Express Connect:Use an Express Connect circuit to connect DataWorks to the databases in a data center

Prerequisites

• A VPC and vSwitches are created in the China (Beijing) region. For more information, see Create a VPC with an IPv4 CIDR block.
• DataWorks is activated and an exclusive resource group is created. In this example, an exclusive resource group for data integration is used. For more information, see Activate DataWorks and Create and use an exclusive resource group for Data Integration.
• A VBR and an Express Connect circuit are deployed. The data center is connected to Alibaba Cloud through the VBR and Express Connect circuit. For more information, see Connect to an ECS instance from a data center by using an Express Connect circuit.
• A CEN instance is created. For more information, see Create a CEN instance.

Configuration process

Step 1: Associate an exclusive resource group with the VPC and configure routes

1. Log on to the DataWorks console.
2. In the left-side navigation pane, click Resource Groups.
3. On the Exclusive Resource Groups tab of the Resource Groups page, find the exclusive resource group that you created and click Network Settings in the Actions column.
4. On the VPC Binding tab of the details page, click Add Binding.
5. In the Add VPC Binding panel, set the following parameters and click OK.

   Parameter	Description
   Resource Group Name	Select the current exclusive resource group for data integration.
   VPC	Select the VPC to connect to the databases in the data center. In this example, the VPC created in the China (Beijing) region is selected.
   VSwitch	Select a vSwitch that belongs to the specified VPC to communicate with the databases in the data center. In this example, a vSwitch that belongs to the VPC in the (Beijing) region is selected. Make sure that the vSwitch and the exclusive resource group are deployed in the same zone.
   Security Groups	Security groups allow or deny access from the Internet or a private network to your exclusive resource group. You can select an existing security group that meets your business requirements. In this example, a security group is created in the VPC.

   On the details page of the exclusive resource group, view and record VSwitch CIDR Block and ENI IP Address.
6. On the details page of the exclusive resource group, find the associated VPC and click Custom Route in the Actions column.
7. In the Custom Route panel, click Add Route.
8. In the Add Route dialog box, set the following parameters and click Generate Route.

   Parameter	Description
   Destination Type	Select a destination type. In this example, IDC is selected.
   Connection Method	Select Fixed IP Address or CIDR Block. In this example, CIDR Block is selected.
   Destination CIDR Block	Enter the CIDR block of the on-premises server that hosts the databases.

   After the route is created, you can view the route in the Custom Route panel.

Step 2: Connect the VBR and VPC to the transit router in the China (Beijing) region

After you connect the VBR and VPC to the transit router in the China (Beijing) region, the CEN instance automatically advertises and learns routes to enable network communication between the VPC and data center.

1. Log on to the CEN console.
2. On the Instances page, find the CEN instance that you want to manage and click the instance ID.
3. On the Basic Settings > Transit Router tab, find the transit router that you want to manage and click Create Connection in the Actions column.
4. On the Connection with Peer Network Instance page, set the following parameters and click OK.
   Note The first time you perform this operation, the system automatically creates the service-linked role AliyunServiceRoleForCEN. This role allows transit routers to create elastic network interfaces (ENIs) on vSwitches in VPCs. For more information, see AliyunServiceRoleForCEN.

   Parameter	Description
   Network Type	Select the type of network instance that you want to attach. In this example, VPC is selected.
   Region	Select the region where the network instance is deployed. In this example, China (Beijing) is selected.
   Transit Router	The transit router in the selected region is displayed.
   Resource Owner ID	Select the Alibaba Cloud account to which the network instance belongs. In this example, Your Account is selected.
   Billing Method	By default, transit routers use the Pay-As-You-Go billing method. For more information about the billing rules, see Billing rules.
   Attachment Name	Enter a name for the network connection. In this example, VPC-test is used.
   Networks	Select the VPC that you want to attach. In this example, the VPC in the China (Beijing) region is selected.
   vSwitch	Select a vSwitch in a zone that supports transit routers. In this example, the following vSwitches are selected: Beijing Zone H: vSwitch 1 Beijing Zone G: vSwitch 2
   Advanced Settings	By default, the following advanced features are enabled: Associate with Default Route Table of Transit Router, Propagate System Routes to Default Route Table of Transit Router, and Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC. In this example, the default settings are used.

