After you enable an Express Connect circuit, you must create a virtual border router (VBR) for the Express Connect circuit. The VBR is used to route traffic between the virtual private cloud (VPC) and your data center.
Background information
A VBR is a router deployed between a VPC and the customer-premises equipment (CPE) in a data center. Each VBR is associated with a route table. You can add routes to the route table of a VBR to control network traffic forwarding. A VBR provides the following features:
Exchanges data between a VPC and a data center.
Determines the virtual interface type of an Express Connect circuit: Layer 3 router interface or Layer 3 virtual local area network (VLAN) subinterface.
Adds or identifies VLAN tags if a Layer 3 VLAN subinterface is used.
Supports Border Gateway Protocol (BGP) dynamic routing.
Create a VBR
Log on to the Express Connect console.
In the top navigation bar, select the region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, click Create VBR.
In the Create VBR panel, set the following parameters and click OK.
Parameter
Description
Account
Specify the Alibaba Cloud account for which a VBR is created. By default, Current account is selected. If you use the default setting, the VBR that you create belongs to the account with which you log on to the console.
Name
Enter a name for the VBR.
Resource Group
Select the resource group to which the VBR belongs.
After the VBR is created, find the VBR and click Add to Resource Group in the Resource Group column.
Tags
Tag Key: You can select or enter a key. The tag key can be up to 64 characters in length. The tag key cannot start with
aliyunoracs:and cannot containhttp://orhttps://.Tag Value: You can select or enter a value. The tag value can be up to 128 characters in length. The tag value cannot start with
aliyunoracs:and cannot containhttp://orhttps://.
You can add tags to the VBR in the Tags column after the VBR is created. After you add tags, you can modify, view, and delete the tags.
Physical Connection Information
Select the type of Express Connect circuit that you want to associate with the VBR. Then, select an Express Connect circuit that is enabled and functions as expected from the drop-down list.
Valid values:
Dedicated Physical Connection: a dedicated Express Connect circuit.
Shared Physical Connection: a hosted Express Connect circuit.
VLAN ID
Enter the VLAN ID of the VBR. Valid values: 0 to 2999.
Take note of the following items when you enter the VLAN ID:
If VLAN ID is set to 0, the switch port of the VBR is a Layer 3 router interface instead of a VLAN subinterface. When a Layer 3 router interface is used, each Express Connect circuit is associated with a VBR.
If VLAN ID is set to a value from 1 to 2999, the switch port of the VBR is a Layer 3 VLAN subinterface. When a Layer 3 VLAN subinterface is used, each VLAN ID corresponds to a VBR. In this case, the Express Connect circuit with which the VBR is associated can be used to connect to VPCs that belong to different Alibaba Cloud accounts. VBRs in different VLANs are isolated from each other at Layer 2.
Before you set this parameter, take note of the following rules:
To set VLAN ID for a dedicated connection over an Express Connect circuit, make sure that the trunking feature is enabled for the Layer 2 or Layer 3 devices that are used to connect the Express Connect circuit, VBR, and gateway device in the data center. This way, data can be transmitted from and to the VLAN based on the specified ID. The VLAN ID that you specify is preserved in the packets sent to the destination VLAN and not modified during data transmission. If the trunking feature is disabled, the connection may fail. We recommend that you set VLAN ID to 0 unless your Internet service provider has specific rules or limits on the VLAN ID configuration.
If you set VLAN ID to 0 when you create a VBR for a dedicated connection, you cannot create other VLAN subinterfaces on the VBR.
You do not need to specify VLAN ID when you create a VBR for a hosted connection. The VLAN ID parameter is already set. Therefore, ignore the VLAN ID parameter.
Set VBR Bandwidth Value
Set the bandwidth of the VBR.
You do not need to set this parameter when you create a VBR for a hosted connection. The bandwidth is already set when the hosted connection is created.
IPv4 Address (Alibaba Cloud Gateway)
Specify an IPv4 address for the VBR to route traffic between the VPC and your data center. The IPv4 addresses that are specified by the IPv4 Address (Alibaba Cloud Gateway) and IPv4 Address (Data Center Gateway) parameters must belong to the same CIDR block.
IPv4 Address (Data Center Gateway)
Specify an IPv4 address for the gateway device in the data center.
NoteTo allow services in the VPC to access a specified gateway IP address, you must add a route to the route table of the VBR. Set the destination CIDR block to the CIDR block to which the specified gateway IP address belongs and the next hop to the Express Connect circuit. For information about how to add routes to a route table, see Add and manage routes.
