Connect branches to a data center by using CEN - Cloud Enterprise Network

This topic describes how to use route maps of Cloud Enterprise Network (CEN) to connect the branches of an enterprise to the data center of the enterprise.

Prerequisites

Before you configure route maps, make sure that the following requirements are met:

A Cloud Connect Network (CCN) instance is created. Smart Access Gateway (SAG) instances that are created for the branches are attached to the CCN instance. For more information, see Create a CCN instance and Associate a CCN instance with an SAG instance.
A CEN instance is created. The network instances that you want to connect are attached to the CEN instance. For more information, see Create a CEN instance and Attach network instances to a CEN instance.
A bandwidth plan is purchased and the bandwidth for cross-region communication is allocated. For more information, see Purchase a bandwidth plan and Set the cross-region bandwidth.

Background information

The system automatically adds a default route map to the transit router of a CEN instance. The priority value of the default route map is 5000 and the action policy is deny. This route map forbids the virtual border routers (VBRs) and the CCN instances that are attached to the CEN instance to communicate with each other. However, in some scenarios, you may need to allow the VBRs and the CCN instances that are attached to the CEN instance to communicate with each other.

Notice If you delete the default route map, routing loops may occur. Proceed with caution.

Connect branches to a data center by using CEN

The proceeding figure shows that the data center of an enterprise is deployed in the China (Beijing) region. The data center is connected to Alibaba Cloud by using a VBR. A branch of the enterprise (Branch 1) is located in the China (Shanghai) region. Another branch of the enterprise (Branch 2) is located in the China (Hangzhou) region. Branch 1 is connected to a CCN instance by using an SAG instance (SAG 1). Branch 2 is connected to the same CCN instance by using another SAG instance (SAG 2). By default, the data center cannot communicate with Branch 1 and Branch 2. You can configure a route map to allow the data center and Branch 1 to communicate with each other.

Step 1: Configure a route map to allow the data center to access Branch 1

To configure a route map to allow the data center to access Branch 1, perform the following operations:

Log on to the CEN console.
On the Instances page, find the CEN instance that you want to manage and click the ID of the instance.
On the instance details page, find the region where you want to add a route map and click the ID of the transit router deployed in the region.
On the details page of the transit router, click the Route Table tab and click Route Maps.
On the Route Maps page, click Add Route Map. Set the following parameters and click OK.
- Route Map Priority: Enter a priority value for the route map. A lower value indicates a higher priority. In this example, 20 is entered.
- Region: Select the region where the route map is applied. In this example, China (Beijing) is selected.
- Transmit Direction: Select the direction of the route map. In this example, Export from Regional Gateway is selected.
- Match Conditions: Set the match conditions of routes. The following match conditions are set:
  - Source Instance IDs: Select the ID of SAG 1.
  - Target Instance IDs: Select the ID of the VBR.
  - Route Prefix: Enter 172.16.0.0/24.
- Action Policy: Select the action that you want to perform on a route if the route meets all match conditions. In this example, Permit is selected.
After you add the route map, you can view the route that allows the data center to access Branch 1 on the Routing Information tab.

Step 2: Configure a route map to allow the CCN instance to access the data center

To configure a route map to allow the CCN instance to access the data center, perform the following operations:

Log on to the CEN console.
On the Instances page, find the CEN instance that you want to manage and click the ID of the instance.
On the instance details page, find the region where you want to add a route map and click the ID of the transit router deployed in the region.
On the details page of the transit router, click the Route Table tab and click Route Maps.
On the Route Maps page, click Add Route Map. Set the following parameters and click OK.
- Route Map Priority: Enter a priority value for the route map. A lower value indicates a higher priority. In this example, 20 is entered.
- Region: Select the region where the route map is applied. In this example, Mainland China CCN is selected.
- Transmit Direction: Select the direction of the route map. In this example, Export from Regional Gateway is selected.
- Match Conditions: Set the match conditions of routes. The following match conditions are set:
  - Source Instance IDs: Select the ID of the VBR.
  - Target Instance IDs: Select the ID of the CCN instance.
  - Route Prefix: Enter 192.168.0.0/24.
- Action Policy: Select the action that you want to perform on a route if the route meets all match conditions. In this example, Permit is selected.
After you add the route map, you can view the route that allows the CCN instance to access the data center on the Routing Information tab.

Step 3: Test the connectivity

To test the connectivity between the data center and Branch 1, perform the following operations:

Open the command prompt on a PC in the data center.
Run the ping command to ping the IP address of a PC in Branch 1.
The result indicates that the data center can access Branch 1.
Open the command prompt on a PC in Branch 1.
Run the ping command to ping the IP address of a PC in the data center.
The result indicates that Branch 1 can access the data center.

To test the connectivity between the data center and Branch 2, perform the following operations:

Open the command prompt on a PC in the data center.
Run the ping command to ping the IP address of a PC in Branch 2.
The result indicates that the data center cannot access Branch 2.