This topic describes how to configure equal-cost multi-path routing (ECMP). If a 100 Gbit/s Express Connect circuit cannot handle the traffic spikes to your workloads, you can use multiple Express Connect circuits to configure ECMP. This increases the bandwidth of your service and simplifies how you establish connections between your data center and Alibaba Cloud. ECMP allows network traffic with the same source and destination to be distributed across multiple paths. This prevents network congestion and optimizes resource utilization.

Scenario

The following example shows how to configure ECMP between a data center and Alibaba Cloud:

A company has a data center in Shanghai and a virtual private cloud (VPC) in the China (Shanghai) region. The private CIDR block of the data center is 172.16.0.0/12, and the CIDR block of the VPC is 192.168.0.0/16. To prevent bandwidth bottlenecks, the company applies for two Express Connect circuits from different connectivity providers to connect the data center to Alibaba Cloud.

ECMP architecture

The following table describes the configurations of the virtual border router (VBR) that is associated with the Express Connect circuits.

Configuration Express Connect circuit pconn-1 Express Connect circuit pconn-2
VLAN ID 0 0
Peer IPv4 Address of Gateway at Alibaba Cloud Side 10.4.4.1 10.4.5.1
Peer IPv4 Address of Gateway at Customer Side 10.4.4.2 10.4.5.2
Subnet Mask (IPv4 Address) 255.255.255.252 255.255.255.252

Background information

Cloud Enterprise Network (CEN) automatically learns and distributes routes. After you configure routes, CEN automatically learns and advertises the routes to attached network instances. The following content describes how CEN learns routes:

Note You can create static routes or configure Border Gateway Protocol (BGP) routing based on your network requirements. The configuration varies based on the routing option that you select:
  • To add a static route to the VBR, you must set the destination CIDR block of the route to the CIDR block of the data center. To configure BGP routing in the VBR, set the IP address of the BGP peer to the IPv4 address of the data center-side gateway.
  • To create a static route in the data center, you must set the destination CIDR block of the route to the CIDR block of the VPC. To configure BGP routing in the data center, set the IP address of the BGP peer to the IPv4 address of the Alibaba Cloud-side gateway.

This topic describes how to configure BGP routing.

  • BGP route configuration on the VBR
    Destination CIDR block Next hop
    VBR route 1
    172.16.0.0/12 10.4.4.2
    VBR route 2
    172.16.0.0/12 10.4.5.2

    The preceding table describes the routes that the VBR learns from the BGP peer. After you attach the VBR to a CEN instance, the routes that the VBR learns from the data center are automatically advertised to the CEN instance.

  • Global route configuration
    Destination CIDR block Next hop
    VBR route 1
    172.16.0.0/12 10.4.4.2
    VBR route 2
    172.16.0.0/12 10.4.5.2
    CEN route table
    172.16.0.0/12 VBR
    192.168.0.0/16 VPC
    • After you attach the VBR and the VPC to a CEN instance, the routes that the VBR learns from the data center are automatically advertised to the CEN instance. Then, network instances such as the VPC attached to the CEN instance can learn the routes.
    • CEN also advertises its routes to BGP. Therefore, you can view the CEN routes in the BGP route table in the data center. For example, you can view the routes whose next hops are the two interfaces on the VBR.

Prerequisites

Your data center is connected to Alibaba Cloud through Express Connect circuits. The Express Connect circuits must meet the following requirements. For more information, see Create a dedicated connection over an Express Connect circuit.

  • The Express Connect circuits are associated with the same VBR.
  • The Express Connect circuits are enabled.
  • The bandwidth limits of the Express Connect circuits are the same.

Step 1: Create a VBR for the Express Connect circuits

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Exclusive Physical Connection in the left-side navigation pane.
  3. On the Physical Connections page, click the ID of the Express Connect circuit for which you want to create a VBR. Make sure that the Express Connect circuit is enabled. In this example, pconn-1 is selected.
  4. On the details page of the Express Connect circuit, click Create VBR.
  5. In the Create VBR panel, set the following parameters and click OK:
    • Account: Specify the type of account for which you want to create the VBR. In this example, Current Account is selected.
    • Name: Enter a name for the VBR.
    • Physical Connection Interface: Select the Express Connect circuit that you want to associate with the VBR. The Express Connect circuit must be enabled and work as expected. In this example, pconn-1 is selected.
    • VLAN ID: Enter the VLAN ID of the VBR. In this example, 0 is entered.
    • Peer IPv4 Address of Gateway at Alibaba Cloud Side: Specify an IPv4 address for the VBR. In this example, 10.4.4.1 is entered.
    • Peer IPv4 Address of Gateway at Customer Side: Specify an IPv4 address for the gateway device in the data center. In this example, 10.4.4.2 is entered.
    • Subnet Mask (IPv4 Address): Enter the subnet mask of the specified IPv4 addresses. In this example, 255.255.255.252 is entered.

