All Products
Search

This Product

    MaxCompute:Connect VPCs across regions with CEN

    Document Center

    MaxCompute:Connect VPCs across regions with CEN

    Last Updated:Mar 26, 2026

    Cloud Enterprise Network (CEN) lets you connect Virtual Private Clouds (VPCs) in different regions over Alibaba Cloud's private backbone. This tutorial walks you through connecting a VPC in the US (Virginia) region to a VPC in the Indonesia (Jakarta) region so that the Jakarta VPC can access MaxCompute over a private network.

    In this tutorial, you:

    • Create a CEN instance

    • Create a transit router in each region

    • Establish an inter-region connection between the transit routers

    • Attach each VPC to its local transit router

    • Configure route entries to reach MaxCompute endpoints

    Prerequisites

    Before you begin, make sure that:

    • The IPv4 CIDR blocks of the VPCs you want to connect do not overlap

    • For zone-level disaster recovery in regions where Enterprise Edition transit routers support multi-zone deployment, create at least two vSwitches in different zones

    This tutorial uses the following example VPC configuration:

    Attribute VPC1 VPC2
    Region US (Virginia) Indonesia (Jakarta)
    IPv4 CIDR block 10.0.0.0/16 172.16.0.0/16
    vSwitch 1 Zone A — 10.0.0.0/24 Zone A — 172.16.0.0/24
    vSwitch 2 Zone B — 10.0.1.0/24 Zone B — 172.16.1.0/24
    ECS address ECS1: 10.0.0.1 ECS2: 172.16.0.1
    image

    Step 1: Create a CEN instance

    1. Log on to the Cloud Enterprise Network console. In the left-side navigation pane, click Instances. On the Instances page, click Create CEN Instance.

    2. In the Create CEN Instance dialog box, set the following: Click OK.

      Setting Value
      Name cen-inter-region

    3. When The CEN instance is created appears, click View Details.

    Step 2: Create transit routers

    Create one transit router in each region.

    1. On the CEN instance details page, click Create Transit Router.

    2. In the Create Transit Router dialog box, set the following: Click OK.

      Setting Value
      Region US (Virginia)
      Other parameters Keep the defaults

    3. Repeat the preceding steps to create a second transit router. Set Region to Indonesia (Jakarta) and keep the defaults for other parameters.

    4. After both transit routers are created, they appear on the CEN instance details page.

    Step 3: Create an inter-region connection

    1. In the Actions column for the US (Virginia) transit router, click Create Connection and select Inter-region.

    2. On the Create Inter-region Connection page, set the following: Click OK.

      Selecting pay-by-data-transfer means you are charged for cross-region data transfer through CDT.
      Setting Value
      Region US (Virginia)
      Attachment name inter-region-attachment
      Peer region Indonesia (Jakarta)
      Bandwidth Allocation Mode pay-by-data-transfer
      Other parameters Keep the defaults

    3. When The connection is created appears, the inter-region connection between the two transit routers is established.

    Step 4: Attach the VPCs to the transit routers

    Attach each VPC to its local transit router.

    Attach VPC1 (US Virginia)

    1. On the CEN instance details page, click the instance ID, then click the Intra-region Connections tab.

    2. Click Create Intra-region Connection.

    3. On the Create Intra-region Connection page, set the following: Click OK.

      For multi-zone disaster recovery, the system automatically selects two available zones. If VPC1 has a vSwitch in only one zone, create at least one more vSwitch in a different zone before proceeding.
      Setting Value
      Instance Type Virtual Private Cloud (VPC)
      Region US (Virginia)
      Attachment name attach1
      Network Instance VPC1
      Other parameters Keep the defaults

    4. When The connection is created appears, VPC1 is attached to the US (Virginia) transit router.

    Attach VPC2 (Indonesia Jakarta)

    1. Repeat steps 1–4 with the following values: When The connection is created appears, VPC2 is attached to the Indonesia (Jakarta) transit router.

      Setting Value
      Instance Type Virtual Private Cloud (VPC)
      Region Indonesia (Jakarta)
      Attachment name attach2
      Network Instance VPC2
      Other parameters Keep the defaults

    Step 5: Configure route entries

    To reach MaxCompute from the destination VPC, add route entries that point to the MaxCompute service endpoints.

    Resolve the MaxCompute endpoint IP addresses

    1. Run the following nslookup commands to get the IP addresses of the three MaxCompute VPC endpoints. Replace {src-region-id} with the region ID where your MaxCompute project resides.

      nslookup service.{src-region-id}-vpc.maxcompute.aliyun-inc.com
nslookup dt.{src-region-id}-vpc.maxcompute.aliyun-inc.com
nslookup dt-exclusive.{src-region-id}-vpc.maxcompute.aliyun-inc.com

      Note the IP addresses returned — you need them in the next two sub-steps.

    Add a route entry to the destination VPC

    1. Log on to the VPC console. In the left-side navigation pane, select Route Tables.VPC console

    2. Click the name of the destination VPC's route table to open its details page.

    3. On the Route Entry List tab, click the Custom Route tab and then click Add Route Entry.

    4. In the Add Route Entry dialog box, set the following: Click OK.

      Setting Value
      Destination CIDR Block IP addresses from step 1
      Next Hop Type Transit Router

    Add a route entry to the source transit router

    1. Log on to the Cloud Enterprise Network console. In the left-side navigation pane, click Instances.

    2. Click the ID or name of your CEN instance. On the details page, click the name of the source transit router.

    3. Click the Route Table tab and then click Add Route Entry.

    4. On the Add Route Entry page, set the following: Click OK.

      Setting Value
      Destination CIDR IP addresses from step 1
      Next Hop Source transit router

    What's next