This topic describes how to connect a virtual border router (VBR) to a transit router of Cloud Enterprise Network (CEN) in the same region. After you connect a VPC to a transit router, you can use the transit router to establish private network connections.

Background information

You can connect a transit router to a VBR that belongs to the same or a different Alibaba Cloud account. If you want to connect a transit router to a VBR that belongs to a different Alibaba Cloud account, make sure that the following requirements are met:
  • The Alibaba Cloud account that owns the transit router and the Alibaba Cloud account that owns the VBR belong to the same enterprise.
  • The Alibaba Cloud account that owns the transit router is granted the permissions to create cross-account VBR connections. For more information, see Grant permissions to another Alibaba Cloud account.

Connect a VBR to an Enterprise Edition transit router

  1. Log on to the CEN console.
  2. On the Instances page, find the CEN instance that you want to manage and click the instance ID.
  3. On the details page of the CEN instance, you can use one of the following methods to navigate to the Connection with Peer Network Instance page and create a network instance connection.
    • On the Basic Settings tab, click Add next to VBR.
      Note If no transit router is created for the CEN instance, you can use this method to create the first network instance connection.
    • On the Basic Settings > Transit Router tab, find a transit router and click Create Connection in the Actions column.
  4. On the Connection with Peer Network Instance page, set the following parameters and click OK.
    Parameter Description
    Network Type Select Virtual Border Router (VBR).
    Region Select the region where the network instance is created.
    Transit Router Displays transit routers that are created in the selected region.

    If no transit router is found in the selected region, the system automatically creates a transit router.

    Resource Owner ID Specify whether the network instance belongs to the current or another Alibaba Cloud account.
    • If the network instance that you want to connect and the CEN instance belong to the same account, select Your Account.
    • If the network instance that you want to connect and the transit router belong to different accounts, select Different Account and enter the ID of the network instance owner.
    Attachment Name Enter a name for the connection.

    The name must be 2 to 128 characters in length, and can contain digits, underscores (_), and hyphens (-). It must start with a letter.

    Networks Select the ID of the VBR that you want to connect.
    Advanced Settings When you create a VBR connection, the system automatically enables the following features in the advanced settings:
    • Associate with Default Route Table of Transit Router

      After this feature is enabled, the VBR connection is automatically associated with the default route table of the transit router. The transit router forwards the traffic of the VBR based on the default route table.

    • Propagate System Routes to Default Route Table of Transit Router

      After this feature is enabled, the system routes of the VBR are automatically advertised to the default route table of the transit router.

    • Propagate Routes to VBR

      After this feature is enabled, the system automatically advertises the routes in the route table that is associated with the VBR connection to the VBR.

    To manually disable the features, clear the check boxes in the advanced settings. After the features are disabled, you can manually associate the VPC with route tables and configure route learning. For more information, see Associated forwarding and Route learning.

Connect a VBR to a Basic Edition transit router

  1. Log on to the CEN console.
  2. On the Instances page, find the CEN instance that you want to manage and click the instance ID.
  3. On the details page of the CEN instance, you can use one of the following methods to navigate to the Connection with Peer Network Instance page and create a network instance connection.
    • On the Basic Settings tab, click Add next to VBR.
      Note If no transit router is created for the CEN instance, you can use this method to create the first network instance connection.
    • On the Basic Settings > Transit Router tab, find a transit router and click Create Connection in the Actions column.
  4. On the Connection with Peer Network Instance page, set the following parameters and click OK.
    Parameter Description
    Network Type Select Virtual Border Router (VBR).
    Region Select the region where the network instance is created.
    Transit Router Displays transit routers that are created in the selected region.

    If no transit router is found in the selected region, the system automatically creates a transit router.

    Resource Owner ID Specify whether the network instance belongs to the current or another Alibaba Cloud account.
    • If the network instance that you want to connect and the CEN instance belong to the same account, select Your Account.
    • If the network instance that you want to connect and the transit router belong to different accounts, select Different Account and enter the ID of the network instance owner.
    Networks Select the ID of the network instance that you want to connect.

FAQ

What do I do if the system prompts DEVICE_MODEL_FORBIDDEN when I create a VBR connection?

The following figure shows the DEVICE_MODEL_FORBIDDEN error message. This error message indicates that the underlying access device does not allow you to connect VBRs to transit routers. You can submit a ticket to request Alibaba Cloud to connect your VBR to your transit router. VBR connection error

References