All Products
Search

This Product

    Express Connect:Use VBRs and IP targeting to connect a data center to the Internet

    Document Center

    Express Connect:Use VBRs and IP targeting to connect a data center to the Internet

    Last Updated:Mar 18, 2025

    This topic describes how to use IP targeting to associate elastic IP addresses (EIPs) with private IP addresses of a data center and use virtual border routers (VBRs) to connect the data center to the Internet.

    Example scenario

    You have a data center in China (Beijing), and the servers in the data center need to communicate with the Internet. You can perform the following steps to connect the data center to the Internet:

    1. Purchase and deploy two Express Connect circuits that are connected to different customer-premises equipment (CPE) devices and VBRs in the data center to implement traffic redundancy.

    2. Create VBRs in China (Beijing) to connect the data center to a virtual private cloud (VPC).

    3. Create a VPC in China (Beijing) and activate an IPv4 gateway. Servers in the data center can use the IPv4 gateway to access the Internet.

    4. Create a VBR-to-VPC connection and configure routes so that the VPC can communicate with the data center.

    5. Configure IP targeting to associate EIPs with private IP addresses of the data center so that the data center can use the EIPs to access the Internet.

    image

    Prerequisites

    • The IP targeting feature is enabled for your Alibaba Cloud account. To enable this feature, contact your account manager.

    • A VPC and vSwitch1 are created in the China (Beijing) region.

    • EIP-1 and EIP-2 are created in the region of the VPC. For more information, see Purchase an EIP.

    • Make sure that your VBR has the permissions to configure a custom route whose destination CIDR block is 0.0.0.0/0 and whose next hop is the VPC. To enable this feature, contact your account manager. For more information, see Configure routes that point to a VPC on a VBR.

    Procedure

    Step 1: Create connections over Express Connect circuits

    In this example, two dedicated connections are created.

    1. Log on to the Express Connect console. In the top navigation bar, select the China (Beijing) region.

    2. Click Create Physical Connection, select Classic Mode, and purchase a physical port for Express Connect Circuit 1. 购买物理端口-cn

    3. After you purchase a port, you must request and complete installing Express Connect Circuit 1, and pay a resource occupation fee to activate Express Connect circuit 1. For more information, see Application in classic mode.

    4. Repeat the preceding steps to activate Express Connect Circuit 2.

    Step 2: Create VBRs

    1. On the Physical Connection page, click the physical port ID. On the details page, click Create VBR.

    2. In the Create VBR panel, set Account Type to Current Account, set the following parameters, and then click OK. 创建VBR1

    3. Repeat the preceding steps to create VBR2.

    Step 3: Create and activate an IPv4 gateway

    1. Log on to the IPv4 Gateway console. In the top navigation bar, select the China (Beijing) region.

    2. Click Create IPv4 Gateway, select a VPC, and then click Create.

    3. In the Activate IPv4 Gateway wizard, select the route table that is associated with vSwitch1 and click Activate.

      Note

      • When you activate the IPv4 gateway, the system adds a default 0.0.0.0/0 route that points to the IPv4 gateway to the vSwitch route table. This way, the vSwitch associated with the route table can access the Internet. If a default 0.0.0.0/0 route already exists in the route table, the preceding route will not be added.

      • Traffic within the VPC is not affected before the IPv4 gateway is activated. However, the network connections on the VPC may be temporarily interrupted during the activation process.

    Step 4: Create VBR-to-VPC connections

    Create VBR-to-VPC connections and configure routes on the requester VBRs and accepter VPC to enable communication between the VBRs and the VPC.

    1. Log on to the Express Connect console.

    2. In the left-side navigation pane, choose Peering Connection > VBR-to-VPC.

    3. In the top navigation bar, select China (Beijing) and click Create Peering Connection to configure a peering connection between VBR1 and the VPC.

      VBR上连

    4. Select Terms of Service and click OK.

    5. Repeat the preceding steps to create a connection between VBR2 and the VPC.

    6. After the VBR-to-VPC connections are created, configure health checks to check the connectivity of the Express Connect circuit.

    Step 5: Configure routes to route network traffic from the VPC to the data center

    Configure routes that point to the data center on the VBR

    On VBR1, add the 192.168.0.0/16 route whose next hop is the Express Connect circuit.

