Transit routers can connect to virtual private clouds (VPCs), virtual border routers (VBRs), IPsec-VPN connections, and Cloud Connect Network (CCN) instances. Transit routers can be used to enable communication among VPCs, inter-region networks, and on-premises networks and cloud networks. Transit routers support custom route tables and custom routes, and allow you to configure policies for communication, isolation, and traffic forwarding. This helps enterprises build flexible, reliable, and large-scale enterprise-class cloud networks.
Intra-region networking
Item | Description |
Scenario | You can attach network instances in the same region to the transit router to implement intra-region communication. |
Procedure | Create a transit router and attach the network instances that need to communicate with each other to the transit router. |
References |
Inter-region networking
Item | Description |
Scenario | You can attach network instances in different regions to the transit routers to implement inter-region communication. |
Procedure | Create transit routers in the regions that you want to connect to each other, attach network instances to the transit routers in the regions, and then establish an inter-region connection between the transit routers. |
References | Use Enterprise Edition transit routers to connect VPCs across regions and accounts |
Hybrid cloud networking
Item | Description |
Scenario | You can attach virtual private clouds (VPCs), virtual border routers (VBRs), Cloud Connect Network (CCN) instances, and IPsec-VPN connections to transit routers, and attach the VBRs, CCN instances, and IPsec-VPN connections to on-premises networks to implement communication between Alibaba Cloud and the on-premises networks, and between the on-premises networks. |
Procedure | Create transit routers in the regions that you want to connect to each other, attach network instances to the transit routers in the regions, and then establish an inter-region connection between the transit routers. |
References |
Enterprise-class networking
Transit routers support custom networking, isolation, and redirection policies. These are the basic requirements for building an enterprise-class network.
One Internet-facing VPC for all networks
Item | Description |
Scenario | You can create custom routing policies that allow VPCs to access the Internet from the same egress. This simplifies network management and improves the security of your workloads. |
Procedure | Create transit routers in the regions that you want to connect to each other, attach VPCs to the transit routers in the regions, establish an inter-region connection between the transit routers, and create custom route tables and routes to route network traffic destined for the Internet to the Internet-facing VPC. |
Secure communication among VPCs
Item | Description |
Scenario | You can create custom routing policies to isolate trusted network traffic from untrusted network traffic. Untrusted network traffic is routed to a dedicated VPC for scrubbing before being transmitted over the network. This ensures that only trusted network traffic is transmitted across your network. |
Procedure | Create transit routers in the regions that you want to connect to each other. Then, attach VPCs to the transit routers in the regions, establish an inter-region connection between the transit routers, and then create custom route tables and routes to route untrusted network traffic to security services in a VPC for scrubbing. |
References | Use an Enterprise Edition transit router to enable and secure network communication |
Service sharing between CEN instances
Item | Description |
Scenario | A VPC can be attached to multiple transit routers. If you have multiple CEN instances that need to access services in a VPC, you can attach the VPC to the transit router of each CEN instance. These transit routers can forward requests from different CEN instances to the VPC. |
Procedure | Attach the VPC to the transit router of each CEN instance, and add routes to each transit router to forward requests from different CEN instances to the VPC. |