Subnet Mask (IPv4)
Enter the subnet mask of the IPv4 addresses that you specify for the VBR and the gateway device in the data center. You can enter a longer subnet mask because only two IP addresses are required.
Support IPv6
Select whether to enable IPv6 for the VBR.
Disable (default): disables IPv6.
Enable: enables IPv6. If you select this option, you cannot disable IPv6 after the VBR is created. Set the following parameters of the VBR:
IPv6 Address (Alibaba Cloud Gateway): Enter an IPv6 address for the VBR to route traffic between the VPC and your data center. The values of the IPv6 Address (Alibaba Cloud Gateway) and IPv6 Address (Data Center Gateway) parameters must belong to the same CIDR block.
IPv6 Address (Data Center Gateway): Enter an IPv6 address for the gateway device in the data center to route traffic between the VPC and your data center.
Subnet Mask (IPv6): Enter the subnet mask of the IPv6 addresses that you specified for the VBR and the gateway device in your data center.
Purchase VBRs after the free VBR quota is exhausted
When your free VBR quota is exhausted, you can purchase additional VBRs.
Log on to the Express Connect console.
In the top navigation bar, select the region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, click Create VBR.
In the Create VBR panel, set the parameters and click OK.
In the Warn message, click Buy.
On the buy page, set the parameters of the VBR and click Buy Now to complete the payment.
Region: Use the default value for this parameter.
Bandwidth: Select the bandwidth value of the VBR.
Quantity: Select the number of VBRs that you want to purchase.
Duration: Select the subscription duration. To prevent service interruptions caused by overdue payments, we recommend that you enable Auto-renewal.
You can also renew a VBR on the Express Connect circuit details page. For more information, see Manage renewal.
After you complete the payment, you can choose Expenses > Orders in the top navigation bar to view the order details. The name of the instance in the order is in the format of pconn- ${vbrId}, where vbrId is the ID of the VBR, for example, pconn-vbr-uf6ql2vm2avp****.
Change the bandwidth of a VBR
You can change the bandwidth of a free VBR.
Log on to the Express Connect console.
In the top navigation bar, select the region and then click Physical Connection in the left-side navigation pane.
On the Physical Connection page, click the ID of the Express Connect circuit.
On the Express Connect circuit details page, find the VBR whose bandwidth you want to change and choose
Bandwidth Settings in the Actions column. In the Bandwidth Settings panel, set Bandwidth Cap and click OK.
Modify the configuration of a VBR
Log on to the Express Connect console.
In the top navigation bar, select the region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR whose configuration you want to modify and click Modify in the Actions column.
To modify the VBR, set the following parameters and click OK.
Parameter
Description
VLAN ID
Enter the VLAN ID of the VBR. Valid values: 0 to 2999.
If VLAN ID is set to 0, the switch port of the VBR is a Layer 3 router interface instead of a VLAN interface. When a Layer 3 router interface is used, each Express Connect circuit is associated with a VBR.
If VLAN ID is set to a value from 1 to 2999, the switch port of the VBR is a Layer 3 VLAN subinterface. When a Layer 3 VLAN subinterface is used, each VLAN ID corresponds to a VBR. In this case, the Express Connect circuit with which the VBR is associated can be used to connect to VPCs that belong to different Alibaba Cloud accounts. VBRs in different VLANs are isolated from each other at Layer 2.
For example, a company has multiple divisions or subsidiaries. Each division or subsidiary has a separate Alibaba Cloud account. Each Alibaba Cloud account has a separate VPC. If the company applies for an Express Connect circuit, the company must assign a VLAN ID to the connection of each division or subsidiary. When the company creates router interfaces, the VLAN IDs are used to identify the subsidiaries or divisions that use the Express Connect circuit. In this case, the VBRs of each subsidiary or division are isolated at Layer 2.
NoteIf you use a hosted Express Connect circuit, you cannot modify the VLAN ID. If you want to modify the VLAN ID, contact the Internet service provider.
IPv4 Address (Alibaba Cloud Gateway)
Specify an IPv4 address for the VBR to route network traffic between the VPC and data center.
IPv4 Address (Data Center Gateway)
Specify an IPv4 address for the gateway device in the data center.
