How do I use an Express Connect circuit to connect an on-premises data center to ApsaraMQ for RocketMQ - Express Connect

This topic describes how to use an Express Connect circuit to connect a data center to ApsaraMQ for RocketMQ to send and subscribe to messages.

Background information

For example, a virtual private cloud (VPC), a vSwitch, and a ApsaraMQ for RocketMQ instance are created by an enterprise in the China (Beijing) region. The on-premises data center of the enterprise is connected to Alibaba Cloud by using an Express Connect circuit and a virtual border router (VBR). The enterprise wants to use the ApsaraMQ for RocketMQ instance in the VPC to send and subscribe to messages. To achieve this goal, perform the following operations:

Record the IP address that is resolved from the internal domain name of the ApsaraMQ for RocketMQ instance.
Connect the VBR that is associated with the data center and the VPC to an Enterprise Edition transit router in the China (Beijing) region.
On the VBR and in the VPC, configure routes that point to the data center.
Configure a route to the IP address of the Message Queue for Apache RocketMQ instance in the data center.
Test network connectivity.
Access the ApsaraMQ for RocketMQ service.

Note

If you want to use an Express Connect circuit to connect a data center to Object Storage Service (OSS), you can also follow the preceding procedure but replace the IP address of the ApsaraMQ for RocketMQ instance with that of OSS.

Prerequisites

A VPC and a vSwitch are created in the China (Beijing) region. For more information, see Create a VPC with an IPv4 CIDR block.
An Elastic Compute Service (ECS) instance is created in the vSwitch. For more information, see Create an instance by using the wizard.
The Message Queue service is activated and a ApsaraMQ for RocketMQ instance is created. For more information, see Activate and grant permissions on ApsaraMQ for RocketMQ and Create resources.
A VBR and an Express Connect circuit are deployed. The data center is connected to Alibaba Cloud through the VBR and Express Connect circuit. For more information, see Connect a data center to ECS by using an Express Connect circuit.
A CEN instance is created. For more information, see Create a CEN instance.

Procedure

配置流程

Step 1: Record the IP address of the ApsaraMQ for RocketMQ instance

Log on to the ApsaraMQ for RocketMQ console.
In the left-side navigation pane, click Instances.
On the Instances page, find the ApsaraMQ for RocketMQ instance and click its ID.
On the Instance Details page, click the Basic Information tab.
In the TCP Endpoint section, record the Endpoint and Network Information.
Log on to the ECS instance. For more information, see Connection method overview.
Run the ping endpoint of the ApsaraMQ for RocketMQ instance command to obtain and record the IP address of the instance.
The IP address of the ApsaraMQ for RocketMQ instance in this example is 100.100.139.81, as shown in the preceding figure.

Step 2: Connect the VBR and VPC to the transit router in the China (Beijing) region

Note

Before you connect an Enterprise Edition transit router to a VPC, make sure that the VPC has at least one vSwitch in a zone that supports Enterprise Edition transit routers. The vSwitch must have at least one idle IP address. In this example, a transit router is deployed in the China (Beijing) region and the zones are Beijing Zone H and Beijing Zone G.

After you connect the VBR and VPC to the transit router in the China (Beijing) region, the CEN instance automatically advertises and learns routes to enable network communication between the VPC and data center.

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the Basic Settings > Transit Router tab, find the transit router that you want to manage and click Create Connection in the Actions column.

On the Connection with Peer Network Instance page, set the following parameters and click OK.

Note

The first time you perform this operation, the system automatically creates the service-linked role AliyunServiceRoleForCEN. This role allows transit routers to create elastic network interfaces (ENIs) on vSwitches in VPCs. For more information, see AliyunServiceRoleForCEN.

Parameter	Description
Network Type	Select the type of network instance that you want to attach. In this example, VPC is selected.
Region	Select the region where the network instance is deployed. In this example, China (Beijing) is selected.
Transit Router	The transit router in the selected region is displayed.
Resource Owner ID	Select the Alibaba Cloud account to which the network instance belongs. In this example, Your Account is selected.
Billing Method	By default, transit routers use the Pay-As-You-Go billing method. For more information about the billing rules, see Billing rules.
Attachment Name	Enter a name for the network connection. In this example, `VPC-test` is used.
Networks	Select the VPC that you want to attach. In this example, the VPC in the China (Beijing) region is selected.
vSwitch	Select a vSwitch in a zone that supports transit routers. In this example, the following vSwitches are selected: Beijing Zone H: vSwitch 1 Beijing Zone G: vSwitch 2
Advanced Settings	By default, the following advanced features are enabled: Associate with Default Route Table of Transit Router, Propagate System Routes to Default Route Table of Transit Router, and Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC. In this example, the default settings are used.

On the Connection with Peer Network Instance page, click Create More Connections.

On the Connection with Peer Network Instance page, set the following parameters and click OK.