    1. Log on to the Express Connect console.

    2. In the left-side navigation pane, click Virtual Border Routers (VBRs).

    3. Click the ID of VBR1. On the details page, choose Routes > Custom Route Entry.

    4. Click Add Route Entry, configure a route for VBR1 to access the data center, and click OK.

      VBR指向物理专线接口

    5. Repeat the preceding steps to configure a route for VBR2 whose next hop is the Express Connect circuit.

    Configure a route for the VPC to access the data center

    Configure the 192.168.0.0/16 route whose next hop is VBR1 for the VPC so that traffic destined foe the data center from the VPC can be routed to VBR1.

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click Route Tables. In the top navigation bar, select the China (Beijing) region.

    3. Click the ID of the route table and click Add Route Table. Use the following configurations and click OK.

      为VPC配置指向VBR路由

    4. Perform the preceding steps to configure a route for the VPC whose next hop is VBR2.

    Configure routes for the IPv4 gateway to access the data center

    Configure the 192.168.0.0/16 route whose next hop is the VBR for the IPv4 gateway. This way, traffic destined for the data center from the IPv4 gateway can be routed to the VBR.

    1. Create a gateway route table and associate it with the IPv4 gateway.

      1. Log on to the Route Table page. In the top navigation bar, select the China (Beijing) region.

      2. Click Create Route Table. In the dialog box that appears, select a VPC, select VBR for Associated Resource Type, specify a route table name, and then click OK.

      3. In the Associate Resource column of the gateway route table, click Associate Now, click Associate Border Gateway, select the IPv4 gateway, and click OK.

    2. Choose Route Entry List > Custom Route, click Add Route Entry, configure a route entry that points to the VBR, and click OK.

      配置IPv4网关指向VBR路由.png

    3. Repeat the preceding steps to configure a route whose next hop is VBR2 on the IPv4 gateway.

    Step 6: Configure routes to route network traffic from the data center to the VPC

    Configure a route that points to the VPC on the VBR

    Configure the 0.0.0.0/0 route whose next hop is the VPC on VBR1. This way, traffic from VBR1 destined for the Internet is routed to the VPC.

    1. Log on to the Express Connect console.

    2. In the left-side navigation pane, click Virtual Border Routers (VBRs).

    3. Click the ID of VBR1. On the details page, choose Routes > Custom Route Entry.

    4. Click Add Route Entry, configure a route that points to the VPC on VBR1, and then click OK.

      配置VBR指向公网路由

    5. Repeat the preceding steps to configure a route whose next hop is the VPC on VBR2.

    Configure a route that points to the VPC for the data center

    In the data center, configure the 0.0.0.0/0 route whose next hop is the Express Connect circuit. This way, traffic can be routed to the VBR. In addition, you need to configure health check and a return route for health check probe packets. Then, you need to configure the gateway device to route network traffic based on health check results to achieve network redundancy.

    1. Configure routes in the data center.

      The configuration commands may vary based on the gateway device. The following example is for reference only. For more information about the configuration commands, consult the vendor of your gateway device. 

      # Configure routes in the data center to route network traffic to the VPC.
ip route 0.0.0.0/0 10.100.1.3
ip route 0.0.0.0/0 10.100.10.3

    2. Configure health checks for the data center. For more information, see Configure and manage health checks.

    Step 7: Associate EIPs with the IP addresses of the servers in the data center

    1. Log on to the EIP console.

    2. In the top navigation bar, select the China (Beijing) region.

    3. Find EIP-1 and click Associate Resource in the Actions column.

      eip

      The following table describes the parameters.

      Parameter

      Description

      Instance Type

      The type of resource associated with the EIP. In this example, IP is selected.

      VPC

      Select the ID of the VPC.

      IP Address

      The IP address of the server in the data center. In this example, the IP address 192.168.8.67 of Server 01 is used.

    4. Repeat the preceding steps to associate EIP-2 with Server 02.

    Step 8: Test the network connectivity

    1. Log on to Server 01.

    2. Run the ping www.aliyun.com command to check whether the server can access the Internet.

      If the following responses are returned, it indicates that Server 01 can access the Internet.

      测试结果(公网)

    3. Repeat the preceding steps to check whether Server 02 can access the Internet.

    References