This topic describes how to migrate a virtual border router (VBR) from a peering connection in Express Connect to a Cloud Enterprise Network (CEN) instance. You can use CEN to establish private connections between virtual private clouds (VPCs), and between VPCs and data centers. CEN supports automatic route distribution and learning, which speeds up network convergence, improves the quality and security of cross-network communications, and connects all network resources.
You can perform the following steps to migrate a VBR from a peering connection to a CEN instance:
- If you have configured health checks for the VBR, delete the health check settings in the Express Connect console.
- Log on to CEN console.
- On the Instances page, find the CEN instance that you want to manage and click the ID of the instance.
- Find the section that displays the types of network instances and click the icon next to the network instance that you want to manage.
- On the Connection with Peer Network Instance page, set parameters for the instance, and connect the VPC and VBR instance that you want to migrate. For more information, see Attach network instances to a CEN instance.
- If you want to communicate across regions, purchase a bandwidth plan and configure bandwidth for the communication.
- If you have created route entries that point to Elastic Compute Service (ECS) instances,
virtual private network (VPN) gateways, or high-availability virtual IP addresses
(HAVIPs), publish these routes to the CEN instance in the VPC console based on your
- If your data center needs to access Alibaba Cloud services, such as Object Storage Service (OSS) and Alibaba Cloud DNS PrivateZone, configure the connections in the CEN console.
- Log on to CEN console. On the details page of the transit router, click the Routing Information tab to view the configuration information of the instance. After you attach the VBR
and VPC to the CEN instance, make sure that the routes do not conflict.
The static routes of a peering connection have higher priorities than the dynamic routes of the CEN instance. If a static route is configured for a peering connection, CEN does not learn routes that are more specific than and have the same destination as the static route. We recommend that you split static routes of the peering connection and delete them after CEN learns the routes. This ensures a smooth migration.In the following figure, the route to 192.168.1.0/24 in the CEN instance is more specific than the route to 192.168.0.0/16 of a peering connection. Therefore, the two routes are in conflict.
- If you can tolerate a transient connection error during the migration, delete the
route to 192.168.0.0/16. Then, the route in the CEN instance automatically takes effect.
The duration of the disconnection varies based on the number of CEN routes. For important business scenarios, we recommend that you use the following method to smoothly migrate the VPC.
- If you want to smoothly migrate the VBR, split the route of a peering connection into
routes that are more specific than the route to 192.168.1.0/24 in the CEN instance.
For example, split the route to 192.168.0.0/16 into routes to 192.168.1.0/25 and 192.168.1.128/25.
- On the details page of VBRs in the Express Connect console, find the required VBR, click its ID, and then click the Routes tab.
- Click Add Route to add two routes in which the destination CIDR blocks are 192.168.1.0/25 and 192.168.1.128/25. The next hops are the VPC to which the VBR is connected.
- If Border Gateway Protocol (BGP) is used, advertise the routes to 192.168.1.0/25 and 192.168.1.128/25.
- Delete the route to 192.168.0.0/16 from the peering connection.
- Click Refresh to check whether the routes in the CEN instance take effect.
- Delete the routes to 192.168.1.0/25 and 192.168.1.128/25 from the VBR route table, and delete the advertised BGP routes.
- In the CEN console, configure health checks for the VBR. For more information, see Configure health checks.
- If you can tolerate a transient connection error during the migration, delete the route to 192.168.0.0/16. Then, the route in the CEN instance automatically takes effect.