix lists | Not supported | Supported | |
| Route synchronization | Not supported | Supported | |
| Aggregate routes | Not supported | Supported | |
| Routing policies | Supported | Supported | |
| Multi-region ECMP routing for VBRs | Not supported | Supported | |
| Cloud services | Access to cloud services | Supported | Supported |
| Access to PrivateZone | Supported | Supported | |
| Multicast | Multicast networks | Not supported | Supported |
| Monitoring and O&M | Bandwidth plan monitoring | Supported | Supported |
| Inter-region connection monitoring | Supported | Supported | |
| Express Connect circuit monitoring | Supported | Supported | |
| Network instance connection monitoring | Not supported | Supported | |
| Health checks | Supported | Supported | |
| Flow logs | Not supported | Supported | |
| Transit router diagnostics | Not supported | Supported | |
| Reachability analyzer | Supported | Supported |
Regions that support CCN provide only Basic Edition transit routers. CCN connections are not available on Enterprise Edition transit routers.
Network instance connections
Attach network instances to a transit router to establish private communication between them. The transit router serves as the central hub for connecting different types of network instances.
VPC connections
Attach VPCs to a transit router to establish private connectivity between them. Combine VPC connections with inter-region connections to enable communication across regions.
VBR connections
Attach VBRs to a transit router to extend private network connectivity to on-premises data centers through Express Connect circuits.
CCN connections
Attach CCN instances to a transit router to connect Smart Access Gateway (SAG) devices and branch-office networks to your cloud environment. CCN connections are available only on Basic Edition transit routers.
IPsec-VPN connections
Connect on-premises data centers to an Enterprise Edition transit router through IPsec-VPN connections. After the connection is established, the data center communicates with all other network instances attached to the transit router.
Inter-region communication
Inter-region connections link transit routers in different regions, extending your network across multiple Alibaba Cloud regions.
Bandwidth plans and inter-region connections
An inter-region connection links transit routers deployed in different regions. Purchase a bandwidth plan that allocates bandwidth between the two regions to create an inter-region connection.
Bandwidth multiplexing
Share inter-region bandwidth resources between a CCN transit router and a regional transit router. Bandwidth multiplexing simplifies configuration and allows more flexible use of bandwidth across connected networks.
Traffic scheduling
Mark inter-region traffic with Differentiated Services Code Point (DSCP) values and throttle bandwidth by traffic type. Traffic scheduling provides granular control over bandwidth allocation so that each service type receives the bandwidth it needs.
Routes
Enterprise Edition transit routers provide advanced routing capabilities for fine-grained control over traffic forwarding and route advertisement across your network.
Custom route tables
Custom route tables function like Virtual Routing and Forwarding (VRF) on traditional routers. They are isolated from the default route table of an Enterprise Edition transit router, enabling traffic separation for different network instances based on their associated route tables.
Route learning
Route learning controls how network instances advertise their routes to a transit router. Enable route learning between a network instance and a route table to have the instance's routes appear in that route table automatically, reducing manual route configuration effort.
Associated forwarding
Associated forwarding controls how traffic from a network instance is forwarded. Associate a network instance with a route table so the Enterprise Edition transit router looks up routes in that table and forwards traffic accordingly.
Custom routes
Add static routes and blackhole routes to the route table of an Enterprise Edition transit router for direct control over traffic forwarding paths.
Prefix lists
Associate a VPC prefix list with the route table of an Enterprise Edition transit router. The system automatically adds routes pointing to the CIDR blocks in the prefix list, keeping the transit router route table in sync with VPC prefix list changes.
Route synchronization
Route synchronization enables Enterprise Edition transit routers to automatically advertise routes to attached network instances, eliminating manual route configuration.
Aggregate routes
Aggregate routes consolidate multiple specific routes on an Enterprise Edition transit router into a single summary route. When route synchronization is enabled for a VPC, the transit router advertises the aggregate route instead of individual specific routes, reducing the number of route entries in VPC route tables.
Routing policies
Routing policies filter, modify, or deny route advertisements based on match conditions and actions. Define routing policies to control whether routes in a transit router's route table are advertised to network instances or other transit routers.
Multi-region ECMP routing for VBRs
Enable multi-region equal-cost multi-path (ECMP) routing on an Enterprise Edition transit router to load-balance traffic across multiple VBRs. The transit router learns routes with the same destination CIDR block from different VBRs and distributes traffic across these equal-cost paths.
Cloud services
Transit routers provide on-premises networks with access to Alibaba Cloud services and private DNS resolution through PrivateZone.
PrivateZone
PrivateZone is a VPC-based DNS resolution and management service for private domain names. After attaching VBRs and CCN instances to a transit router, on-premises networks connected to the CEN instance can resolve private domain names through PrivateZone.
Cloud service access
After attaching VBRs and CCN instances to a transit router, on-premises networks connected to the transit router can access services deployed on Alibaba Cloud.
Multicast
Enterprise Edition transit routers support multicast networking for efficient one-to-many data distribution across your cloud network.
Multicast networks
Create and manage multicast networks after attaching network instances to an Enterprise Edition transit router. The transit router functions as a multicast router that forwards multicast packets between attached network instances.
Monitoring and O&M
CEN provides built-in monitoring, diagnostics, and troubleshooting tools for maintaining network health and resolving connectivity issues.
CEN monitoring
View monitoring data for transit routers, bandwidth plans, inter-region connections, Express Connect circuits connected to VBRs, and traffic on attached network instances from the Charts tab in the CEN console.
Health checks
Test the connectivity of Express Connect circuits by configuring health checks on VBRs attached to a transit router. Health checks continuously monitor the link status between your data center and Alibaba Cloud.
Flow logs
Flow logs capture information about inter-region traffic between transit routers and traffic over VBR connections. Use flow logs to analyze bandwidth usage patterns and troubleshoot network issues.
Transit router diagnostics
CEN integrates with Network Intelligence Service (NIS) to run diagnostics on transit routers and generate troubleshooting suggestions. Identify and resolve network errors on transit routers based on the diagnosis results.
Reachability analyzer
CEN integrates with Network Intelligence Service (NIS) to test the reachability of cloud resources. Use the reachability analyzer to verify connectivity between resources in your network.