This topic describes the limits and requirements for Express Connect. Review these limits before you configure dedicated connections.
Resource quotas
For more information, see Express Connect quotas.
Network requirements
To connect a data center to Alibaba Cloud over an Express Connect circuit, the CIDR blocks of Alibaba Cloud services and the data center must not conflict with each other. The data center must also meet the following requirements.
Optical transceiver modules
If you use optical fiber cables, you must use a single-mode optical transceiver module to connect to the Alibaba Cloud access device. The transceiver module configurations must be the same on both ends of the connection.
Alibaba Cloud provides single-mode optical transceiver modules in the following specifications. All modules support a maximum transmission distance of 10 kilometers.
Port speed | Transceiver type |
1 Gbit/s | 1000BASE-LX single-mode |
10 Gbit/s | 10GBASE-LR single-mode |
40 Gbit/s | 40GBASE-LR single-mode |
100 Gbit/s | 100GBASE-LR single-mode |
Port configuration
Disable auto-negotiation for the port. Specify the port rate and set the duplex mode to full-duplex.
The maximum transmission unit (MTU) on the physical layer is 1,500 bytes.
Protocol and encapsulation
All devices used to establish the connection, including intermediary devices in data centers, must support 802.1Q virtual local area network (VLAN) encapsulation.
The gateway device in your data center must support Border Gateway Protocol (BGP) and BGP MD5 authentication, or static routing.
Express Connect circuits do not support virtual extensible local area network (VXLAN) traffic from destination port 4789 over the User Datagram Protocol (UDP).
To use a redundant Express Connect circuit, you must configure route weights on your gateway device.
CIDR block restrictions
We recommend that you use private IP addresses to establish the connection between your data center and Alibaba Cloud. The CIDR blocks specified for the connection must not conflict with each other.
Plan the CIDR blocks of the virtual private cloud (VPC) and the data center before you use Express Connect. The CIDR blocks of the VPC and the data center must not overlap.
You cannot set the CIDR block of the data center to 100.64.0.0/10 because this CIDR block is used by Alibaba Cloud services. Cloud services deployed in VPCs use the 100.64.0.0/10 CIDR block, so data centers connected to VPCs over Express Connect circuits cannot use this CIDR block.
You cannot specify 100.64.0.0/10 as the peer CIDR block for the virtual border router (VBR) in Alibaba Cloud or the gateway device in the data center.
Health check requirements
The gateway device in the data center must be able to receive more than 500 Internet Control Message Protocol (ICMP) echo requests per second. If the gateway device does not meet this requirement, it cannot promptly respond to probe packets sent for health checks, which causes network jitter.
Transmission rate limits (Alibaba Cloud side)
Data transmission between a VPC and a data center is throttled when you use an Express Connect circuit.
Object Storage Service (OSS) speed limit
The maximum read/write speed for Object Storage Service (OSS) is 10 Gbit/s.
Per-flow bandwidth limits
To improve reliability, the maximum bandwidth of an individual hashed traffic flow from a VPC to a VBR follows these rules:
VBR or VPC-to-VBR bandwidth | Maximum bandwidth per hashed flow |
Less than or equal to 1 Gbit/s | Equal to the specified bandwidth |
Greater than 1 Gbit/s | 1/4 of the specified bandwidth |
For example, if the VPC-to-VBR bandwidth is 2 Gbit/s, the maximum bandwidth per hashed flow is 500 Mbit/s.
If a data center connects to the cloud through Cloud Enterprise Network (CEN) or Express Connect Router (ECR), traffic is throttled based on the VBR bandwidth. If the data center connects through VBR-to-VPC connections, traffic is throttled based on the VBR-to-VPC bandwidth.
VBR-to-VPC connections are not available by default. To use this feature, contact your account manager.
A hashed traffic flow is a data stream defined by the combination of five elements: source IP address, source port, transport layer protocol, destination IP address, and destination port. For example, 192.168.1.1 10000 TCP 121.XX.XX.76 80 forms a hashed traffic flow. In this flow, a terminal with IP address 192.168.1.1 and port 10000 connects to a terminal with IP address 121.XX.XX.76 and port 80 over TCP.
Limits on redundant Express Connect circuits
Alibaba Cloud guarantees service availability for connections over Express Connect circuits only when the circuits connect to different access points. If multiple Express Connect circuits share the same access point or only one Express Connect circuit is used, service availability is not guaranteed.
If a data center connects to a VPC over two Express Connect circuits, you must specify source IP addresses and destination IP addresses for health checks. After you configure health checks, the system monitors both circuits. If one circuit goes down, network traffic automatically fails over to the other circuit. We recommend that you configure health checks to detect service interruptions so that the system can perform failovers promptly.
Limits on hosted connections
Alibaba Cloud cannot change the port settings of hosted connections to meet your business requirements.
When you set a bandwidth limit on a hosted connection over an Express Connect circuit, make sure that the sum of bandwidth limits of all hosted connections does not exceed the bandwidth limit of the Express Connect circuit.
Limits on Express Connect circuit installation
The company in charge of installation must follow the construction rules established by connectivity providers and Alibaba Cloud data center engineers. Installation is prohibited if rules are violated.
If you purchase optical ports, the connectivity provider must use optical fiber cables to connect to the Alibaba Cloud port.
Alibaba Cloud data centers do not support fiber-optic transceivers. The installation company cannot install fiber-optic transceivers in Alibaba Cloud data centers.
The installation schedule is subject to data center lockdowns required by local authorities and Alibaba Cloud. If the data center is locked down, contact your account manager.
Data centers where Alibaba Cloud access points are located belong to the connectivity provider or a third-party service provider. You may be charged by the service provider for installing the Express Connect circuit in their buildings and using indoor cables.
Installation timelines
The following table describes the time required for Express Connect circuit installation.
Work item | Duration |
Review of the application to enter an Alibaba Cloud data center and perform site surveys | 2 business days |
Review of the application for a Letter of Authorization (LOA) | 2 business days |
Fiber pigtail installation (Chinese mainland) | 2 business days |
Fiber pigtail installation (outside the Chinese mainland) | 3 business days |
Review of the application to enter an Alibaba Cloud data center for maintenance | 3 business days |