Cloud Enterprise Network (CEN) is a highly available network service that operates on Alibaba Cloud's private global backbone. CEN uses a Transit Router (TR) as a central hub to establish private communication channels between virtual private clouds (VPCs) across different regions and between VPCs and your on-premises data centers, creating a flexible, reliable, and large-scale enterprise-grade cloud network.
Components
Component diagram | Component name | Description |
| CEN instance | A CEN Instance is the basic resource for creating and managing an integrated, intelligent cloud network. It serves as a container for Transit Routers. A single CEN Instance can contain one or more TRs. Multiple TRs can be attached with inter-region connections, letting you flexibly build your interconnected cloud network. |
| TR | A TR is the core network transit hub within a region. It forwards traffic within the same region or across different regions and lets you define flexible routing policies. Within a CEN Instance, you can create one TR per region. |
| Network instance | A network instance is a key component of your cloud or on-premises network architecture. Common network instances include VPC, ECR, CCN, IPsec-VPN connection, VBR, and TR. A TR connects to these network instances to forward traffic and enable communication between different network environments. |
| Network instance connection | Attaching a network instance to a TR creates a network instance connection. This way, you can interconnect your cloud resources, cross-region resources, and hybrid cloud environments. To connect different types of network instances, you must create the corresponding connection on the TR: VPC connection, ECR connection, CCN connection, VPN connection, VBR connection, or inter-region connection. |
| TR route table | After you connect a network instance to a TR, the TR uses a route table to forward traffic from the network instance. By default, a TR includes one system route table. You can also create custom route tables and define interconnection, isolation, and traffic forwarding policies through route association and learning. This flexibility supports a wide range of networking requirements. |
Use cases
CEN supports the following typical interconnection scenarios:
Intra-region VPC connection: Connect multiple VPCs in the same region.
Inter-region VPC connection: Connect VPCs in different regions.
Hybrid cloud connection: Connect multiple VPCs in the cloud to an on-premises data center.
Other use cases:
Filter traffic between VPCs
Use the TR's routing capabilities to steer traffic through a security appliance for filtering. This setup ensures that only filtered traffic can communicate between networks, enhancing network security. For more information, see Enable secure network communication using Enterprise Edition transit routers.
Access shared services from isolated VPCs
Use the routing capabilities of a TR to let isolated VPCs access a shared service VPC while keeping them isolated from each other. For more information, see Allow isolated VPCs to access a shared service.
Inter-region QoS
With traffic scheduling, you can tag different types of cross-region traffic and apply bandwidth limits based on those tags. This ensures sufficient bandwidth for critical applications and improves overall network efficiency. For more information, see Use the traffic scheduling feature to control the inter-region bandwidth for different traffic types.
Inter-region traffic analysis
Flow Logs capture traffic information transmitted through TRs and network instance connections, including inter-region, VPC, VPN, ECR, and VBR connections. For more information, see Configure flow logs.
Cloud multicast
After connecting network instances to a TR, you can create and manage a multicast network. The TR acts as a multicast router to forward multicast traffic between the network instances. For more information, see Multicast management.
Benefits
Global-scale interconnectivity | Low latency, high throughput | High reliability, high quality |
TRs quickly connect VPCs and on-premises networks across multiple regions, enabling global resource interconnectivity. Within a single region, an Enterprise Edition TR can interconnect up to 1,000 VPCs, meeting enterprise-scale growth needs. | TRs deliver low-latency, high-throughput network performance. Intra-region interconnectivity can achieve line-rate speeds. Global interconnectivity offers significantly lower latency than Internet routing. | TRs deploy forwarding nodes across multiple zones. Traffic is routed to the nearest node under normal conditions and automatically fails over to another zone if an outage occurs, ensuring uninterrupted service. High-quality transmission paths exist between any two network nodes. If a path fails, the network converges automatically without impacting your applications. |
Secure and flexible enterprise networking | Pay-as-you-go, rapid provisioning | One-stop O&M |
TRs support custom routing policies for advanced enterprise architectures, such as isolating security domains, implementing a unified Demilitarized Zone (DMZ) egress, and building service chains. | TRs support usage-based billing. For intra-region traffic, you pay only for connected network instances and the traffic processed by the TR. Inter-region links can be provisioned and upgraded/downgraded instantly, eliminating upfront hardware or circuit costs and reducing network deployment expenses. | The console provides a visual management interface with geographical and resource-based views. You can quickly view intra-region and inter-region network topologies to monitor your global network status and improve O&M efficiency. |
Regions and zones supported by TRs
TRs are available in Enterprise Edition and Basic Edition:
The Basic Edition is no longer available for new purchases. All new Transit Routers are Enterprise Edition, except in CCN regions.
