Cloud Enterprise Network (CEN) allows you to build a global network that consists of hybrid clouds and distributed systems. You can attach virtual private clouds (VPCs), virtual border routers (VBRs), and Cloud Connect Network (CCN) instances to the same CEN instance to enable network communication. This topic describes how to use CEN to enable inter-region network communication.

Scenario

The following scenario is used in this topic. A company has a data center in Hangzhou. The data center is connected to Alibaba Cloud through Express Connect circuits and VBRs. The company has a branch office in Shanghai, whose network is connected to Alibaba Cloud through Smart Access Gateway (SAG) and CCN. The company has a VPC in the China (Hangzhou) region. Elastic Compute Service (ECS) instances are deployed in the VPC.

Due to business growth, the company wants to use CEN to enable network communication between the data center and the VPC, and between the branch office and the VPC.

cen
The following table describes the CIDR blocks allocated to the networks.
Notice Make sure that the CIDR blocks do not overlap.
Item VPC VBR Data center Branch office
Region China (Hangzhou) China (Hangzhou) China (Hangzhou) China (Shanghai)
CIDR block 192.168.0.0/16
  • VLAN ID: 0
  • IPv4 CIDR block at the Alibaba Cloud side: 172.16.1.2/30
  • IPv4 CIDR block at the customer side: 172.16.1.1/30
 Data center CIDR block: 172.16.0.0/16 Branch office CIDR block: 10.0.0.0/16
Server IP address ECS instance IP address: 192.168.20.161 N/A IP address of a server in the data center: 172.16.0.89 IP address of a server in the branch office: 10.0.0.33

Procedure

The following figure shows the procedure for enabling inter-region network communication.

  • If the CEN instance and the network instances that you want to attach to the CEN instance belong to the same Alibaba Cloud account, you can attach the network instances to the CEN instance.
  • If the CEN instance and the network instances that you want to attach to the CEN instance belong to different Alibaba Cloud accounts, you must grant permissions to the accounts before you can attach the network instances. After the required permissions are granted to the accounts, you can attach the network instances to the same CEN instance to enable private network communication.
Intra-region but inter-account network communication (in the previous console version)

Prerequisites

  • The data center is connected to Alibaba Cloud through Express Connect circuits and VBRs. For more information, see Connect to an ECS instance from a data center by using an Express Connect circuit.
  • The branch office is connected to Alibaba Cloud through SAG and CCN. For more information, see SAG Tutorials.
  • A VPC is deployed in the China (Hangzhou) region. ECS instances are deployed in the VPC. For more information, see Create an IPv4 VPC.
  • You are aware of the security group rules of the ECS instance that is deployed in the VPC, and the access control rules of the data center and the branch office. Make sure that the security rules and access control rules allow the VPC to communicate with the data center and branch office network. For more information, see Query security group rules and Add security group rules.
  • Make sure that the network instances are not attached to another CEN instance.

Step 1: Create a CEN instance

When you create a CEN instance, you can select a network instance that belongs to the same account as the CEN instance and attach the network instance to the CEN instance.

  1. Log on to the CEN console.
  2. On the Instances page, click Create CEN Instance.
  3. In the Create CEN Instance panel, set the following parameters and click OK.
    • Name: Enter a name for the CEN instance.

      The name must be 2 to 128 characters in length and can contain digits, hyphens (-), and underscores (_). It must start with a letter.

    • Description: Enter a description for the CEN instance.

      The description must be 2 to 256 characters in length, and cannot start with http:// or https://. You can leave this parameter empty.

    • Attach Network: Attach network instances that belong to the same Alibaba Cloud account to the CEN instance.
      • Network Type: Select the type of network instance. VPC is selected in this example.
      • Region: Select the region where the network instance is created. In this example, China (Hangzhou) is selected.
      • Networks: Select the network instance that you want to attach.

Step 2: Attach network instances to the CEN instance

Attach the network instances that need to communicate with each other to the same CEN instance. After you attach network instances to a CEN instance, the CEN instance automatically learns routes of the attached network instances. Then, the network instances can communicate with each other.

Note In this example, a VPC is attached to the CEN instance in Step 1: Create a CEN instance. You must also attach the VBR and CCN instance to the CEN instance.

Attach a network instance that is created by the same account

  1. Log on to the CEN console.
  2. On the Instances page, find the CEN instance that you want to manage and click the instance ID.
  3. Click the Networks tab and then click Attach Network.
  4. In the Attach Network panel, click the Your Account tab.
  5. Set the following parameters to attach the network instance to the CEN instance and click OK:
    • Network Type: Select the type of network instance that you want to attach. In this example, Virtual Border Router (VBR) is selected.
    • Region: Select the region where the network instance is created. In this example, China (Hangzhou) is selected.
    • Networks: Select the VBR that you want to attach.
  6. Repeat this step to attach the CCN instance to the CEN instance.

