This topic describes how to add on-premises servers in a data center to a Network Load Balancer (NLB) instance within the same region. NLB can work with transit routers of Cloud Enterprise Network (CEN) to forward requests to on-premises servers in data centers.
Example
The following figure shows an example. A company created a virtual private cloud (VPC) named VPC1 in the China (Hangzhou) region. An NLB instance is created in VPC1. The company wants the NLB instance in VPC1 to forward requests to on-premises servers in a data center in the China (Hangzhou) region.
To meet this requirement, the company can use CEN to connect VPC1 and a virtual border router (VBR) to the transit router in the China (Hangzhou) region. Then, the data center can connect to Alibaba Cloud by using the VBR. The NLB instance can forward requests to the data center by using CEN. In this solution, the on-premises servers in the data center can function as backend servers of the NLB instance.
The following table describes how networks are planned. You can plan CIDR blocks based on your business requirements. Make sure that the CIDR blocks do not overlap with each other.
China (Hangzhou) | vSwitch | vSwitch zone | CIDR block |
VPC1 Primary CIDR block: 192.168.0.0/16 | VSW1 | Zone G | 192.168.81.238 |
VSW2 | Zone J | 192.168.27.21 | |
VBR | N/A | N/A |
|
Data center | VSW3 | N/A | 172.16.6.0/24 |
Limits
When you add an on-premises server to an NLB instance, the servers can be specified only by its private IP address. Public IP addresses are not supported.
You can add on-premises servers to internal-facing NLB instances or Internet-facing NLB instances.
Network traffic between an NLB instance and its backend servers can be forwarded only based on the system route table. Forwarding based on VPC custom route tables is not supported.
When you add an on-premises server to an NLB instance, you can use an Enterprise Edition transit router or a Basic Edition transit router. If you use an Enterprise Edition transit router, you must specify at least one vSwitch in each zone of the Enterprise Edition transit router. This way, network traffic can be routed from the VPC to the transit router. For more information, see Regions and zones that support Enterprise Edition transit routers.
Prerequisites
A VPC named VPC1 is created in the China (Hangzhou) region. Two vSwitches named VSW1 and VSW2 are deployed in VPC1. VSW1 is deployed in Zone G. VSW2 is deployed in Zone J. For more information, see Create and manage a VPC.
An NLB instance is created in VPC1. For more information, see Create and manage an NLB instance.
An Elastic Compute Service (ECS) instance named ECS01 is created in VPC1 and an application is deployed on ECS01. ECS01 is used to access the server in the data center. For more information about how to create an ECS instance, see Create an instance by using the wizard.
A CEN instance is created and an Enterprise Edition transit router is created in the China (Hangzhou) region. For more information, see Create a CEN instance and Create a transit router.
A connection over an Express Connect circuit is established and a VBR is created. For more information, see Create and manage a dedicated connection over an Express Connect circuit and Create and manage a VBR.
Procedure
Step 1: Create a server group for the NLB instance
Create a server group of the IP type and specify the private IP address of an on-premises server to add the server as a backend server.
- Log on to the NLB console.
In the top navigation bar, select the region in which the NLB instance is deployed. In this example, China (Hangzhou) is selected.
In the left-side navigation pane, choose .
On the Server Group page, click Create Server Group.
In the Create Server Group dialog box, configure the parameters and click Create.
The following table describes only the parameters that are relevant to this topic. Use the default values for the other parameters. For more information, see Create a server group.
Parameter
Description
Server Group Type
Select a server group type. In this example, IP is selected.
Server Group Name
Enter a name for the server group.
VPC
Select a VPC from the drop-down list. In this example, VPC1 is selected.
Backend Server Protocol
Select a backend protocol. In this example, TCP is selected.
Scheduling Algorithm
Select a scheduling algorithm. In this example, Weighted Round-Robin is selected.
In the Server group created. dialog box, click Add Backend Server .
On the Backend Servers tab, click Add IP Address.
In the Add Backend Server panel, enter the private IP address of the on-premises server and click Next.
In this example, 172.16.6.5 is entered.
In the Ports/Weights step, specify a port and a weight for the IP address, click OK, and then click Close.
In this example, the port is set to 80 and the default weight is used.
Step 2: Create a listener for the NLB instance
- Log on to the NLB console.
In the top navigation bar, select the region in which the NLB instance is created. In this example, China (Hangzhou) is selected.
In the left-side navigation pane, choose .
On the Instances page, click the ID of the NLB instance in VPC1.
Click the Listener tab. On the Listener tab, click Quick Create Listener.
In the Quick Create Listener dialog box, configure the parameters and click OK. The following table describes the parameters.
Parameter
Description
Listener Protocol
Select a listener protocol. In this example, TCP is selected.
Listener Port
Select the frontend port that is used to receive and forward requests to the backend servers.
In this example, 80 is selected.
Server Group
Select a backend server group. In this example, IP and the server group created in Step 1 are selected.
Step 3: Attach the VPC to the CEN instance
Log on to the CEN console.
On the Instances page of the CEN console, click the ID of the CEN instance that you created.
On the tab, find the transit router that you want to manage and click Create Connection in the Actions column.
On the Connect with Peer Network Instance page, configure the parameters and click OK. The following table describes the parameters.
Parameter
Description
Instance Type
In this example, VPC is selected.
