You can connect a data center to a virtual private cloud (VPC) on Alibaba Cloud by using an Express Connect circuit. This way, the data center and the VPC can exchange data by using private connections.
Scenario
As shown in the following figure, an enterprise has a data center in Hangzhou, China, and deploys a VPC in the China (Hangzhou) region. In this case, the enterprise needs to apply for an Express Connect circuit to connect the data center to the VPC.
Item | IP address/CIDR block |
VPC CIDR block | 192.168.0.0/16 and 10.0.0.0/16 |
CIDR block of the data center | 172.30.0.0/24 |
Virtual border router (VBR) IP addresses |
|
Prerequisites
A VPC is created in the China (Hangzhou) region. For more information, see Create a VPC with an IPv4 CIDR block.
A transit router is created in China (Hangzhou) and is associated with a VPC. For more information, see Create a VPC connection.
NoteBefore you connect a VPC to an Enterprise Edition transit router, make sure that the VPC has at least one vSwitch in a zone that supports Enterprise Edition transit routers. The vSwitch must have at least one idle IP address. In this example, the transit router is deployed in the China (Hangzhou) region, and the supported zones are Zone H and Zone I.
An access point of an Express Connect circuit is chosen, and a pre-installation site survey is completed by your connectivity provider. For more information, see Preparations.
You have read and understand the billing rules of dedicated Express Connect circuits. For more information, see Billing overview.
Step 1: Apply for an Express Connect circuit and install it
Log on to the Express Connect console.
In the top navigation bar, select a region based on your business requirements.
Apply for an Express Connect circuit.
On the Physical Connection page, click Create Physical Connection.
You can create a connection over an Express Connect circuit only after you enable billing for outbound data transfer. You can perform the following steps to enable billing for outbound data transfer. If billing for outbound data transfer is enabled, skip the steps.
In the Sign Agreement dialog box, read and select the agreement on billing for outbound data transfer, and then click Continue.
On the page that appears, read and select Terms of Service, and then click Enable Now.
Go back to the homepage of the Express Connect console. On the Physical Connection page, click Create Physical Connection.
In the Select Access Point Mode dialog box, select Classic Mode, specify the parameters, select a billing rule, and then click OK.
The following table describes only the key parameters. For more information, see Create and manage a dedicated connection over an Express Connect circuit.
Parameter
Description
Region
Select the region where you want to create a connection over the Express Connect circuit. In this example, the China (Hangzhou) region is selected.
Leased Line Provider
Select an ISP. The available access points vary based on the ISP. In this example, China Mobile is selected.
ImportantIf you choose China Unicom, China Telecom, or China Mobile as the ISP, you can lease lines only from the selected ISP. You are not allowed to lease lines from other ISPs.
If you choose China Unicom, China Telecom, or China Mobile as the connectivity provider, bare optical fibers are not supported.
Access Point
Select the access point that is nearest to your data center. In this example, Hangzhou-Xiaoshan-D is selected.
Access points are Alibaba Cloud data centers that are located in different regions. The access points allow you to connect your data center to Alibaba Cloud from different geographical locations and support different connection types. Each region contains one or more access points. For more information, see Locations of access points.
Port Type
The port type. Valid values:
100 GE Single-mode Optical Port
40 GE Single-mode Optical Port
1 GE Single-Mode Optical Port
10 GE Single-Mode Optical Port
The resource occupation fees vary based on the port type. Choose the port type that best meets your business requirements. In this example, 1 GE Single-Mode Optical Port is selected.
Apply for a Letter of Authorization (LOA).
NoteTo obtain information about the access point location and device ports in advance, contact your account manager.
After the port of an Express Connect circuit is created, the system automatically allocates resources. You can apply for an LOA only after resources are allocated.
On the Physical Connection page, find the Express Connect circuit and click Apply for LOA in the Actions column.
In the Apply for LOA panel, enter the information about the Express Connect circuit installation, add engineer information, and then click OK.
In the Notes dialog box, read the note and click OK.
After you apply for an LOA, the Status of the Express Connect circuit changes to In Application. Alibaba Cloud reviews your application within two business days. After your application is approved, the Status of the Express Connect circuit changes to Approved LOA. You can download the LOA file from the console.
