Transit routers are a key component of Cloud Enterprise Network (CEN), and can forward data within the same region or across regions. You can configure custom routing policies on transit routers to implement inter-region communication, traffic isolation, and traffic redirection. Transit routers help you build flexible, reliable, and large-scale enterprise-class networks on Alibaba Cloud. This topic describes the common scenarios of transit routers.
Intra-region networking
Inter-region networking
| Item | Description |
|---|
| Scenario | You can attach network instances in different regions to the transit routers to implement inter-region communication. |
| Procedure | Create transit routers in the regions that you want to connect to each other, attach network instances to the transit routers in the regions, and then establish an inter-region connection between the transit routers. |
| References | Use Enterprise Edition transit routers to connect VPCs across regions and accounts |
Hybrid-cloud networking
| Item | Description |
|---|
| Scenario | You can attach virtual private clouds (VPCs), virtual border routers (VBRs), Cloud Connect Network (CCN) instances, and IPsec-VPN connections to transit routers, and attach the VBRs, CCN instances, and IPsec-VPN connections to on-premises networks to implement communication between Alibaba Cloud and the on-premises networks, and between the on-premises networks. |
| Procedure | Create transit routers in the regions that you want to connect to each other, attach network instances to the transit routers in the regions, and then establish an inter-region connection between the transit routers. |
| References | Use Enterprise Edition transit routers to enable intra-region communication between on-premises and cloud networks |
Enterprise-class networking
Transit routers support custom networking, isolation, and redirection policies. These are the basic requirements for building an enterprise-class network.
One Internet-facing VPC for all networks
| Item | Description |
|---|
| Scenario | You can create custom routing policies that allow VPCs to access the Internet from the same egress. This simplifies network management and improves the security of your workloads. |
| Procedure | Create transit routers in the regions that you want to connect to each other, attach VPCs to the transit routers in the regions, establish an inter-region connection between the transit routers, and create custom route tables and routes to route network traffic destined for the Internet to the Internet-facing VPC. |
Secure communication among VPCs
| Item | Description |
|---|
| Scenario | You can create custom routing policies to isolate trusted network traffic from untrusted network traffic. Untrusted network traffic is routed to a dedicated VPC for scrubbing before being transmitted over the network. This ensures that only trusted network traffic is transmitted across your network. |
| Procedure | Create transit routers in the regions that you want to connect to each other. Then, attach VPCs to the transit routers in the regions, establish an inter-region connection between the transit routers, and then create custom route tables and routes to route untrusted network traffic to security services in a VPC for scrubbing. |
| References | Use an Enterprise Edition transit router to enable and secure network communication |
Service sharing between CEN instances
| Item | Description |
|---|
| Scenario | A VPC can be attached to multiple transit routers. If you have multiple CEN instances that need to access services in a VPC, you can attach the VPC to the transit router of each CEN instance. These transit routers can forward requests from different CEN instances to the VPC. |
| Procedure | Attach the VPC to the transit router of each CEN instance, and add routes to each transit router to forward requests from different CEN instances to the VPC. |