Step 2: Associate the VBR with another Express Connect circuit

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Exclusive Physical Connection in the left-side navigation pane.
  3. On the Physical Connections page, click the ID of the Express Connect circuit that is already associated with the VBR. In this example, pconn-1 is selected.
  4. On the details page of the Express Connect circuit, click the ID of the VBR.
  5. On the Physical Connection Interfaces tab, click Add Physical Connection Interface.
  6. In the Add Physical Connection Interface panel, set the following parameters to add another Express Connect circuit and click OK:
    • Physical Connection Interface: Select another Express Connect circuit that you want to associate with the VBR. The Express Connect circuit must be enabled and work as expected. In this example, pconn-2 is selected.
    • VLAN ID: Enter the VLAN ID of the VBR. In this example, 0 is entered.
    • Peer IPv4 Address of Gateway at Alibaba Cloud Side: Specify another IPv4 address for the VBR. In this example, 10.4.5.1 is entered.
    • Peer IPv4 Address of Gateway at Customer Side: Specify another IPv4 address for the gateway device in the data center. In this example, 10.4.5.2 is entered.
    • Subnet Mask (IPv4 Address): Enter the subnet mask of the specified IPv4 addresses. In this example, 255.255.255.252 is entered.

Step 3: Configure BGP routing in the VBR

To configure BGP routing between the data center and the VBR, you must add the BGP peer that communicates with the VBR to a BGP group, and then advertise the BGP CIDR block to the VBR.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Create a BGP group.
    1. Click the BGP Groups tab and click Create BGP Group.
    2. Set the following parameters of the BGP group and click OK.
      Parameter Description
      Support IPv6 Specify whether to enable IPv6 support.

      In this example, No is selected.

      Name Enter a name for the BGP group.
      Peer ASN Enter the Autonomous System Number (ASN) of the data center.
      BGP Key Enter the key of the BGP group.
      Description Enter a description for the BGP group.
  5. Create a BGP peer.
    1. Click the BGP Peers tab and click Create BGP Peer.
    2. Set the parameters of the BGP peer and click OK.
      Parameter Description
      BGP group Select the BGP group that you created.
      BGP peer IP address Enter the IP address of the BGP peer. In this example, a data center-side gateway IP address is entered, which is 10.4.4.2.
      Enable BFD In this example, Bidirectional Forwarding Detection (BFD) is disabled.
  6. Repeat the steps in 5 to create a BGP peer for pconn-2.
    In this example, the IP address of the BGP peer for pconn-2 is set to 10.4.5.2 and BFD is disabled.

Step 4: Attach the VPC and the VBR to a CEN instance

You must attach the VPC and the VBR to the same CEN instance.

  1. Log on to the CEN console.
  2. On the Instances page, click the ID of the CEN instance that you want to manage.
    If you do not have a CEN instance, create one. For more information, see Create a CEN instance.
  3. Click the Networks tab and click Attach Network.
  4. In the Attach Network panel, click the Your Account tab to attach the VBR, and then click OK.
    • Network Type: Select the type of network instance that you want to attach. In this example, Virtual Border Router (VBR) is selected.
    • Region: Select the region where the VBR is deployed.
    • Networks: Select the ID of the VBR.
  5. Repeat the preceding steps to attach the VPC to the CEN instance.
    Notice If you have created routes that point to Elastic Compute Service (ECS) instances, virtual private network (VPN) gateways, or high-availability virtual IP addresses (HAVIPs), you must advertise these routes to the CEN instance in the VPC console. For more information, see Publish a route to CEN.

Step 5: Configure routing in the data center

You must configure BGP routing in the data center so that BGP routes can be advertised to Alibaba Cloud. The CIDR block of the data center is 172.16.0.0/12. The following table describes how to configure BGP routing on the two pieces of customer-premises equipment (CPE) in the data center. For more information about the configurations, contact the CPE vendor.

Configuration CPE1 CPE2
VLAN ID 0 0
Network 172.16.0.0/12 172.16.0.0/12
BGP ASN 65000 65000
PEER BGP ASN 45104 45104
Interface IP 10.4.4.2/30 10.4.5.2/30

Step 6: Verify network connectivity

After you establish the connections, you must verify the reachability of the connections.

  1. Open the command-line interface on a computer in the data center.
  2. Run the ping command to verify the connectivity between the data center and an ECS instance in the VPC whose CIDR block is 192.168.0.0/16.
    If echo reply packets are returned, it indicates that the connection is reachable.
  3. To check whether active/active connections are established between the data center and Alibaba Cloud, run the tracert command to query the routes through which packets are sent.
    The tracert command varies based on the device. For more information about the command, contact the vendor.