Subnet Mask (IPv4 Address)
Enter the subnet mask of the IPv4 addresses that you specify for the VBR and the gateway device in the data center. You can enter a longer subnet mask because only two IP addresses are required.
Support IPv6
Select whether to enable IPv6 for the VBR.
Disable (default): disables IPv6.
Enable: enables IPv6. If you select this option, you cannot disable IPv6 after the VBR is created. Set the following parameters of the VBR:
IPv6 Address (Alibaba Cloud Gateway): Enter an IPv6 address for the VBR to route network traffic between the VPC and the data center. The values of the IPv6 Address (Alibaba Cloud Gateway) and IPv6 Address (Data Center Gateway) parameters must belong to the same CIDR block.
IPv6 Address (Data Center Gateway): Enter an IPv6 address for the gateway device in the data center to route network traffic between the VPC and the data center.
Subnet Mask (IPv6): Enter the subnet mask of the IPv6 addresses that you specify for the VBR and the gateway device in the data center.
BFD Parameter
After you enable Bidirectional Forwarding Detection (BFD), the system establishes a BFD session between the VBR and the gateway device in the data center. This way, the VBR and the gateway device can exchange BFD packets at a specified interval to verify network connectivity. If no packets are returned, the peer is considered unreachable.
NoteThe BFD parameters take effect only if BFD is enabled. For more information about how to enable BFD, see Configure and manage BGP.
Submission Interval: Specify the interval at which BFD packets are sent. Valid values: 200 to 1000. Unit: milliseconds.
Reception Interval: Specify the interval at which BFD packets are received. Valid values: 200 to 1000. Unit: milliseconds.
Detection Time Multiple: the detection time multiplier. Valid values: 3 to 10.
Apply for a quota increase for VBRs
After you enable billing for outbound data transfer, you can create up to 10 VBRs for each Express Connect circuit free of charge within the current account. You can apply for a quota increase for your account based on your business requirements.
For more information about the quotas of VBRs, see Limits.
Log on to the Express Connect console.
In the top navigation bar, select the region and then click Physical Connection in the left-side navigation pane.
In the Increase VBR Quota for Current Account section, click Upgrade Now.
On the Request Quota Increase page, select the number of VBR instances that you want to apply for, specify the reason, and then click OK.
Delete a VBR
You can delete VBRs that you no longer need. Before you delete a VBR, make sure that the following resources of the VBR are deleted or disassociated:
All routes are deleted. For more information, see the "Delete a custom route" section of the Add and manage routes topic and the "Delete route prefixes" section of the Add and manage route prefixes topic.
All BGP peers, BGP groups, and advertised BGP CIDR blocks are deleted. For more information about how to delete BGP groups, BGP peers, and advertised BGP CIDR blocks, see the "Manage BGP" section of the Configure and manage BGP topic.
All failover groups are deleted. For more information, see Configure a failover group.
The VBR is disassociated from Cloud Enterprise Network (CEN). For more information, see the "Detach a VBR from a CEN instance" section of the Connect to a VPC topic.
All peering connections are deleted. For more information, see the "Delete a VBR-to-VPC connection" section of the Create and manage a VBR-to-VPC connection topic.
The VBR is disassociated from the Express Connect circuits if the VBR is associated with more than one Express Connect circuit. To disassociate the VBR from the Express Connect circuit, perform the following steps:
Log on to the Express Connect console.
In the top navigation bar, select the region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to disassociate from the Express Connect circuit and click Delete in the Actions column.
NoteTo delete a VBR that is associated with multiple Express Connect circuits, click the ID of the VBR. On the Physical Connection Interfaces tab, click Unbind in the Actions column of an Express Connect circuit. Repeat this step to disassociate the VBR from all Express Connect circuits.
In the Delete VBR message, click OK.
References
AttachVbrToVpconn: associates a VBR with a hosted connection.
CreateVirtualBorderRouter: creates a VBR.
DescribeVirtualBorderRouters: queries VBRs.
DescribeVirtualBorderRoutersForPhysicalConnection: queries VBRs that are associated with a specified Express Connect circuit. The VBRs can be created by the owner of the Express Connect circuit and by other Alibaba Cloud accounts.
DeleteVirtualBorderRouter: deletes a VBR.
ListVirtualPhysicalConnections: queries the information about hosted connections.
ModifyVirtualBorderRouterAttribute: modifies the configuration of a VBR.
UpdateVirtualBorderBandwidth: updates the outbound bandwidth of a VBR.