Create a VBR for an Express Connect circuit - Express Connect

After you enable an Express Connect circuit, you can create a virtual border router (VBR) for the Express Connect circuit. The VBR is used to route traffic between a Virtual Private Cloud and your data center.

Background information

A VBR is a router deployed between a VPC and the customer-premises equipment (CPE) in a data center. Each VBR is associated with a route table. You can add routes to the route table of a VBR to control network traffic forwarding. A VBR provides the following features:

Exchanges data between a VPC and a data center.
Determines the virtual interface type of an Express Connect circuit: Layer 3 router interface or Layer 3 virtual local area network (VLAN) subinterface.
Adds or identifies VLAN tags if a Layer 3 VLAN subinterface is used.
Supports Border Gateway Protocol (BGP) dynamic routing.

Create a VBR

Log on to the Express Connect console.
In the top navigation bar, select the region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, click Create VBR.

In the Create VBR panel, set the following parameters and click OK.

Parameter	Description
Account Type	Specify the type of account for which the VBR is created. By default, Current Account is selected. If you use the default setting, the VBR that you create belongs to the account that you use to log on to the console.
Name	The name of the VBR.
Resource Group	Select the resource group to which the VBR belongs. Alternatively, you can add the VBR to a resource group in the following way: After the VBR is created, find the VBR and click Add to Resource Group in the Resource Group column.
Tags	Tag Key: You can select or enter a key. The tag key can be up to 64 characters in length. The tag key cannot start with `aliyun` or `acs:` and cannot contain `http://` or `https://`. Tag Value: You can select or enter a value. The tag value can be up to 128 characters in length. The tag value cannot start with `aliyun` or `acs:` and cannot contain `http://` or `https://`. You can also add tags to the VBR in the Tags column after the VBR is created. After you add tags, you can modify, view, and delete the tags.
Physical Connection	Select the type of Express Connect circuit that you want to associate with the VBR. Then, select an Express Connect circuit that is enabled and functions as expected from the drop-down list. Valid types: Dedicated Physical Connection: a dedicated Express Connect circuit. Shared Physical Connection: a hosted Express Connect circuit.
VLAN ID	Enter the VLAN ID of the VBR. Valid values: 0 to 2999. Take note of the following items when you enter the VLAN ID: If VLAN ID is set to 0, the switch port of the VBR is a Layer 3 router interface instead of a VLAN subinterface. When a Layer 3 router interface is used, each Express Connect circuit is associated with a VBR. If VLAN ID is set to a value from 1 to 2999, the switch port of the VBR is a Layer 3 VLAN subinterface. If a Layer 3 VLAN subinterface is used, each VLAN ID is associated with a VBR. In this case, the Express Connect circuit with which the VBR is associated can be used to connect to VPCs that belong to different Alibaba Cloud accounts. VBRs in different VLANs are isolated from each other at Layer 2. Before you configure this parameter, take note of the following rules: To configure the VLAN ID parameter for a dedicated connection over an Express Connect circuit, make sure that the trunking feature is enabled for the Layer 2 or Layer 3 devices that are used to connect the Express Connect circuit, VBR, and gateway device in the data center. This way, data can be transmitted from and to the VLAN based on the specified ID. The VLAN ID that you specify is preserved in the packets sent to the destination VLAN and not modified during data transmission. If the trunking feature is disabled, the connection may fail. If you set the VLAN ID parameter to `0` when you create a VBR for a dedicated connection, you cannot create other VLAN subinterfaces on the VBR. You do not need to configure the VLAN ID parameter when you create a VBR for a hosted connection. The VLAN ID parameter is already configured. Therefore, ignore the VLAN ID parameter.
Set VBR Bandwidth Value	Set the bandwidth of the VBR. You do not need to configure this parameter when you create a VBR for a hosted connection. The bandwidth is already set when the hosted connection is created.
Alibaba Cloud Side IPv4 Address	Specify an IPv4 address for the VBR to route traffic between the VPC and your data center. The IPv4 addresses that are specified by the IPv4 Address (Alibaba Cloud Gateway) and IPv4 Address (Data Center Gateway) parameters must belong to the same CIDR block.
Data Center Side IPv4 Address	The IPv4 address for the gateway device in the data center to route network traffic from the data center to the VPC. Note To allow services in the VPC to access a specified gateway IP address, you must add a route to the route table of the VBR. Set the destination CIDR block to the CIDR block to which the specified gateway IP address belongs and the next hop to the Express Connect circuit. For information about how to add routes to a route table, see the Add a custom route section of the "Add and manage routes" topic.
Subnet Mask (IPv4)	The subnet mask of the IPv4 addresses that are specified for the VBR and the gateway device in the data center. You can enter a long subnet mask because only two IP addresses are required.
Support IPv6	Select whether to enable IPv6 for the VBR. Disable (default): disables IPv6. Enable: enables IPv6. If you select this option, you cannot disable IPv6 after the VBR is created. Configure the following parameters of the VBR: IPv6 Address (Alibaba Cloud Gateway): Enter an IPv6 address for the VBR to route network traffic between the VPC and the data center. The values of the IPv6 Address (Alibaba Cloud Gateway) and IPv6 Address (Data Center Gateway) parameters must belong to the same CIDR block. IPv6 Address (Data Center Gateway): Enter an IPv6 address for the gateway device in the data center to route network traffic between the VPC and the data center. Subnet Mask (IPv6): Enter the subnet mask of the IPv6 addresses that you specified for the VBR and the gateway device in your data center.