Attach a network instance that is created by a different account

You must acquire the required permissions from the account of the network instance that you want to attach. After you acquire the permissions, you must obtain the account ID and the ID of the network instance that you want to attach.

  • You must acquire the required permissions from the Alibaba Cloud account to which the VPC belongs before you attach the VPC. For more information, see VPC authorization.
  • You must acquire the required permissions from the Alibaba Cloud account to which the VBR belongs before you attach the VBR. For more information, see VBR authorization.
  • You must acquire the required permissions from the Alibaba Cloud account to which the CCN instance belongs before you attach the CCN instance. For more information, see CCN instance authorization.
  1. Log on to the CEN console.
  2. On the Instances page, find the CEN instance that you want to manage and click the instance ID.
  3. Click the Networks tab and then click Attach Network.
  4. In the Attach Network panel, click the Different Account tab.
  5. Set the following parameters to attach the network instance to the CEN instance and click OK:
    • Owner Account: Enter the ID of the account to which the network instance belongs.
    • Network Type: Select the type of network instance to attach. In this example, Virtual Border Router (VBR) is selected.
    • Region: Select the region where the network instance is created. In this example, China (Hangzhou) is selected.
    • Networks: Select the VBR that you want to attach.
  6. Repeat this step to attach the CCN instance to the CEN instance.

Step 3: Allocate bandwidth for inter-region network connections

Network instances that are deployed in the same region and attached to the same CEN instance can communicate with each other. If you want to enable network communication between network instances that are deployed in different regions, you must purchase a bandwidth plan and allocate bandwidth for inter-region connections.

Note
  • The sum of the bandwidth values set for all the inter-region connections cannot exceed the maximum bandwidth value of the bandwidth plan.
  • By default, CEN provides 1 Kbit/s of inter-region bandwidth that you can use to test the connectivity of inter-region IPv4 networks.
  • When you purchase a bandwidth plan, you must specify the areas that you want to connect. An area is a collection of Alibaba Cloud regions. For more information about bandwidth plans, see Work with a bandwidth plan.
  1. Log on to the CEN console.
  2. On the Instances page, find the CEN instance that you want to manage and click Manage in the Actions column.
  3. Purchase a bandwidth plan.
    1. On the details page of the CEN instance, click Bandwidth Plans.
    2. On the Bandwidth Plans tab, click Purchase Bandwidth Plan (Subscription).
    3. Set the following parameters, click Buy Now, and then complete the payment.
      Parameter Description
      CEN ID Select the CEN instance for which you want to purchase a bandwidth plan.

      After you purchase a bandwidth plan, the system automatically associates the bandwidth plan with the CEN instance.

      Area A Select the areas between which you want to enable inter-region communication.
      Notice After you purchase the bandwidth plan, you cannot change the specified areas.
      Area B
      Billing Method Displays the billing method of the bandwidth plan. Default value: By bandwidth.
      Bandwidth Select a bandwidth value. Unit: Mbit/s.
      Name Enter a name for the bandwidth plan.
      Duration Select a subscription duration for the bandwidth plan.

      You can select Auto-renewal to enable auto-renewal for the bandwidth plan.

      Resource Group Select the resource group to which the bandwidth plan belongs.
  4. Set the inter-region connection bandwidth.
    1. On the details page, click the Region Connections tab.
    2. Click the Region Connections tab, and then click Set Region Connection.
    3. In the Set Region Connection panel, set the following parameters and click OK:
      • Bandwidth Plans: Select the bandwidth plan that you purchased.
      • Connected Regions: Select the regions that you want to connect.
      • Bandwidth: Specify the bandwidth that you want to allocate. Unit: Mbit/s.

Step 4: Test the network connectivity

After you attach the network instances to the CEN instance, you can run the ping command to test the network connectivity.

  1. Log on to the ECS instance. For more information, see Connection methods.
  2. Run the ping command to test whether the ECS instance is connected to the data center. 
    ping 172.16.0.89
    If you receive an echo reply packet, it indicates that the ECS instance and the data center are connected.
  3. Run the ping command to test whether the ECS instance is connected to the branch office. 
    ping 10.0.0.33
    If you receive an echo reply packet, it indicates that the ECS instance and the branch office are connected.

What to do next

  • You can create alert rules in CloudMonitor to monitor the VBRs, bandwidth plans, and bandwidth usage for inter-region connections. Resource exhaustion may disrupt services.
  • Network instances that are attached to a CEN instance can access cloud services through the CEN instance. For more information, see Access cloud services and PrivateZone overview.
  • You can configure route policies to filter and modify routes. This allows you to manage network communication in the cloud. For more information, see Route map overview.