As an Express Connect partner, you create and manage hosted connections to give your tenants private access to Alibaba Cloud. Each hosted connection supports one Virtual Border Router (VBR) instance.
Partner requirements
Before you provision hosted connections for tenants, make sure your network setup meets all of the following requirements:
Redundant circuits: Establish at least two carrier-compliant Express Connect circuits per access point, connected to different Alibaba Cloud access points. You must also have the required permissions for Alibaba Cloud network products. To apply for partner permissions, contact your account manager.
Network limits: Comply with the network limitations for Express Connect.
Traffic monitoring: Use switches that support bandwidth management and traffic monitoring. Enable traffic monitoring on all switches that connect to tenants. Monitoring data must include the transmission rate in bps, the packet forwarding rate in pps, and byte counts for both normal and dropped packets.
QoS and ARP limits: Configure bandwidth Quality of Service (QoS) limits and Address Resolution Protocol (ARP) packet rate limits on the access devices closest to tenants. A typical ARP rate limit is 1 pps per user.
ICMP limits: If your network restricts Internet Control Message Protocol (ICMP) packets, set the limit to more than 500 ICMP ECHO REQUEST packets per second.
Bandwidth planning: Make sure the total bandwidth across all hosted connections on a single Express Connect circuit does not exceed the circuit's capacity.
VLAN planning: Pre-assign VLAN IDs for each tenant. Each VLAN ID must be unique across all hosted connections on the same Express Connect circuit.
High availability: For tenants with high-availability requirements, provision their hosted connections across different Express Connect circuits.
Prerequisites
Before you begin, ensure that you have:
Requested and received permissions to create hosted connections in the Quota Center. See Apply for hosted connection permissions.
An Express Connect circuit with a physical connection port created. See Apply for an Express Connect circuit (Classic Mode).
The Alibaba Cloud account ID of each tenant for whom you plan to create a hosted connection.
If you are converting an existing tenant's connection, also ensure that:
You have informed the tenant about the service upgrade and confirmed they have enabled billing for outbound data transfer.
The tenant's VBR instance supports bandwidth configuration.
The tenant's account is set as the payer by default. To use your own account for payment instead, contact your account manager.
Apply for hosted connection permissions
Only the five compliant carriers are eligible to apply for these permissions: China Mobile, China Unicom, China Telecom, CITIC Telecom, and China Broadcasting Network.
Log on to the Quota Center console.
In the left-side navigation pane, choose Products > Privileges.
On the Products with Privileges page, find the Networking section and click Express Connect.
On the Privileges page, find the quota named Shared port below 1G can be purchased (Quota ID: ec/can_buy_1G_vpconn), then click Apply in the Actions column.
In the Apply for Privileges dialog box, configure the following parameters and click OK.
Parameter Description Quota ID Automatically populated. Description Automatically populated. Quota Value Select Valid to activate the permission, or Invalid to deactivate it. Time Set the start and end time for the permission. Required only when Quota Value is set to Valid. The permission is valid for one day, starting from the application date. Reason Describe the reason for the application. Example: *XX Partner Customer: YYYY (Customer Name + Alibaba Cloud primary account ID), requires an XX Mbit/s connection to Alibaba Cloud. Application to add hosted connection purchase permissions to the allowlist.* Notify Result Select Yes to receive a notification when the application is processed, or No to skip notification.
Create a hosted connection for a new tenant
Before you start, gather the following information:
| Information needed | Description |
|---|---|
| Tenant's account ID | The Alibaba Cloud account ID of the tenant |
| VLAN ID | A unique VLAN ID for the tenant (0–2999) on this Express Connect circuit |
| Bandwidth | The bandwidth specification the tenant requires |
To create a hosted connection:
Log on to the Express Connect console.
In the top navigation bar, select the region.
Open the Create Shared Port panel using one of these methods:
On the Physical Connection page, find the target Express Connect circuit instance and click Create Shared Port in the Actions column.
On the Physical Connection page, click the Express Connect circuit instance ID. On the Shared Physical Connection tab, click Create Shared Port.
In the Create Shared Port panel, configure the following parameters and click OK. After the hosted connection is created, its status shows Pending for Acceptance on the Shared Physical Connection tab.
After the tenant accepts the hosted connection, the VLAN ID cannot be changed when creating the VBR instance.
Parameter Description Account ID The tenant's Alibaba Cloud account ID. By default, Pay by Other Account is selected, which means the tenant is billed for resource occupancy fees. VLAN ID A VLAN ID to isolate the tenant's resources (0–2999). Setting VLAN ID to 0 configures the VBR to use a Layer 3 router interface instead of a VLAN interface—each Express Connect circuit corresponds to one VBR. Setting VLAN ID to a value from 1 to 2999 configures the VBR to use a Layer 3 subinterface based on the VLAN—each VLAN ID corresponds to one VBR, and VBRs in different VLANs are isolated at Layer 2 and cannot communicate. Shared Physical Connection Bandwidth Limit The bandwidth specification for the tenant. Resource Group The resource group for the hosted connection. Click Manage Resource Group to go to the Resource Management console to create or modify a resource group. See Create a resource group. Tags Tags to classify and manage the hosted connection. Tags can only be added when the tenant is not the payer. In the confirmation dialog box, click OK.
Notify the tenant to accept the hosted connection and complete payment. See Tenant operation guide.
Convert a connection for an existing tenant
Use the connection conversion feature to migrate a tenant from a shared VBR model to a dedicated hosted connection. The conversion does not interrupt the tenant's services.