Change the bandwidth of a VBR

You can change the bandwidth of a free VBR.

Log on to the Express Connect console.
In the top navigation bar, select the region and then click Physical Connection in the left-side navigation pane.
On the Physical Connection page, click the ID of the Express Connect circuit.
On the Express Connect circuit details page, find the VBR whose bandwidth you want to change and click Bandwidth Settings in the Actions column.
In the Bandwidth Settings panel, configure the Bandwidth Cap parameter and click OK.

Modify the configuration of a VBR

Log on to the Express Connect console.
In the top navigation bar, select the region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR whose configuration you want to modify and click Modify in the Actions column.

Modify the parameters that are described in the following table and click OK.

Parameter	Description
VLAN ID	Enter the VLAN ID of the VBR. Valid values: 0 to 2999. If VLAN ID is set to 0, the switch port of the VBR is a Layer 3 router interface instead of a VLAN interface. When a Layer 3 router interface is used, each Express Connect circuit is associated with a VBR. If VLAN ID is set to a value from 1 to 2999, the switch port of the VBR is a Layer 3 VLAN subinterface. If a Layer 3 VLAN subinterface is used, each VLAN ID is associated with a VBR. In this case, the Express Connect circuit with which the VBR is associated can be used to connect to VPCs that belong to different Alibaba Cloud accounts. VBRs in different VLANs are isolated from each other at Layer 2. For example, a company has multiple divisions or subsidiaries. Each division or subsidiary has a separate Alibaba Cloud account. Each Alibaba Cloud account has a separate VPC. If the company applies for an Express Connect circuit, the company must assign a VLAN ID to the connection of each division or subsidiary. When the company creates router interfaces, the VLAN IDs are used to identify the subsidiaries or divisions that use the Express Connect circuit. In this case, the VBRs of each subsidiary or division are isolated at Layer 2. Note If you use a hosted Express Connect circuit, you cannot modify the VLAN ID. If you want to modify the VLAN ID, contact the Internet service provider.
Alibaba Cloud Side IPv4 Address	Specify an IPv4 address for the VBR to route network traffic between the VPC and data center.
Data Center Side IPv4 Address	Specify an IPv4 address for the gateway device in the data center.
Subnet Mask (IPv4)	Enter the subnet mask of the IPv4 addresses that you specified for the VBR and the gateway device in the data center. You can enter a longer subnet mask because only two IP addresses are required.
Support IPv6	Select whether to enable IPv6 for the VBR. Disable (default): disables IPv6. Enable: enables IPv6. If you select this option, you cannot disable IPv6 after the VBR is created. Configure the following parameters of the VBR: IPv6 Address (Alibaba Cloud Gateway): Enter an IPv6 address for the VBR to route network traffic between the VPC and the data center. The values of the IPv6 Address (Alibaba Cloud Gateway) and IPv6 Address (Data Center Gateway) parameters must belong to the same CIDR block. IPv6 Address (Data Center Gateway): Enter an IPv6 address for the gateway device in the data center to route network traffic between the VPC and the data center. Subnet Mask (IPv6): Enter the subnet mask of the IPv6 addresses that you specify for the VBR and the gateway device in the data center.
BFD Parameter	After you enable Bidirectional Forwarding Detection (BFD), the system establishes a BFD session between the VBR and the gateway device in the data center. This way, the VBR and the gateway device can exchange BFD packets on a regular basis to verify network connectivity. If no packets are returned, the peer is considered unreachable. Note The BFD parameters take effect only if BFD is enabled. For more information about how to enable BFD, see Configure and manage BGP. Submission Interval: the interval at which BFD packets are sent. Valid values: 200 to 1000. Unit: milliseconds. Reception Interval: the interval at which BFD packets are received. Valid values: 200 to 1000. Unit: milliseconds. Detection Time Multiple: the detection time multiplier. Valid values: 3 to 10.

