Create an ECR connection - Cloud Enterprise Network - Alibaba Cloud Documentation Center

This topic describes how to connect an Express Connect Router (ECR) to a transit router so that your data center can communicate with virtual private clouds (VPCs) and other networks attached to the transit router.

Why connect an ECR to a transit router

After your data center is connected to Alibaba Cloud over an Express Connect circuit, it can use an ECR to reach VPCs over low-latency links. ECRs do not support:

Communication between data centers and networks connected by other means (for example, VPN attachments)
Communication between cloud networks (for example, between VPCs)

To allow your data center to communicate with VPCs and other cloud networks, connect both the ECR and those networks to a transit router. The transit router forwards traffic between the data center and the attached networks.

Limits

Only Enterprise Edition transit routers support ECR connections.
If a VPC is connected to both a transit router and an ECR, you cannot enable route synchronization between that VPC and the transit router.
In each region, an ECR can connect to only one transit router. Example: a company has two Cloud Enterprise Network (CEN) instances, each with a transit router in China (Hangzhou). The ECR can connect to only one of those two transit routers.
For more about ECRs, see Express Connect Router.

Route advertisement rules

If an ECR is connected to both a VPC and a transit router, the VPC and transit router do not advertise routes to each other and cannot communicate over the ECR.
If you add a static route or route prefix pointing to the ECR to the transit router route table:
- The route is not advertised to the route table of the peer transit router of an inter-region connection. You can manually add a route pointing to the ECR to the peer transit router.
- If a VPC and an IPsec connection are attached to the transit router and route synchronization is enabled for both, the route can be advertised to their route tables.
After you connect an ECR to a transit router, a default routing policy is added to the transit router route table: direction Egress Regional Gateway, priority 5000, action Reject. This policy blocks route advertisement between IPsec connections, ECRs, VBRs, and Cloud Connect Network (CCN) instances. To allow those attachments to advertise routes to each other, add a routing policy with higher priority and set the action to Allow. See Routing policies.

Billing

After an ECR is connected to a transit router, you are charged a connection fee and a data forwarding fee. See Billing.

Prerequisites

Before you connect an ECR to a transit router, ensure that you have:

An ECR. See Create and manage an ECR.
A transit router. See Create a transit router.
(Cross-account only) The transit router granted permissions on the ECR by the account that owns the ECR. See Acquire permissions to connect to a network instance that belongs to another account.

Procedure

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On thetab, find the transit router that you want to manage and click Create Connection in the Actions column.
On the Connection with Peer Network Instance page, configure the parameters and click OK.

Parameter	Description
Instance Type	Select ECR.
Region	Select the region where the transit router is deployed.
Transit Router	The transit router ID in the selected region is displayed automatically.
Resource Owner ID	Current Account if the ECR and transit router belong to the same account; Different Account if not, and enter the primary account ID of the ECR owner.
Attachment Name	A name for the ECR connection.
Network Instance	The ECR to connect to the transit router.
Route Prefix	The route prefix that the transit router can advertise to the ECR. Specify the prefix in the Express Connect console first. After you select a prefix, the transit router advertises only that prefix to the ECR, not specific routes. See Create and manage an ECR.
Advanced Settings	Optional. By default the following are enabled. Associate with Default Route Table of Transit Router – The ECR is associated with the default route table. The transit router forwards traffic from the ECR using that table. Propagate System Routes to Default Route Table of Transit Router – The ECR advertises the data center routes to the default route table. Automatically Advertise Routes to ECR – Routes in the transit router route table associated with the ECR are advertised to the ECR. This option is enabled by default and cannot be disabled. If you set a route prefix in the Express Connect console, only that prefix is advertised to the ECR; specific routes are not. You can clear them to use custom routing (associated forwarding, route learning). See Manage routes.

Change the transit router route table associated with the ECR connection

After you create an ECR connection, you can change which transit router route table is associated with it.

Warning

After you change the associated route table, routes previously synchronized to the ECR are withdrawn. The routes in the new route table are then synchronized to the ECR.

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the Basic Information > Transit Router tab, click the ID of the transit router that you want to manage.
On the Intra-region Connections tab, click the ID of the ECR connection that you want to manage.
In the Attachment Details panel, under Basic Information, click Modify next to Associated Route Table.
In the Modify Route Table dialog box, select a route table and click OK.