This topic describes how to use Express Connect to connect two VPCs under the same Alibaba Cloud account.

If it is the first time that you use Express Connect to connect two VPCs, we recommend that you try Cloud Enterprise Network (CEN). For more information, see Overview.

Example network architecture

The following figure shows the example network architecture that is used by Express Connect to connect two VPCs.

Prerequisites

The classless inter-domain routing (CIDR) blocks of the two VPCs or VSwitches in the VPCs do not conflict.

Step 1: Create a peering connection

To create a peering connection, perform the following steps:

  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, choose VPC Peering Connections > VPC-to-VPC.
  3. Select a region.

    For this example, select China (Qingdao).

  4. On the page that appears, click Create Peering Connection.
  5. Specify parameters of the peering connection.

    For this example, use the following configuration:

    • Account Type: Select Same-account.
    • Connection Type: Select VPC-to-VPC.

    • Routers to Create: Select Initiator and Acceptor.

      The system configures the router of the local VPC as the initiator and the router of the peer VPC as the acceptor. It automatically connects the two routers.

    • Local Region: Select the region of the local VPC. For this example, select China (Qingdao).

    • Local VPC ID: Select the ID of the local VPC. For this example, select VPC1.

    • Peer Region: Select the region of the peer VPC. For this example, select China (Beijing).

    • Peer VPC ID: Select the ID of the peer VPC. For this example, select VPC2.

    • Bandwidth: Select the bandwidth for the peering connection between the VPCs. For this example, select 2 Mbit/s.

    • Validity: Select the validity period of the peering connection. For this example, select 2 Months.

  6. Click Buy Now and complete the payment.
  7. Return to the VPC-to-VPC page to view the created peering connection.
    If both the initiator and acceptor instances are in the Activated state, the peering connection is established.

Step 2: Add routes

After the peering connection is established, add routes for the connected VPCs.

Perform the following steps:

  1. On the VPC-to-VPC page, find the created peering connection.
  2. Click Route Settings under the initiator instance.
  3. Click Add Route, enter the CIDR block of the local VPC or the VSwitch that you want to connect in the VPC, and then click Confirm.

    For this example, enter 172.16.0.0/16.

  4. Click Route Settings under the acceptor instance.
  5. Click Add Route, enter the CIDR block of the peer VPC or the VSwitch that you want to connect in the VPC, and then click Confirm.

Step 3: Configure security group rules

After a peering connection is established between two VPCs, you must configure security group rules to enable communication between ECS instances in the VPCs.

In this example, the following ECS instances and security groups are configured.
Item Account A Account A
Alibaba Cloud account ID AccountID_A AccountID_A
ECS instance ID InstanceID_A InstanceID_B
Security group ID SecurityGroupID_A SecurityGroupID_B
You can view the ID of your Alibaba Cloud account in Account Center.
Perform the following operations to configure security group rules:
  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. Select the region of the ECS instance for which you want to configure security group rules.
  4. Find the security group and click Add Rules.
  5. On the Security Group Rules page, click Add Security Group Rule.
  6. Specify the protocol type, port range, authorization object, and other parameters of the security group rule.
    Notice If the two VPCs are in different regions, set Authorization Type to IPv4 CIDR Block and enter the CIDR block of the peer VPC.

    If the VPCs are in the same region, set Authorization Type to Security Group.

    For this example, set Authorization Type to IPv4 CIDR Block.

  7. Click OK.

Step 4: Test connectivity between the VPCs

After you establish the peering connection and add routes, log on to an ECS instance in one VPC and ping the private IP address of an ECS instance in the other VPC. If the IP address is reachable, the two VPCs are connected.