Connect VPCs across regions using Cloud Enterprise Network (CEN) - MaxCompute

This topic describes how to connect virtual private clouds (VPCs) in different regions using Cloud Enterprise Network (CEN). In this example, a VPC in the US (Virginia) region is connected to a VPC in the Indonesia (Jakarta) region.

Use cases

The following figure shows a use case in which two VPCs are created in different regions:

VPC1	VPC2
Region: US (Virginia) IPv4 CIDR block: 10.0.0.0/16 vSwitch 1, in zone A, CIDR block: 10.0.0.0/24 vSwitch 2, in zone B, CIDR block: 10.0.1.0/24 ECS1 address: 10.0.0.1	Region: Indonesia (Jakarta) IPv4 CIDR block: 172.16.0.0/16 vSwitch 1, in zone A, CIDR block: 172.16.0.0/24 vSwitch 2, in zone B, CIDR block: 172.16.1.0/24 ECS2 address: 172.16.0.1

To enable communication between the VPCs, you must create a CEN instance, connect each VPC to a transit router in its respective region, and then create an inter-region connection between the transit routers. This configuration allows the two VPCs to communicate with each other over the internal network.

Important

Consider the following points when you plan your network resources:

The CIDR blocks of the VPCs that you want to connect must not overlap.
For zone-level disaster recovery, you must create at least two vSwitches in different zones. This is required in regions where Enterprise Edition transit routers support multi-zone deployments.

Procedure

Step 1: Create a CEN instance

Log on to the Cloud Enterprise Network console. In the navigation pane on the left, click Instances. On the Instances page, click Create CEN Instance.
In the Create CEN Instance dialog box, set Name to cen-inter-region, and click OK.
When the page displays The CEN Instance is created, click View Details to open the instance details page.

Step 2: Create transit routers in the source and destination regions

On the details page of the Cloud Enterprise Network instance, click Create Transit Router.
In the Create Transit Router dialog box, set Region to US (Virginia), use the default settings for the other options, and click OK.
After the transit router is created in the US (Virginia) region, repeat the preceding steps to create a transit router in the Indonesia (Jakarta) region.
On the details page of the CEN instance, you can view the two transit routers that you created.

Step 3: Create an inter-region connection

In the Actions column for the US (Virginia) TransitRouter, click Create Connection and select Inter-region.
On the Create Inter-region Connection page:
- For Region, select US (Virginia).
- Attachment Name: inter-region-attachment.
- For Peer Region, select Indonesia (Jakarta).
- Bandwidth Allocation Mode: Select Pay-By-Data-Transfer. Fees are billed through Cloud Data Transfer (CDT).
Leave the other options as default, and click the OK button.
The The connection is created message indicates that an inter-region connection is created between the transit routers in the two regions.

Step 4: Connect the VPCs to the transit routers

On the CEN instance details page, click the instance ID or name to open the Intra-region Connections tab.
On the Intra-region Connections tab, click Create Intra-region Connection.
On the Create Intra-region Connection page:
- For Instance Type, select Virtual Private Cloud (VPC).
- For Region, select US (Virginia).
- For Attachment Name, enter attach1.
- For Network Instance, select VPC1.
Leave the other options at their default settings and click the OK button.
Note
For multi-zone disaster recovery, the system automatically selects two zones for the current VPC. If the VPC has a vSwitch in only one zone, you must create at least one more vSwitch in a different zone.
When the The connection is created message is displayed, VPC1 is connected to the TransitRouter.
Repeat the preceding steps to connect VPC2 to its transit router. When configuring the connection, set Region to Indonesia (Jakarta), set Attachment Name to attach2, and select VPC2 for Network Instance.

Step 5: Configure routes

Configure routes for the required IP addresses to ensure that you can access the MaxCompute service.

Use the nslookup command to query the IP addresses of the source VPC Endpoint, the public Data Transmission Service (DTS) Endpoint, and the exclusive DTS Endpoint. The commands are as follows:
```
nslookup service.{src-region-id}-vpc.maxcompute.aliyun-inc.com
nslookup dt.{src-region-id}-vpc.maxcompute.aliyun-inc.com
nslookup dt-exclusive.{src-region-id}-vpc.maxcompute.aliyun-inc.com
```
Configure routes in the destination VPC.
1. Log on to the VPC console. In the navigation pane on the left, click Route Tables.
2. Click the ID of the destination route table to go to its details page.
3. On the Route Entry List tab, select Custom Route and click Add Route Entry.
4. In the Add Route Entry dialog box:
  - For Destination CIDR Block, enter the IP addresses that you queried in the preceding step.
  - For Next Hop Type, select Transit Router.
Configure the route table for the source transit router.
1. Log on to the Cloud Enterprise Network console. In the navigation pane on the left, click Instances.
2. On the Instances page, click the ID of the CEN instance. On the instance details page, click the ID of the source transit router.
3. On the Route Table tab, click Add Route Entry.
4. On the Add Route Entry page:
  - Destination CIDR: Enter the IP address from the previous step.
  - Next Hop: Select the transit router for the source.

References

For more information, see Inter-region VPC communication.
For more information, see Cross-account VPC-to-VPC connection.