After you connect a virtual border router (VBR) or a Cloud Connect Network (CCN) instance
to a transit router, the on-premises network associated with the VBR or CCN instance
can access cloud services on Alibaba Cloud by using the transit router.
Background information
Cloud services refer to the Alibaba Cloud services that use the 100.64.0.0/10 CIDR
block to provide services. These cloud services include Object Storage Service (OSS),
Log Service, and Data Transmission Service (DTS). If your on-premises network needs
to access cloud services, you must connect the VBR or CCN instance associated with
the on-premises network to a transit router, and connect a virtual private cloud (VPC)
in the region where the cloud services are deployed to the transit router. After you
connect the VPC to the transit router, your on-premises network can use the transit
router to access the VPC in the region where the cloud services are deployed, and
access the cloud services through the VPC.
Limits
An on-premises network associated with a VBR can use a transit router to access only
the cloud services that are deployed in the same region as the on-premises network.
For example, if cloud services are deployed in the China (Beijing) region, only on-premises
networks connected to VBRs in the China (Beijing) region can access the cloud services.
Enable access to a cloud service on an Enterprise Edition transit router
Enable access to a cloud service
- Log on to the CEN console.
- On the Instances page, find the CEN instance that you want to manage and click the instance ID.
- On the tab, click the ID of the transit router in the region where the cloud service that
you want to access is deployed.
- On the details page of the transit router, click the Route Table tab.
- On the Route Table tab, click the ID of the route table to which you want to add the back-to-origin
route, click the Route Entry tab, and then click Add Route Entry.
- In the Add Route Entry dialog box, set the following parameters and click OK.
Parameter |
Description |
Route Table |
By default, the current route table is selected. |
Transit Router |
By default, the current transit router is selected. |
Name |
Enter a name for the route entry. |
Destination CIDR |
Enter the IP address or CIDR block that the cloud service uses to provide services.
For example, OSS buckets in the China (Hangzhou) region use the CIDR block 100.118.28.0/24.
|
Blackhole Route |
Select whether to specify the route as a blackhole route. Valid values:
- Yes: specifies that the route is a blackhole route. All traffic destined for this route
is dropped.
- No: specifies that the route is not a blackhole route. In this case, you must specify
the next hop of the route.
No is selected in this example.
|
Next Hop |
Select the next hop type.
Select the ID of the VPC connection on the transit router.
|
Description |
Enter a description for the route. |
Note Typically, a cloud service uses multiple IP addresses or CIDR blocks. Repeat the preceding
steps to add all the IP addresses or CIDR blocks of the cloud service.
Disable access to a cloud service
- Log on to the CEN console.
- On the Instances page, find the CEN instance that you want to manage and click the instance ID.
- On the tab, click the ID of the transit router in the region where the cloud service that
you want to access is deployed.
- On the details page of the transit router, click the Route Table tab.
- In the left-side section of the Route Table tab, click the route table that you want to manage. In the Route Table Details section, click the Route Entry tab and find the route that points to the cloud service.
- Click Delete in the Actions column. In the Delete Route Entry message, click OK.
Enable access to a cloud service on a Basic Edition transit router
Enable access to a cloud service
- Log on to the CEN console.
- On the Instances page, find the CEN instance that you want to manage and click the instance ID.
- On the tab, click the ID of the transit router in the region where the cloud service that
you want to access is deployed.
- On the transit router details page, click the Cloud Services tab.
- On the Cloud Services tab, click Configure AnyTunnel.
- In the Configure AnyTunnel dialog box, set the parameters and click OK.
Parameter |
Description |
Service IP Address |
Enter the IP address or CIDR block that the cloud service uses to provide services,
for example, 100.118.28.0/24.
|
Service Region |
Select the region where the cloud service is deployed. |
Host VPC |
Select the VPC that is connected to the transit router. |
Access Region |
Select the region where the VBR or CCN instance that needs to access the cloud service
is deployed.
|
Description |
Enter a description for the cloud service. |
Note Typically, a cloud service uses multiple IP addresses or CIDR blocks. Repeat the preceding
steps to add all the IP addresses or CIDR blocks of the cloud service.
Disable access to a cloud service
- Log on to the CEN console.
- On the Instances page, find the CEN instance that you want to manage and click the instance ID.
- On the tab, click the ID of the transit router in the region where the cloud service that
you want to access is deployed.
- On the transit router details page, click the Cloud Services tab.
- On the Cloud Services tab, find the cloud service that you want to manage and click Delete in the Actions column.
- In the Delete Route Service message, click OK.