This topic describes how to migrate a virtual border router (VBR) from a peering connection in Express Connect to a Cloud Enterprise Network (CEN) instance. CEN allows you to enable communication between VPCs and between VPCs and on-premises data centers by using internal network connections. CEN automatically learns and distributes routes to quickly adapt to network changes. This improves the quality of cross-network communication.
If you want to migrate the VBR to an existing CEN instance, make sure that the overlapping routing function is enabled for the CEN instance.
To migrate a VBR from a peering connection to a CEN instance, perform the following steps:
- If you have configured health checks for the VBR, delete the health check settings in the Express Connect console.
- Log on to the CEN console.
- On the Instances page, find the required CEN instance and click its ID.
- On the Networks tab, click Attach Network to attach the VBR that you want to migrate and the VPC that is connected to the VBR. For more information, see Attach networks.
- If you want to communicate across regions, purchase a bandwidth plan and configure
bandwidth for the communication.
For more information, see Set a cross-region bandwidth.
- If you have added routes that point to high-availability virtual IP addresses (HAVIPs) or IP addresses of ECS instances and VPN gateways, go to the VPC console and advertise these routes to the CEN instance based on your connection requirements.
- If your on-premises data center needs to access Alibaba Cloud services, such as Object
Storage Service (OSS) and PrivateZone, configure the connections in the CEN console.
For more information, see Configure PrivateZone access.
- Log on to the CEN console and click the ID of the required CEN instance. Then, click the Routes tab to view the route information. Make sure that the routes do not conflict after
you attach the VBR and VPC to the CEN instance.
The static routes configured in the peering connection have higher priorities than the dynamic routes of the CEN instance. Specifically, if a static route is configured in the peering connection, CEN does not learn routes that are more specific than the static route and have the same destination as the static route. We recommend that you split static routes in the peering connection and delete them after CEN learns the routes. This ensures smooth migration.In the following figure, the route to 192.168.1.0/24 in the CEN instance is more specific than the route to 192.168.0.0/16 in the peering connection. Therefore, the two routes are in conflict.
- If you can tolerate a transient network interruption during the migration, delete
the route to 192.168.0.0/16. Then, the route in the CEN instance automatically takes
The duration of the network interruption varies based on the number of CEN routes. For important business scenarios, we recommend that you use the following method to smoothly migrate the VBR.
- If you want to smoothly migrate the VBR, split the route in the peering connection
into routes more specific than the route to 192.168.1.0/24 in the CEN instance. For
example, split the route to 192.168.0.0/16 in the peering connection into routes to
192.168.1.0/25 and 192.168.1.128/25.
- In the Express Connect console, click Virtual Border Routers (VBRs). Find the required VBR, click its ID, and click the Routes tab.
- Click Add Route to add two routes in which the destination CIDR blocks are 192.168.1.0/25 and 192.168.1.128/25 and the next hops are the VPC to which the VBR is connected.
- If BGP is used, advertise the routes to 192.168.1.0/25 and 192.168.1.128/25.
- Delete the route to 192.168.0.0/16 in the peering connection.
- Click Refresh to check whether the routes in the CEN instance take effect.
- Delete the routes to 192.168.1.0/25 and 192.168.1.128/25 in the VBR route table and the advertised BGP routes.
- In the CEN console, configure health checks for the VBR. For more information, see Configure health checks.
- If you can tolerate a transient network interruption during the migration, delete the route to 192.168.0.0/16. Then, the route in the CEN instance automatically takes effect.