NoteIf the access point is located outside the Chinese mainland, Alibaba Cloud reviews your application within three business days.
Install the Express Connect circuit.
On the Physical Connection page, find the dedicated connection you created and click View LOA in the Actions column.
In the View LOA panel, click Download to download the LOA.
Send the LOA to the connectivity provider and contact the connectivity provider to connect the Express Connect circuit to the access device in the Alibaba Cloud data center. The connectivity provider must follow the instructions in the LOA during the installation.
NoteYou must submit the LOA that is approved by Alibaba Cloud and send an on-site installation form to the field engineers of Alibaba Cloud at least one day before the ISP enters the Alibaba Cloud data center. You can obtain the on-site installation form by submitting a ticket or contacting your account manager.
After the ISP completes the installation, you can request a survey report from the ISP to ensure that the Express Connect circuit runs as expected.
If the access point is deployed in the Chinese mainland, Alibaba Cloud engineers assist the ISP in installing the Express Connect circuit. After you click Confirm Delivery in the console, Alibaba Cloud engineers complete the installation by installing the fiber pigtail.
If the access point is deployed outside the Chinese mainland, the ISP independently completes the installation. The access device that is connected to the Express Connect circuit can be an optical distribution frame (ODF) or a patch panel. After you click Confirm Delivery in the console, Alibaba Cloud engineers will complete the installation by installing the fiber pigtail.
If the ISP needs to enter the Alibaba Cloud data center after the installation is complete, contact your account manager to apply for the required permissions.
After the connectivity provider installs the Express Connect circuit, contact the connectivity provider to obtain the ID of the Express Connect circuit, IDs of other cables, or optical distribution frame (ODF) port specification. Then, click Confirm Delivery on the Physical Connection page.
On the Confirm Delivery page, enter the information about the Express Connect circuit and click OK.
Then, the dedicated connection changes to the Alibaba Cloud Pigtails Connection state.Status Field engineers from Alibaba Cloud install the fiber pigtail within two business days. After the fiber pigtail is installed, the dedicated connection changes to the Pay Resource Occupation Fees state.Status For more information, see Connect to Alibaba Cloud over a dedicated Express Connect circuit.
NoteIf the access point is deployed outside the Chinese mainland, field engineers from Alibaba Cloud install the fiber pigtail within three business days.
Pay the resource usage fee.
On the Physical Connection page, find the connection that you create and click Pay Resource Occupation Fees in the Actions column.
Select a subscription duration and a renewal method, click Buy Now, and then complete the payment.
After you complete the payment, the Status of the Express Connect circuit changes to Enabled.
Step 2: Create VBRs
After the Express Connect circuit is installed, you must create a VBR to exchange data between the VPC and the data center.
Log on to the Express Connect console.
In the top navigation bar, select a region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
Create a VBR.
On the Virtual Border Routers (VBRs) page, click Create VBR.
In the Create VBR panel, configure the following parameters and click OK.
The following table describes only the most relavant parameters. For more information, see Create and manage a VBR.
Parameter
Description
Account
By default, Current Account is selected.
Parameter
Enter a name for the VBR.
Physical Connection Information
In this example, Dedicated Physical Connection is selected. Then, select the Express Connect circuit created in Step 1: Apply for an Express Connect circuit and install it from the drop-down list.
VLAN ID
Enter the virtual local area network (VLAN) ID of the VBR. In this example, 0 is used.
Set VBR Bandwidth Value
Set the maximum bandwidth of the VBR.
IPv4 Address (Alibaba Cloud Gateway)
Enter an IPv4 address for the VBR to route network traffic between the VPC and the data center. In this example, 10.0.0.1 is entered.
IPv4 Address (Data Center Gateway)
Enter an IPv4 address for the gateway device in the data center to route network traffic between the data center and the VPC. In this example, 10.0.0.2 is entered.
Subnet Mask (IPv4)
Enter the subnet mask of the IPv4 addresses that you specified for the VBR and the gateway device in the data center. In this example, 255.255.255.252 is used.
Step 3: Create an ECR
Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, click Create ECR.
In the Create ECR dialog box, configure the parameters that are described in the following table, select I have read and understand the billing rules, and then click OK.
Parameter
Description
Name
The name of the ECR.