Region
Select the region in which the network instance is created. In this example, China (Hangzhou) is selected.
Transit Router
The transit router in the selected region is automatically selected.
Resource Owner ID
Specify whether the network instance belongs to the current account or another Alibaba Cloud account. In this example, Current Account is selected.
Billing Method
In this example, Pay-As-You-Go is selected.
Attachment Name
Enter a name for the connection.
Network Instance
Select the ID of the VPC that you want to connect. In this example, VPC1 is selected.
vSwitch
Select one or more vSwitches that are deployed in the zones of the Enterprise Edition transit router. In this example, Zone H and Zone J are selected.
Advanced Settings
By default, the advanced settings are selected. In this example, the advanced features are enabled.
Step 4: Attach the VBR to the CEN instance
After you connect VPC1 to the transit router, click Create More Connections.
On the Connect with Peer Network Instance page, configure the parameters and click OK. The following table describes the parameters.
Parameter
Description
Instance Type
In this example, Virtual Border Router (VBR) is selected.
Region
Select the region in which the network instance is created. In this example, China (Hangzhou) is selected.
Transit Router
The transit router deployed in the selected region is automatically selected.
Resource Owner ID
Specify whether the network instance belongs to the current account or another Alibaba Cloud account. In this example, Current Account is selected.
Attachment Name
Enter a name for the connection.
Network Instance
Select the ID of the VBR that you want to connect. In this example, the VBR deployed in the China (Hangzhou) region is selected.
Advanced Settings
By default, the advanced settings are selected. In this example, the advanced features are enabled. For more information, see Create a VBR connection.
Step 5: Add routes to the system route table of VPC1
Check whether the system route table of VPC1 contains a route whose destination is the VPC1 connection. If no such route exists, perform the following operations to add a route:
Network traffic between an NLB instance and its backend servers can be forwarded only based on the system route table. Forwarding based on VPC custom route tables is not supported.
Log on to the VPC console.
In the top navigation bar, select the region in which VPC1 is created. In this example, China (Hangzhou) is selected.
On the VPC page, click the ID of VPC1.
On the details page of VPC1, click the Resources tab and then click the number below Route Table.
On the Route Tables page, find the route table whose Route Table Type is System and click its ID.
On the details page of the route table, choose and click Add Route Entry.
In the Add Route Entry panel, configure the parameters and click OK. The following table describes the parameters.
Parameter
Description
Name
Enter a name for the route.
Destination CIDR Block
Enter a destination CIDR block. In this example, the CIDR block of the on-premises server is entered, which is 172.16.6.0/24.
Next Hop Type
Select a type of next hop. In this example, Transit Router is selected.
Transit Router
Select a transit router. In this example, the VPC1 connection created in Step 3 is selected.
Step 6: Add VBR routes in the Express Connect console
Add a route that points to the data center to the VBR.
Log on to the Express Connect console.
In the top navigation bar, select a region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, click the OD of the VBR that you want to manage.
On the details page of the VBR, click the Routes tab and click Add Route.
In the Add Route panel, configure the parameters and click OK. The following table describes the parameters.
Parameter
Description
Next Hop Type
Select a type of next hop. In this example, Physical Connection Interface is selected.
Destination CIDR Block
Enter a destination CIDR block. In this example, the CIDR block of the on-premises server is entered, which is 172.16.6.0/24.
Next Hop
Select an Express Connect circuit.
Step 7: Add routes to the data center
View the CIDR block of the vSwitch associated with the NLB instance. Then, add a route that points to the CIDR block of the vSwitch associated with the NLB instance to the data center.
After you connect VPC1 to the transit router, the transit router can learn all vSwitch routes from VPC1. Therefore, you do not need to add routes that point to the CIDR block of the vSwitch associated with the NLB instance to the transit router.
Perform the following steps to view the CIDR block of the vSwitch associated with the NLB instance:
Log on to the VPC console.
In the top navigation bar, select the region in which VPC1 is created. In this example, China (Hangzhou) is selected.
On the VPC page, click the ID of VPC1.
On the details page of VPC1, click the Resource Management tab, and click the number below vSwitch.
On the vSwitch page, find the vSwitch that is associated with the NLB instance and record the CIDR block of the vSwitch.
Perform the following steps to add a route that points to the CIDR block of the vSwitch associated with the NLB instance to the data center:
On the on-premises gateway device, add a route that points to the CIDR block of the vSwitch associated with the NLB instance. The following code blocks show sample configurations. If the NLB instance is associated with multiple vSwitches, repeat the preceding steps to add routes that point to the vSwitches.
NoteThe route configurations in this example are for reference only. The configurations may vary based on the gateway device.
ip route 192.168.45.0 255.255.255.0 The IP address on the Alibaba Cloud side of the VBRip route 192.168.32.0 255.255.255.0 The IP address on the Alibaba Cloud side of the VBR
Step 8: Test network connectivity
Log on to ECS01 in VPC1. For more information, see Connect to an ECS instance.
Run the
telnet The domain name The listener portcommand to test whether ECS01 in VPC1 can access the on-premises server in the data center by using the NLB instance.In this example, the following command is used:
telnet nlb-ygfajln3bwbfs3****.cn-hangzhou.nlb.aliyuncs.com 80If you can receive an echo reply packet, it indicates that ECS01 can access the on-premises server in the data center.