The Enterprise Edition is an enhanced version of the Basic Edition. It includes all Basic Edition features and adds support for flexible routing policies. For more information, see How transit routers work.
The following table lists the regions and zones where Enterprise Edition TRs are available.
Table 1: Regions and zones that support Enterprise Edition transit routers
Area | Region | Zone |
Chinese Mainland | China (Hangzhou) | Zone B, Zone H, Zone I, Zone J, and Zone K |
China (Shanghai) | Zone F, Zone G, Zone E, Zone B, Zone N, Zone M, and Zone L | |
China (Nanjing - Local Region) Closing Down | Zone A | |
China (Fuzhou - Local Region) Closing Down | Zone A | |
China (Shenzhen) | Zone D, Zone E, Zone F, Zone A (unavailable to new users), and Zone C | |
China (Heyuan) | Zone A and Zone B | |
China (Guangzhou) | Zone A and Zone B | |
China (Qingdao) | Zone B and Zone C | |
China (Beijing) | Zone C, Zone F, Zone H, Zone G, Zone J, Zone K, Zone I, and Zone L | |
China (Zhangjiakou) | Zone A, Zone B, and Zone C | |
China (Hohhot) | Zone A and Zone B | |
China (Ulanqab) | Zone A, Zone B, and Zone C | |
China (Chengdu) | Zone A and Zone B | |
Asia Pacific | Singapore | Zone A, Zone B, and Zone C |
China (Hong Kong) | Zone B, Zone C, and Zone D | |
Malaysia (Kuala Lumpur) | Zone A, Zone B and Zone C | |
Indonesia (Jakarta) | Zone A, Zone B, and Zone C | |
Philippines (Manila) | Zone A | |
Japan (Tokyo) | Zone A, Zone B, and Zone C | |
South Korea (Seoul) | Zone A, Zone B | |
Thailand (Bangkok) | Zone A, Zone B | |
Europe | Germany (Frankfurt) | Zone A, Zone B, and Zone C |
UK (London) | Zone A and Zone B | |
North America | US (Virginia) | Zone A and Zone B |
US (Silicon Valley) | Zone A and Zone B | |
Mexico | Zone A | |
Middle East | UAE (Dubai) | Zone A and Zone B |
SAU (Riyadh - Partner Region) | Zone A and Zone B |
The following table lists the regions that support CCN. When you create a TR in a CCN region, it is a Basic Edition TR by default.
Table 2: Regions and zones that support Basic Edition transit routers
Area | Region |
Chinese Mainland | Chinese Mainland CCN |
Asia Pacific | Japan CCN, Singapore CCN, Hong Kong CCN, Malaysia CCN, and Indonesia CCN |
Europe | Frankfurt CCN |
Network transmission
Alibaba Cloud provides a high-performance, low-latency private network to meet your networking needs in a secure cloud environment. Multiple factors can cause packet loss during network transmission, including network flow collisions, data-link layer errors, and other network failures. The operational goal for Alibaba Cloud's transit network is to maintain a P99 hourly packet loss rate of less than 0.0001% for inter-region data transmission.
When using CEN, keep the following in mind:
The Alibaba Cloud transit network routes only traffic managed by CEN. Transmitting traffic through CEN between different regions with sufficient bandwidth helps minimize packet loss.
China Unicom provides the dedicated lines that connect the Chinese mainland with other regions. The operational goals for these lines are consistent with those of the Alibaba Cloud transit network.
Get started with CEN
Use the console: See Connect VPCs in the same region.