You can connect a data center to Alibaba Cloud through a standby Express Connect circuit. Then, the data center can communicate with Alibaba Cloud virtual private clouds (VPCs) over high-quality, reliable, and private connections. Alibaba Cloud supports at most four Express Connect circuits to achieve equal-cost multi-path (ECMP) routing.

Scenarios

The following example is used in this topic to describe how to connect a data center to Alibaba Cloud through a standby Express Connect circuit.

A company has a data center in Beijing with a private CIDR block of 172.16.0.0/12. The company also has a VPC deployed in the China (Hangzhou) region with a CIDR block of 192.168.0.0/16. To eliminate single points of failure (SPOFs), the company plans to apply for two Express Connect circuits from two connectivity providers. The Express Connect circuits are used to connect the data center to Alibaba Cloud access points in Beijing.

Scenario

Step 1: Create two connections over Express Connect circuits

In this example, two dedicated connections are created. For more information, see Create and manage a dedicated connection over an Express Connect circuit.

When you apply for the second Express Connect circuit, you may need to specify a redundant Express Connect circuit based on the access point.
  • If you want to connect the Express Connect circuits to the same access point, you must specify the redundant Express Connect circuit. Set Redundant Connection ID to the ID of the first Express Connect circuit. This way, the Express Connect circuits will be connected to different access devices.
  • If you want to connect the Express Connect circuits to different access points, you do not need to specify the redundant Express Connect circuit. In this case, you do not need to specify Redundant Connection ID.

    In this example, the Express Connect circuits are connected to different access points.

Step 2: Create VBRs for both Express Connect circuits

After both Express Connect circuits are enabled, you must create a virtual border router (VBR) for each Express Connect circuit. A VBR is used to transfer data between the VPC and the data center.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, click Create VBR.
  4. In the Create VBR panel, set the following parameters and click OK.
    Parameter Description
    Account Specify whether to create a VBR for the current or another Alibaba Cloud account. By default, Current account is selected. If you use the default setting, the VBR that you create belongs to the account with which you are logged on.
    Name

    Enter a name for the VBR.

    In this example, VBR1 is used.

    Physical Connection Interface Select the type of Express Connect circuit to be associated with the VBR. Then, select an Express Connect circuit that is installed and enabled from the drop-down list.

    Valid values:

    • Dedicated Physical Connection: a dedicated Express Connect circuit
    • Shared Physical Connection: a shared Express Connect circuit
    In this example, Dedicated Physical Connection is selected and Express Connect circuit 1 is selected.
    VLAN ID Enter the VLAN ID of the VBR. Valid values: 0 to 2999.

    0 is used in this example.

    Set VBR Bandwidth Value Set the maximum bandwidth of the VBR.

    In this example, 200Mb is used.

    IPv4 Address (Alibaba Cloud Gateway) Specify an IPv4 address for the VBR to route network traffic between the VPC and the data center. IPv4 Address (Alibaba Cloud Gateway) and IPv4 Address (Data Center Gateway) must belong to the same CIDR block. 10.100.0.1 is used in this example.
    IPv4 Address (Data Center Gateway) Specify an IPv4 address for the gateway device in the data center to route network traffic between the VPC and the data center.
    Note To allow services in the VPC to access a specified gateway IP address, you must add a route to the route table of the VBR. Set the destination CIDR block to the CIDR block to which the specified gateway IP address belongs and the next hop to the Express Connect circuit. For more information about how to add a route, see Add a custom route.
    10.100.0.10 is used in this example.
    Subnet Mask (IPv4) Enter the subnet mask of the specified IPv4 addresses. You can enter a long subnet mask because only two IP addresses are required. 255.255.255.0 is used in this example.
  5. Repeat the preceding steps to create VBR2 for Express Connect circuit 2.

Step 3: Create VBR-to-VPC connections

When you establish a standby connection, you must create two VBR-to-VPC connections to forward traffic.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and choose VPC Peering Connections > VBR-to-VPC in the left-side navigation pane.
  3. On the VBR-to-VPC page, click Create Peering Connection.
  4. On the Express Connect (Subscription) page, set the following parameters to create a connection between VBR1 and the VPC. Then, click Buy Now.
    Parameter Description
    Billing Method

    Select a billing method for the peering connection. In this example, Subscription is selected.

    Account
    Specify whether to create a connection between a VBR and a VPC within the same Alibaba Cloud account or across different accounts.
    • Same-account: The VBR and the VPC belong to the same Alibaba Cloud account. In this case, the system creates initiator and acceptor router interfaces, and automatically establishes the connection.
    • Cross-account: The VBR and the VPC belong to different Alibaba Cloud accounts. In this case, you must create initiator and acceptor router interfaces, and initiate a connection request from the initiator.
    In this example, Same-account is selected.
    Connection Type

    Select the type of connection that you want to create. In this example, VBR-to-VPC is selected.

    Role

    Select the type of router interface that you want to create. By default, Create Initiator and Receiver is selected. In this case, the system automatically creates the initiator and acceptor router interfaces.

    Router type By default, VBR is selected. This specifies that the connection is initiated from the VBR.
    Region Select the region where the VBR is deployed.
    Access Point Select the access point to which the VBR is connected.
    Local VBR ID Select the ID of the VBR from the drop-down list.
    Peer Region Select the region where the VPC is deployed.
    Peer Router Type By default, VRouter is selected. This specifies that the connection is accepted by a VPC.
    Peer VPC ID Select the ID of the VPC from the drop-down list.
    Bandwidth Specify the maximum bandwidth.

