How do I create and manage an ECR? - Express Connect - Alibaba Cloud Documentation Center

You can use an Express Connect Router (ECR) to connect a data center to a virtual private cloud (VPC). The ECR connection provides higher performance, supports high specifications, and reduces latency.

Prerequisites

A virtual border router (VBR) to be associated with an ECR is created. For more information, see Create and manage a VBR.
A VPC is created before you associate an ECR with the VPC. For more information, see Create and manage a VPC.
A transit router (TR) is created before you associate an ECR with the TR. For more information, see the Create a transit router section of the "Transit routers" topic.

Create an ECR

Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, click Create ECR.

In the Create ECR dialog box, configure the parameters that are described in the following table, select I have read and understand the billing rules, and then click OK.

Parameter	Description
Name	The name of the ECR.
ASN	The autonomous system number (ASN) of the ECR. Default value: 45104. Valid values: 45104, 64512 to 65534, and 4200000000 to 4294967294. The value of 65025 is reserved by Alibaba Cloud.
Description	The description of the ECR.

Associate a VBR with an ECR

Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR. The details page of the ECR appears.
Click the VBR tab. On the VBR tab, click Associate VBR.

In the Associate VBR dialog box, configure the parameters that are described in the following table and click OK.

Parameter	Description
Resource Owner	The type of the account to which the VBR belongs. Valid values: Current Account: The VBR and the ECR belong to the same account. Another Account: If you want to associate a VBR with the ECR across accounts, you must authorize the ECR that belongs to the current Alibaba Cloud account to access the VBR that belongs to another Alibaba Cloud account. For more information, see the Grant permissions to the ECR by using the VBR section of the "Grant permissions to an ECR across Alibaba Cloud accounts" topic.
Region	The region in which the VBR resides.
Peer Account UID	The ID of the Alibaba Cloud account to which the VBR belongs. Note This parameter is required if you set the Resource Owner parameter to Another Account.
Network Instance	The name or ID of the VBR.
Allow Business Access Between Data Centers	Specifies whether to allow data centers to access each other. Note By default, this feature is disabled. If you want to use the feature, contact your Alibaba Cloud account manager to apply for enabling the feature.

Associate a VPC with an ECR

Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR. The details page of the ECR appears.
Click the VPC tab. On the VPC tab, click Associate VPC.

In the Associate VPC dialog box, configure the parameters that are described in the following table and click OK.

Parameter	Description
Resource Owner	The type of the account to which the VPC belongs. Valid values: Current Account: The VPC and the ECR belong to the same account. Another Account: If you want to associate a VPC with the ECR across accounts, you must authorize the ECR that belongs to the current Alibaba Cloud account to access the VPC that belongs to another Alibaba Cloud account For more information, see the Grant permissions to the ECR by using the VPC section of the "Grant permissions to an ECR across Alibaba Cloud accounts" topic.
Region	The region in which the VPC resides.
Peer Account UID	The ID of the Alibaba Cloud account to which the VPC belongs. Note This parameter is required if you set the Resource Owner parameter to Another Account.
VPC ID	The ID of the VPC.
Allowed Route Prefixes	The route prefixes that you want to advertise to the local network by using the ECR. After you specify a CIDR block, the route of the VPC is not advertised to the local network. Note You can advertise the allowed route prefixes by using Border Gateway Protocol (BGP).

Associate a TR with an ECR

Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR. The details page of the ECR appears.
Click the TR tab. On the TR tab, click Associate TR.

In the Associate TR dialog box, configure the parameters that are described in the following table and click OK.

Parameter	Description
CEN ID	The ID of the Cloud Enterprise Network (CEN) instance to which the TR belongs.
Region	The region in which the TR resides.
TR	The ID or name of the TR.
Allowed Route Prefixes	The route prefixes that you want to advertise to the local network by using the ECR. After you specify a CIDR block, the routes in the route table of the TR are not advertised to the local network. Note You can advertise the allowed route prefixes by using BGP.

Update route prefixes

To update route prefixes for the VPC and the TR that are associated with the ECR, perform the following operations:

Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR. The details page of the ECR appears.
- Update the route prefixes for the VPC.
  1. On the VPC tab, find the VPC for which you want to update the route prefixes and click the icon in the Dynamic CIDR Block Propagation column.
  2. In the Update Prefix List dialog box, enter the allowed route prefixes.
  3. Agree to the agreement and click OK.
- Update the route prefixes for the TR.
  1. On the TR tab, find the TR for which you want to update the route prefixes and click the icon in the Dynamic CIDR Block Propagation column.
  2. In the Update Prefix List dialog box, enter the allowed route prefixes.
  3. Agree to the agreement and click OK.

Grant permissions to a CEN instance

Important

If you authorize a CEN instance of another account to access your network instance, the CEN instance can connect to your network. Proceed with caution.

Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR. The details page of the ECR appears.
On the CEN Authorization tab, click Authorize CEN of Another Account to Load Instance.

In the Join CEN dialog box, configure the parameters that are described in the following table and click OK.

Parameter	Description
CEN Instance ID	The ID of the CEN instance of another Alibaba Cloud account.
CEN Account	The ID of the Alibaba Cloud account to which the CEN instance belongs.
Payer	The account that pays for fees generated for connecting the CEN instance to your network instance. Valid values: CEN Owner ECR Owner

Disable or enable a route

You can disable a route from taking effect. After a route is disabled, you can enable the route again.

Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR. The details page of the ECR appears.
Click the Routes tab. On the Routes tab, find the route that you want to disable or enable and click Disable or Enable in the Actions column. In the message that appears, click OK.

Delete an ECR

Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to delete and click Delete in the Actions column.
In the dialog box that appears, confirm that your services are not affected after you delete the ECR, and click OK.

What to do next

In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR. On the details page of the ECR, you can perform operations based on your business requirements. The following table describes the operations.

Operation	Procedure
Detach a VBR from the ECR	On the VBR tab, find the VBR that you want to detach from the ECR and click Disassociate in the Actions column. In the message that appears, click OK.
Detach a TR from the ECR	On the TR tab, find the TR that you want to detach from the ECR and click Disassociate in the Actions column. In the message that appears, click OK.
Detach a VPC from the ECR	On the VPC tab, find the VPC that you want to detach from the ECR and click Disassociate in the Actions column. In the message that appears, click OK.
View and manage routes	On the Routes tab, click the Current Entry tab. On the Current Entry tab, view the current routes. In the Actions column, click Disable or Enable to disable or enable the route.
Revoke permissions from a CEN instance	On the CEN Authorization tab, find the CEN instance from which you want to revoke permissions and click Delete in the Actions column. In the Revoke Authorization message, click OK.