Increase the VBR quota for an Express Connect circuit

After you enable billing for outbound data transfer, you can create up to 10 VBRs for each Express Connect circuit free of charge within the current account. You can apply for a quota increase for your account based on your business requirements.

Note

For more information about the quotas of VBRs, see Limits.

Log on to the Express Connect console.
In the top navigation bar, select the region and then click Physical Connection in the left-side navigation pane.
In the Increase VBR Quota for Current Account section, click Upgrade Now.
On the General Quotas page, find the ec_quota_same_acount_vbr_per_pconn quota and click Apply in the Actions column.
In the Apply for Quotas dialog box, configure the Applied Quotas and Reason parameters and click OK.

Delete a VBR

You can delete VBRs that you no longer need. Before you delete a VBR, make sure that the following resources of the VBR are deleted or disassociated:

All routes are deleted. For more information, see the Delete a custom route section of the "Add and manage routes" topic and the Delete route prefixes section of the "Add and manage route prefixes" topic.
All BGP peers, BGP groups, and advertised BGP CIDR blocks are deleted. For more information about how to delete BGP groups, BGP peers, and advertised BGP CIDR blocks, see Configure and manage BGP.
All failover groups are deleted. For more information, see Configure a failover group.
The VBR is disassociated from Cloud Enterprise Network (CEN). For more information, see the Detach a VBR from a CEN instance section of the "Connect to a VPC" topic.
All peering connections are deleted. For more information, see the Delete a VBR-to-VPC connection section of the "Create and manage a VBR-to-VPC connection" topic.
The VBR is disassociated from the Express Connect circuits if the VBR is associated with more than one Express Connect circuit. To disassociate the VBR from the Express Connect circuit, perform the following steps:

Log on to the Express Connect console.
In the top navigation bar, select the region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to disassociate from the Express Connect circuit and click Delete in the Actions column.
Note
To delete a VBR that is associated with multiple Express Connect circuits, click the ID of the VBR. On the Physical Connection Interfaces tab, click Unbind in the Actions column of an Express Connect circuit. Repeat this step to disassociate the VBR from all Express Connect circuits.
In the Delete VBR message, click OK.

References

AttachVbrToVpconn: associates a VBR with a hosted connection.
CreateVirtualBorderRouter: creates a VBR.
DescribeVirtualBorderRouters: queries VBRs.
DescribeVirtualBorderRoutersForPhysicalConnection: queries VBRs that are associated with a specific Express Connect circuit. The VBRs can be created by the owner of the Express Connect circuit and by other Alibaba Cloud accounts.
DeleteVirtualBorderRouter: deletes a VBR.
ListVirtualPhysicalConnections: queries the information about hosted connections.
ModifyVirtualBorderRouterAttribute: modifies the configuration of a VBR.
UpdateVirtualBorderBandwidth: updates the outbound bandwidth of a VBR.