VPC peering connection solutions - MaxCompute - Alibaba Cloud Documentation Center

You can configure a VPC peering connection to enable a virtual private cloud (VPC) in one region to access a MaxCompute service in another region.

Use cases

In a multi-region data architecture, an application server in one region, such as Region A, often needs to access and process data in a MaxCompute project in another region, such as Region B. Typical scenarios include inter-region data migration (for example, using Spark with the open storage pattern), remote data analytics, or building a unified data mid-end. Direct access over the public network can cause high network latency and security risks. This solution resolves these issues by establishing a private, inter-region communication channel.

Solution architecture

This solution uses a VPC peering connection to connect two VPCs in different regions. Then, a VPC endpoint is created for the MaxCompute service in the destination region. The following figure shows an example of a data link for inter-region data migration with MaxCompute.

A VPC peering connection is established between Singapore and Germany. The storage API is accessed through the VPC endpoint in Singapore at service.ap-southeast-1-vpc.maxcompute.aliyun-inc.com.

Establish an inter-region connection: Create a VPC peering connection instance between the source VPC (Region A) and the destination VPC (Region B).
Configure bidirectional routing: In the route tables of both VPCs, add a route entry that points to the CIDR block of the peer VPC. Set the next hop to the VPC peering connection instance. This allows the two VPCs to communicate with each other.
Expose the private service: In the destination VPC (Region B), create a VPC endpoint for the MaxCompute service. This endpoint generates a private domain name and IP address for the MaxCompute service, which allows direct access from within the VPC.
Enable private network access: An ECS instance in the source VPC (Region A) accesses the MaxCompute VPC endpoint in the destination VPC (Region B) through the established peering connection. This enables private network access to the MaxCompute service.

Procedure

This section uses the establishment of a VPC peering connection between Singapore and Germany as an example.

Step 1: Create a VPC peering connection

Log on to the Virtual Private Cloud (VPC) console.
In the navigation pane on the left, choose VPC Peering Connection. In the upper-left corner, select a region.
For this example, select Singapore.
Click Create VPC Peering Connection.

On the Create VPC Peering Connection page, configure the connection information as specified in the following table.

The CIDR blocks of the requester VPC and the accepter VPC cannot be the same. For example, they cannot both be 192.168.0.0/16.

Parameter	Required	Description
Name	Optional	Enter a custom name for the connection, such as `test-vpc-connect`.
Resource group	Optional	Select an existing resource group.
Requester VPC	Required	Select a created VPC instance.
Accepter account type	Optional	Same Account Cross-Account: You must enter the UID of the accepter's Alibaba Cloud account.
Accepter region type	Optional	Intra-Region Inter-Region: Inter-region VPC peering connections incur inter-region data transfer fees. Different link types provide different qualities of traffic transmission services. For more information about fees, see Inter-region traffic.
Link Type	Required	Gold or Platinum.
Accepter Region	Required	In this example, Germany (Frankfurt) is selected. Adjust the accepter region as needed.
Accepter VPC	Required	Select a created VPC instance.
Add route to peer VPC CIDR	Optional	If you select this option, the system automatically adds a route to the main IPv4 CIDR block of the peer VPC in the system route tables of both VPCs. To add routes for other CIDR blocks, configure them separately after creation. If a route with the same CIDR block already exists in the VPC's system route table, the new route fails to be added. After creation, confirm the route in the route entry list.
Tag Key	Optional	Enter a custom tag key.
Tag Value	Optional	Enter a custom tag value.

Step 2: Configure peering connection route entries

In the navigation pane on the left, choose VPC Peering Connection. In the upper-left corner, select a region.
You can now view the VPC peering connection that you created in the previous step.

On the command line, query the IP address of the endpoint.

-- MaxCompute source VPC endpoint
nslookup service.ap-southeast-1-vpc.maxcompute.aliyun-inc.com

-- MaxCompute source VPC tunnel endpoint
nslookup dt.ap-southeast-1-vpc.maxcompute.aliyun-inc.com

-- MaxCompute dedicated VPC tunnel endpoint
nslookup dt-exclusive.ap-southeast-1-vpc.maxcompute.aliyun-inc.com

On the VPC Peering Connection page, find the peering connection that you want to manage. In the Actions column of the accepter, click Configure route.

In the Configure requster route dialog box, enter the following information:

Parameter	Required	Description
Name	Optional	The name must be 1 to 128 characters in length and cannot start with http:// or https://.
Accepter route table	Required	Select an existing route table or create a new one.
Destination CIDR Block	This parameter is required.	Enter the IP address of the source VPC endpoint that you queried.
Next Hop	Required	This is automatically generated.

In the navigation pane on the left, choose VPC Peering Connection. In the upper-left corner, select a region.
Click the name of the target peering connection.
Click the Route Entry List tab to view the configured route entries.

References

For more information about interconnecting VPCs, see VPC Interconnection.