5. On the Connection with Peer Network Instance page, click Create More Connections.
6. On the Connection with Peer Network Instance page, set the following parameters and click OK.

   Parameter	Description
   Network Type	In this example, Virtual Border Router (VBR) is selected.
   Region	Select the region where the network instance is deployed. In this example, China (Beijing) is selected.
   Transit Router	The transit router in the selected region is displayed.
   Resource Owner ID	Select the Alibaba Cloud account to which the network instance belongs. In this example, Your Account is selected.
   Attachment Name	Enter a name for the VBR connection. In this example, VBR-test is used.
   Networks	Select the ID of the VBR that you want to attach. In this example, the VBR in the China (Beijing) region is selected.
   Advanced Settings	By default, the following advanced features are enabled: Associate with Default Route Table of Transit Router, Propagate System Routes to Default Route Table of Transit Router, and Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC. In this example, the default settings are used.

   After the connections are created, you can view the details about the connections on the Intra-region Connections tab. For more information, see View network instance connections.

Step 3: Configure a route that points to the data center on the VBR

1. Log on to the Express Connect console.
2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
4. On the details page of the VBR, click the Routes tab and click Add Route Entry.
5. In the Add Route Entry panel, set the following parameters and click OK.

   Parameter	Description
   Next Hop Type	Select VPC or Physical Connection Interface. In this example, Physical Connection Interface is selected.
   Destination CIDR Block	Enter the CIDR block to which network traffic is forwarded. In this example, the CIDR block of the data center is used.
   Next Hop	Select the Express Connect circuit used by the data center.
   Description	Enter a description.

Step 4: Configure a route that points to the data center in the VPC

After you enable Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC, the system automatically adds routes whose destination CIDR blocks are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 to the route tables of the VPC. The next hop of the routes is the VPC connection. If the CIDR block of the data center falls within the preceding CIDR blocks, skip this step.

1. Log on to the VPC console.
2. In the left-side navigation pane, click Route Tables.
3. In the top navigation bar, select the region to which the route table that you want to manage belongs.
   In this example, China (Beijing) is selected.
4. On the Route Tables page, find the custom route table that you want to manage and click its ID.
5. On the details page of the custom route table, choose Route Entry List > Custom Route, and click Add Route Entry.
6. In the Add Route Entry panel, set the following parameters and click OK.

   Parameter	Description
   Name	Enter a name for the custom route.
   Destination CIDR Block	Enter the CIDR block to which network traffic is forwarded. In this example, the CIDR block of the data center is used.
   Next Hop Type	Select the next hop type. Transit Router is selected in this example.
   Transit Router	Select the VPC connection on the transit router in the China (Beijing) region.

Step 5: Configure a route that points to the DataWorks resource group in the data center

Configure a route that meets the following requirements in the data center: The next hop is the Express Connect circuit and the destination is the IP address of the elastic network interface (ENI) of the DataWorks resource group in Step 1: Associate an exclusive resource group with the VPC and configure routes. If a firewall is configured in the data center, make sure that the security policies configured on the firewall allow access from the on-premises servers to the ENI of the DataWorks resource group.

Step 6: Test network connectivity

1. Open the CLI on a computer in the data center.
   In this example, a computer that runs Linux is used.
2. Run the ping command to test the connectivity between the data center and the ENI of the DataWorks resource group in Step 1: Associate an exclusive resource group with the VPC and configure routes.
   If echo reply packets are returned, it indicates that the destination is reachable.

Step 7: Test the DataWorks service

After you verify the network connectivity, you can perform data integration tasks by using DataWorks. For more information, see Overview.