Cloud Enterprise Network:Combine multiple connection methods to build an enterprise-class hybrid cloud

Network topology

Subnetting

Methods that are used to connect data centers to Alibaba Cloud

Connect the data centers in the China (Beijing) and China (Shanghai) regions to Alibaba Cloud by using Express Connect circuits

Procedure:

1. Connect the data centers in the China (Beijing) and China (Shanghai) regions to VBRs by using Express Connect circuits. Then, configure the data centers and the connected VBRs as Border Gateway Protocol (BGP) peers. For more information, see Configure BGP.
2. Use the customer-premises equipment (CPE) of the data centers in the China (Beijing) and China (Shanghai) regions to advertise the CIDR blocks of the data centers to the CEN instance by using BGP. The following table describes the configurations of the CPE in the China (Beijing) and China (Shanghai) regions.

   Parameter	CPE in China (Beijing)	CPE in China (Shanghai)
   Local BGP ASN	A	B
   Peer BGP ASN	45104	45104
   Network	10.1.3.0/24	10.1.4.0/24

   After the data centers and the VBRs are configured as BGP peers, the data centers and the VBRs can learn routes from each other.

Connect the data center in the China (Hangzhou) region to Alibaba Cloud by using a VPN gateway

Procedure:

1. Create an IPsec-VPN connection to connect the data center in the China (Hangzhou) region to the VPC in the China (Hangzhou) region. For more information, see Connect a VPC to a data center in single-tunnel mode.
2. Configure a specific route or default route that points to Alibaba Cloud.
   Configure a specific route:

   Destination CIDR block	Next hop
   10.1.2.0/24	VPN gateway
   10.1.3.0/24	VPN gateway
   10.1.4.0/24	VPN gateway
   192.168.1.0/24	VPN gateway
   192.168.2.0/24	VPN gateway
   192.168.3.0/24	VPN gateway
   192.168.4.0/24	VPN gateway

   Configure a default route:

   Destination CIDR block	Next hop
   0.0.0.0/0	VPN gateway

3. To allow the data centers to communicate with the network instances that are attached to the CEN instance, you must add a route to the VPC that is associated with the VPN gateway and advertise the route to the CEN instance. The route must point to the data center.
   

   Configure the route based on the following information:

   1. Add a route to the route table of the VPC in the China (Hangzhou) region. The destination CIDR block is set to 10.1.1.0/24 and the next hop is set to the VPN gateway that is created for the VPC.
      
   2. Advertise the route from the VPC in the China (Hangzhou) region to the CEN instance.
      

   After you advertise the route to the CEN instance, the network instances that are attached to the CEN instance can learn the route. This way, the data centers in the China (Hangzhou) region can communicate with all network instances that are attached to the CEN instance.

Connect the data center in the China (Guangzhou) region to Alibaba Cloud by using an SAG instance

Procedure:

1. Log on to the SAG console, select an SAG instance to connect to the data center in the China (Guangzhou) region, and then configure a route for the connection. For more information, see Advertise routes to Alibaba Cloud.
   
2. Attach the CCN instance that is associated with the SAG instance to the CEN instance. This way, the data center in the China (Guangzhou) region can communicate with the network instances that are attached to the CEN instance. For more information, see Associate a CCN instance with a CEN instance.
   

Connect the data centers in all regions

The CEN instance dynamically advertises the routes from the attached network instances to avoid route overlapping. This way, a hybrid cloud is built for the data centers and the attached network instances can communicate with each other.