Connect an ECR to a transit router to establish network communication between a data center and cloud networks - Cloud Enterprise Network

To allow a data center connected to an Express Connect Router (ECR) to communicate with networks that are connected to a transit router, connect the ECR to the transit router.

Background information

After a data center is connected to Alibaba Cloud over an Express Connect circuit, the data center can use an ECR to communicate with virtual private cloud (VPCs) over low-latency connections.Virtual Private Cloud (VPC) However, ECRs do not support communication between data centers and networks that are connected to Alibaba Cloud by using other methods, such as VPN attachments. In addition, ECRs do not support network communication between cloud networks, such as between VPCs. To allow a data center to communicate with cloud networks, connect the ECR of the data center and the VPCs to a transit router. Transit routers support network communication between data centers and cloud networks.

Limits

ECR connections are in public preview. To use this feature, contact your account manager.
Only Enterprise Edition transit routers support ECR connections.
If a virtual border router (VBR) is connected to a transit router, the transit router does not support ECR connections. If an ECR is connected to a transit router, the transit router does not support VBR connections.
If you want to connect a VPC to a transit router and an ECR, route synchronization cannot be enabled between the VPC and the transit router.
In a region, an ECR can be connected to only one transit router.
For example, a company created two Cloud Enterprise Network (CEN) instances. Both CEN instances have a transit router deployed in the China (Hangzhou) region. In this case, an ECR can connect to only one of the transit routers in the China (Hangzhou) region.
For more information about ECRs, see Quota limits.

Route advertisement rules

If an ECR is connected to a VPC and a transit router, the VPC and transit router cannot advertise routes to each other or communicate with each other by using the ECR.
If you add a static route or a route prefix that points to the ECR to the route table of the transit router, the following rules apply:
- The route is not advertised to the route table of the peer transit router of an inter-region connection. You can manually add a route that points to the ECR to the route table of the peer transit router.
- If a VPC and an IPsec connection is attached to a transit router and route synchronization is enabled for the VPC and IPsec connection, the route can be advertised to the route tables of the VPC and IPsec connection.
After you connect an ECR to a transit router, a default routing policy whose direction is Egress Regional Gateway, priority is 5000, and action is Reject is automatically added to the route table of the transit router. This routing policy disables route advertisement between IPsec connections, ECRs, VBRs, and Cloud Connect Network (CCN) instances.
To allow IPsec connections, ECRs, VBRs, and CCN instances to advertise routes to each other, add a routing policy that has a higher priority and set the action to Allow. For more information, see Routing policy overview.

Billing

After an ECR is connected to a transit router, the ECR is charged a connection fee and a data forwarding fee. For more information, see Billing rules.

Prerequisites

Before you connect an ECR to a transit router, make sure that the following requirements are met:

An ECR is created. For more information, see Create and manage an ECR.
A transit router is created. For more information, see Create a transit router.
The transit router and the ECR to be connected to the transit router can belong to the same Alibaba Cloud account or different Alibaba Cloud accounts. If the transit router and ECR belong to different Alibaba Cloud accounts, the transit router must be granted permissions on the ECR by the Alibaba Cloud account that owns the ECR. For more information, see Acquire permissions to connect to a network instance that belongs to another account.

Procedure

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the Basic Settings > Transit Router tab, find the transit router that you want to manage and click Create Connection in the Actions column.

On the Connection with Peer Network Instance page, configure the parameters and click OK. The following table describes the parameters.

Parameter	Description
Network Type	Select ECR.
Region	Select the region in which the transit router is deployed.
Transit Router	The ID of the transit router in the selected region is automatically displayed.
Resource Owner ID	Select the Alibaba Cloud accounts to which the ECR and transit router belong. If the network instance and the transit router that you want to connect belong to the same Alibaba Cloud account, select Current Account. If the network instance and the transit router that you want to connect belong to different Alibaba Cloud accounts, select Different Account, and enter the ID of the Alibaba Cloud account to which the network instance belongs.
Attachment Name	Enter a name for the ECR connection.
Network Instance	Select the ECR that you want to connect to the transit router.
Route Prefix	Select the route prefix that the transit router can advertise to the ECR. Before you can select a route prefix, you must specify a route prefix in the Express Connect console. After you select a route prefix, the transit router does not advertise specific routes to the ECR. Only the selected route prefix is advertised to the ECR. You can specify route prefixes only in the Express Connect console. For more information, see Update route prefixes.
Advanced Settings	When you connect an ECR to a transit router, the following advanced features are automatically selected: Associate with Default Route Table of Transit Router After this feature is enabled, the ECR is automatically associated with the default route table of the transit router. The transit router forwards network traffic from the ECR by querying the default route table. Propagate System Routes to Default Route Table of Transit Router After this feature is enabled, the ECR advertises the routes of the data center connected to the ECR to the default route table of the transit router. Automatically Advertise Routes to ECR After this feature is enabled, the routes in the transit router route table that is associated with the ECR are automatically advertised to the route table of the ECR. Important Automatically Advertise Routes to ECR is enabled by default, and cannot be disabled. If a route prefix is specified for the transit router in the Express Connect console, only the specified route prefix is advertised to the ECR. Specific routes in the route table of the transit router are not advertised to the ECR. You can clear the check boxes to disable the advanced features. If you want to allow the ECR to communicate with other network instances, you can configure custom routing features such as associated forwarding and route learning for the transit router. For more information, see Manage routes.

Change the transit router route table associated with the ECR connection

After you create an ECR connection, you can change the transit router route table that is associated with the ECR connection.

Warning

After you change the transit router route table, the routes synchronized to the ECR are withdrawn. Then, the routes in the new route table are synchronized to the route tables of the ECR.

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the Basic Settings > Transit Router tab, click the ID of the transit router that you want to manage.
On the Intra-region Connections tab, click the ID of the ECR connection that you want to manage.
In the Attachment Details panel, find the Basic Information section and click Modify next to Associated Route Table.
In the Modify Route Table dialog box, select a route table and click OK.