After conversion:
A new hosted connection instance is created under the tenant's account.
After the tenant accepts the hosted connection and you confirm the conversion, the tenant's VBR instance is automatically associated with the new hosted connection.
You are no longer charged for the VBR instance. If you prepaid for the VBR instance, you can request a refund. See Alibaba Cloud Product Unsubscription Rules.
To convert a connection:
Log on to the Express Connect console.
In the top navigation bar, select the region.
On the Physical Connection page, click the Express Connect circuit instance ID.
On the VBR tab, find the tenant's VBR instance.
If no bandwidth value is set for the VBR instance, set one first: in the Actions column, choose  > Bandwidth Settings. In the Bandwidth Settings panel, set the Bandwidth Cap and click OK.
Speed Unlimited is not a valid option for the Bandwidth Cap.
In the Actions column, choose  > Transform to Shared Port. In the dialog box that appears, click OK. By default, Pay by Other Account is selected, which means the tenant is billed for resource usage fees.
Notify the tenant to accept the hosted connection and complete payment. See Tenant operation guide.
After the tenant accepts, confirm the conversion: in the Actions column, choose  > Confirm. In the dialog box that appears, click OK.
Modify the VLAN ID
VBR instances use VLAN IDs for resource isolation. Update a VLAN ID when your network plan changes, but make sure the new VLAN ID is unique across all hosted connections on the same Express Connect circuit.
Log on to the Express Connect console.
In the top navigation bar, select the region.
On the Physical Connection page, click the Express Connect circuit instance ID.
On the Shared Physical Connection tab, find the hosted connection instance and click Edit in the Actions column.
In the Modify Shared Port dialog box, change the VLAN ID and click OK.
More operations
The following operations are available when you are the payer for the hosted connection.
Disable a connection
Disabling a hosted connection and its associated VBR instance makes them unavailable, but does not release the resources. Disabled instances can be re-enabled later.
Disabled instances continue to incur charges. See Port resource usage fees and Renewal management. To release the resources, unsubscribe from the instances. See Unsubscription rules.
Log on to the Express Connect console.
In the top navigation bar, select the region.
On the Physical Connection page, click the Express Connect circuit instance ID.
Disable the VBR instance or the hosted connection instance:
To disable a VBR instance: On the VBR tab, find the tenant's VBR instance and click Disable in the Actions column. In the Terminating the VBR dialog box, click OK.
To disable a hosted connection: On the Shared Physical Connection tab, find the hosted connection instance and click Disable in the Actions column. In the Terminate Physical Connection dialog box, click OK.
After disabling, the instance status changes to Disabled. To restore the instance, click Recover in the Actions column.
Delete a VBR instance
This section describes how to delete a VBR instance that belongs to a tenant (another account). To delete a VBR instance under your own account, see Delete a VBR.
Disable the VBR instance before deleting it. See Disable a connection.
Log on to the Express Connect console.
In the top navigation bar, select the region.
On the Physical Connection page, click the Express Connect circuit instance ID.
On the VBR tab, find the tenant's VBR instance, then in the Actions column, choose  > Delete.
In the Delete VBR dialog box, click OK.
Delete a hosted connection
Delete the associated VBR instance before deleting the hosted connection. See Delete a VBR instance.
Log on to the Express Connect console.
In the top navigation bar, select the region.
On the Physical Connection page, click the Express Connect circuit instance ID.
On the Shared Physical Connection tab, find the hosted connection instance, then in the Actions column, choose  > Delete.
If the instance has expired, click OK in the Confirm Deletion dialog box.
If the instance is within its billing cycle, click OK in the Confirm Deletion dialog box. The system initiates a refund and redirects you to the unsubscription center. See Unsubscription rules.
Troubleshooting
Error: Cross-site hosted connection is not allowed
This error occurs when your account and the tenant's account are registered on different Alibaba Cloud sites. Express Connect does not support hosted connections across sites. Common cases:
Your account is an international account and the tenant has a China site account.
Your account is a Unicom Wocloud virtual provider account and the tenant has a China site account.
Make sure both accounts are registered on the same Alibaba Cloud site before creating a hosted connection.
Error: Insufficient bandwidth resources
The total bandwidth of all hosted connections on the Express Connect circuit exceeds the circuit's capacity. Release unused hosted connections, then retry.
Error: Invalid Bandwidth parameter
Your permissions to manage hosted connections have expired. Re-apply for permissions. See Apply for hosted connection permissions.
Error: The specified bandwidth is invalid
Your permissions to manage hosted connections have expired. Re-apply for permissions. See Apply for hosted connection permissions.
What's next
Monitor the real-time connection status of your physical connection interface to detect exceptions. See Monitor and create alerts for a physical connection interface.
API reference
| API | Description |
|---|---|
| CreateVirtualPhysicalConnection | Creates a hosted connection |
| CreateVpconnFromVbr | Converts a connection from the shared VBR model to the shared port model |
| UpdateVirtualPhysicalConnection | Modifies the VLAN ID of a hosted connection |
| TerminatePhysicalConnection | Disables an Express Connect circuit |
| TerminateVirtualBorderRouter | Disables a VBR |
| DeleteVirtualBorderRouter | Deletes a VBR |
| DeletePhysicalConnection | Deletes an Express Connect circuit |
| CreatePhysicalConnectionOccupancyOrder | Creates a resource usage order for a hosted connection when the partner is the payer |