ASN
The ASN of the ECR. Default value: 45104. Valid values: 45104, 64512 to 65534, and 4200000000 to 4294967294. The value of 65025 is reserved by Alibaba Cloud.
Description
The description of the ECR.
Step 4: Associate the VBR with the ECR
Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click its ID. The details page of the ECR appears.
Click the VBR tab. On the VBR tab, click Associate VBR.
In the Associate VBR dialog box, configure the parameters described in the following table and click OK.
Parameter
Description
Resource Owner
The type of the account to which the VBR belongs. Valid values:
Current Account: The VBR and the ECR belong to the same account.
Another Account: If you want to associate a VBR with the ECR across accounts, you must authorize the ECR that belongs to the current Alibaba Cloud account to access the VBR that belongs to another Alibaba Cloud account. For more information, see the "Grant permissions to the ECR by using the VBR" section of the Grant permissions to an ECR across Alibaba Cloud accounts topic.
In this example, Current Account is selected.
Region
The region in which the VBR resides.
Network Instance
Select the VBR created in Step 2.
Step 5: Configure BGP and enable BFD
Configure BGP
The data center and VBRs are specified as BGP peers and the BGP routes are advertised. For more information, see Configure and manage BGP.
NoteThe default Autonomous System Number (ASN) of the ECR is 45104. You can specify a custom ASN.
The ASN of Alibaba Cloud is the same as that of the ECR. The ASN must be 2 or 4 bytes in length.
Advertise the BGP route (172.30.0.0/24) on the data center to Alibaba Cloud.
Route configurations may vary based on the gateway device. For more information, consult the vendor of your gateway device.
Enable BFD
Enable BFD for the VBRs to accelerate network convergence.
Log on to the Express Connect console.
In the top navigation bar, select the region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click Edit in the Actions column.
In the Edit VBR panel, configure the parameters and click OK.
The following table describes the parameters related to BFD. Use default values for the other parameters.
Parameter
Description
Submission Interval
The time interval at which BFD packets are sent. Unit: milliseconds.
Default value: 1000. In this example, the default value is used.
Reception Interval
The time interval at which BFD packets are received. Unit: milliseconds.
Default value: 1000. In this example, the default value is used.
Detection Time Multiplier
The detection time multiplier that is used to determine the maximum number of lost packets.
Default value: 3. In this example, the default value is used.
On the Virtual Border Routers (VBRs) page, click the ID of the VBR for which you want to configure BGP routing.
On the details page of the VBR, click the BGP Peers tab.
Find the BGP peer that you want to manage and click Edit in the Actions column.
In the Modify BGP Peer panel, select Enable BFD, configure the BFD Hop Count parameter, and then click OK.
NoteBFD supports single-hop and multi-hop authentication. You can set hops based on your network configuration.
If you use BFD in a multi-cloud environment or a fiber-optic direct connection network without any bridge device, you need to change the default BFD hop count from 255 to 1.
Step 6: Associate the ECR with the transit router
Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click its ID. The details page of the ECR appears.
Click the TR tab. On the TR tab, click Associate TR.
In the Associate TR dialog box, configure the parameters that are described in the following table and click OK.
The following table describes only the key parameters. For more information, see Associate a transit router.
Parameter
Description
CEN ID
The ID of the CEN instance to which the TR belongs.
Region
Select China (Hangzhou), which is the region of the transit router.
TR
Select the transit router.
Step 7: Test the network connectivity
You can run the ping command in the data center to check the connectivity between the data center and the VPC.
Open the command-line interface (CLI) on a server in the data center.
Run the
ping 192.168.0.10and ping 10.0.0.233 commands to check whether the data center can access the VPC.If the server in the data center receives echo reply packets, the data center and the VPC are connected.
References
For more information about how to troubleshoot connectivity issues between a data center and a VPC, see Troubleshooting.
You can test the data transfer rate of your Express Connect circuit to ensure that the Express Connect circuit meets your business requirements. For more information, see Test the performance of an Express Connect circuit.
For more information about how to troubleshoot issues related to Express Connect circuit installation, see FAQ about installing an Express Connect circuit.
For more information about how to troubleshoot issues related to Express Connect circuit connections, see FAQ about connections over Express Connect circuits.