Parameter	Description
Network Type	In this example, Virtual Border Router (VBR) is selected.
Region	Select the region where the network instance is deployed. In this example, China (Beijing) is selected.
Transit Router	The transit router in the selected region is displayed.
Resource Owner ID	Select the Alibaba Cloud account to which the network instance belongs. In this example, Your Account is selected.
Attachment Name	Enter a name for the VBR connection. In this example, `VBR-test` is used.
Networks	Select the ID of the VBR that you want to attach. In this example, the VBR in the China (Beijing) region is selected.
Advanced Settings	By default, the following advanced features are enabled: Associate with Default Route Table of Transit Router, Propagate System Routes to Default Route Table of Transit Router, and Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC. In this example, the default settings are used.

After the connections are created, you can view the details about the connections on the Intra-region Connections tab. For more information, see View network instance connections.

Step 3: Configure a route that points to the ApsaraMQ for RocketMQ instance on the transit router

Add the route that points to the IP address of the ApsaraMQ for RocketMQ instance to the route table of the transit router.

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the Transit Router tab of the CEN details page, find the transit router in the China (Beijing) region and click its ID.
On the details page of the transit router, click the Route Table tab.
On the Route Table tab, click the ID of the route table that you want to manage in the left-side list. In the Route Table Details section, click the Route Entry tab, and then click Add Route Entry.

In the Add Route Entry dialog box, configure the following parameters and click OK.

Parameter	Description
Route Table	The current route table is selected by default.
Transit Router	The current transit router is selected by default.
Name	Enter a name for the route entry.
Destination CIDR	Enter the IP address or CIDR block that the cloud service uses to provide services. In this example, the IP address of the ApsaraMQ for RocketMQ instance is entered, which is `100.100.139.81`. The IP address of the instance is the one in Step 1: Record the IP address of the ApsaraMQ for RocketMQ instance.
Blackhole Route	Select whether to specify the route as a blackhole route. Valid values: Yes: specifies the route as a blackhole route. Traffic that matches the route is dropped. No: does not specify the route as a blackhole route. In this case, you must specify the next hop of the route. In this example, No is selected.
Next Hop	Select the next hop type. Select the ID of the VPC connection on the transit router.
Description	Enter a description for the route entry.

Step 4: Add the CIDR block used by the data center to the VBR

Log on to the Express Connect console.
In the top navigation bar, select a region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
On the details page of the VBR, click the Routes tab and click Add Route Entry.

In the Add Route Entry panel, set the following parameters and click OK.

Parameter	Description
Next Hop Type	Select VPC or Physical Connection Interface. In this example, Physical Connection Interface is selected.
Destination CIDR Block	Enter the CIDR block to which network traffic is forwarded. In this example, the CIDR block of the data center is used.
Next Hop	Select the Express Connect circuit used by the data center.
Description	Enter a description.

Step 5: Add the CIDR block of the data center to the VPC

After you enable Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC, the system automatically adds routes whose destination CIDR blocks are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 to the route tables of the VPC. The next hop of the routes is the VPC connection. If the CIDR block of the data center falls within the preceding CIDR blocks, skip this step.

Log on to the VPC console.
In the left-side navigation pane, click Route Tables.
In the top navigation bar, select the region to which the route table that you want to manage belongs.
In this example, China (Beijing) is selected.
On the Route Tables page, find the custom route table that you want to manage and click its ID.
On the details page of the custom route table, choose Route Entry List > Custom Route, and click Add Route Entry.

In the Add Route Entry panel, set the following parameters and click OK.

Parameter	Description
Name	Enter a name for the custom route.
Destination CIDR Block	Enter the CIDR block to which network traffic is forwarded. In this example, the CIDR block of the data center is used.
Next Hop Type	Select the next hop type. Transit Router is selected in this example.
Transit Router	Select the VPC connection on the transit router in the China (Beijing) region.

Step 6: Configure a route that points to the ApsaraMQ for RocketMQ instance

In the data center, configure a route that points to the IP address of the ApsaraMQ for RocketMQ instance.

Set the destination of the route to 100.100.139.81, which is the IP address of the instance, and set the next hop to the Express Connect circuit. If a firewall is configured in the data center, make sure that the security policies configured on the firewall allow access from the on-premises servers to 100.100.139.81.

Step 7: Test network connectivity

Open the command-line interface (CLI) on a computer in the data center.
Run the ping command to test the connectivity between the data center and the IP address of the ApsaraMQ for RocketMQ instance. The IP address of the instance is the one in Step 1: Record the IP address of the ApsaraMQ for RocketMQ instance.
If echo reply packets are returned, the destination is reachable.

Step 8: Access the ApsaraMQ for RocketMQ service

After you verify the network connectivity between the data center and ApsaraMQ for RocketMQ, you can use the service to send and subscribe to messages. For more information, see Overview.