    You do not need to specify the maximum bandwidth of the acceptor. The default bandwidth is used.

    Validity Select a subscription duration.

    You must select a subscription duration when you create a subscription peering connection. You can also select the Auto-renewal check box to enable auto-renewal.

  5. On the Confirm Order page, confirm the information, select Terms of Service, and then complete the payment.
    After the connection is established, the status of the initiator and the acceptor changes to Activated.
  6. Repeat the preceding steps to create a connection between VBR2 and the VPC.

Step 4: Configure IP addresses for health checks

Alibaba Cloud sends a ping packet every 2 seconds from each source IP address to the destination of the data center. If no responses are returned in one Express Connect circuit after eight consecutive ping packets, the system automatically switches to the other Express Connect circuit. You must configure IP addresses for health checks in the router interface of the VPC.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and choose VPC Peering Connections > VBR-to-VPC in the left-side navigation pane.
  3. On the VBR-to-VPC page, find the VBR-to-VPC connection that you want to manage and choose More > Health Check in the Actions column.
  4. In the Health Check panel, click Settings.
  5. In the Edit VBR panel, set the following parameters and click OK:
    Parameter Description
    Source IP Specify an idle IP address of the VPC as the source IP address for health checks.
    Destination IP Specify a destination IP address for health checks. We recommend that you enter the IP address of a network device interface of the data center.
    Send Packet Every (Seconds) Specify the interval at which probe packets are sent. Unit: seconds. Recommended value: 2. In this case, Alibaba Cloud sends a probe packet every 2 seconds from the source IP address to the destination IP address.
    Packets Detected Specify the number of probe packets to be sent. Recommended value: 8. In this case, if no response is returned after 8 packets are consecutively sent to an Express Connect circuit, network traffic is switched to another connection. If throttling is configured on the on-premises gateway device, make sure that the packet rate limit allows at least 500 packets from the specified source IP address per second.
  6. Repeat the preceding steps to configure health check IP addresses for the other VBR-to-VPC connection.
    Note In scenarios in which multiple VPCs are used, you must configure health check IP addresses for each router interface of the VPCs that are connected to the standby Express Connect circuit. Otherwise, the standby Express Connect circuit cannot work as expected.

Step 5: Add routes

After you create VPC router interfaces, you must configure routes that point to the data center for the VPC router interfaces. Then, you must configure routes that point to the VPC and the Express Connect circuits for the VBR router interfaces. In addition, you must configure routes that point to the VPC for the access devices of the data center. After you configure the preceding routes, the data center can connect to the VPC.

  1. Configure a route for the VPC to redirect traffic from the VPC to the data center (172.16.0.0/12) to the VBR.
    1. Log on to the Express Connect console.
    2. In the top navigation bar, select the region and choose VPC Peering Connections > VBR-to-VPC in the left-side navigation pane.
    3. On the VBR-to-VPC page, find the acceptor and click Route Configuration.
    4. In the Basic Information panel, click Add Peer Route.
    5. In the Destination CIDR Block field, enter 172.16.0.0/12, which is the CIDR block of the data center. Then, click OK.
  2. Configure a route for the VBR to forward traffic from the VBR to the data center (172.16.0.0/12) to the Express Connect circuit.
    1. Log on to the Express Connect console.
    2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
    3. On the Virtual Border Routers (VBRs) page, click the ID of VBR1.
    4. Click the Route Entry tab, and click Add Route Entry on the Route Entry tab.
    5. Set the following parameters and click OK.
      Parameter Description
      Next Hop Type Select Physical Connection Interface.
      Destination CIDR Block Enter the CIDR block of the data center. In this example, 172.16.0.0/12 is used.
      Next Hop Select Express Connect circuit 1 that is created in Step 1: Create two connections over Express Connect circuits .
  3. Add a route to forward traffic from the VBR to the VPC (192.168.0.0/16) to the VPC.
    1. Log on to the Express Connect console.
    2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
    3. On the Virtual Border Routers (VBRs) page, click the ID of VBR1.
    4. Click the Route Entry tab, and click Add Route Entry on the Route Entry tab.
    5. Set the following parameters and click OK.
      Parameter Description
      Next Hop Type Select VPC.
      Destination CIDR Block Enter the CIDR block of the VPC. In this example, 192.168.0.0/16 is used.
      Next Hop Select the VPC that you created.
  4. Repeat the preceding step to configure routes that point to the VPC and the data center for VBR2.
  5. Configure routes for the data center to forward traffic from the data center to the VBR. You can configure static routing or Border Gateway Protocol (BGP) dynamic routing.
    • Static routing

      Example:

        ip route 192.168.0.0/16 10.100.0.1
        ip route 192.168.0.0/16 10.100.1.1
    • Dynamic Routing

      Create a BGP group, add BGP peers to the BGP group, and then advertise BGP CIDR blocks. For more information, see Configure BGP.

      You must advertise the CIDR block of the VPC which needs to communicate with the data center. In this example, 192.168.0.0/16, which is the VPC CIDR block, is advertised.

Step 6: Test the connectivity

After you complete the preceding steps, you can test the data transfer rate of the Express Connect circuits to ensure that your business requirements are met. For more information, see Test the network performance of an Express Connect circuit.