All Products
Search
Document Center

Cloud Enterprise Network:Connect data centers by using CEN

Last Updated:Oct 19, 2023

This topic describes how to connect data centers by using routing policies of Cloud Enterprise Network (CEN).

Prerequisites

Note This feature is supported only by Basic Edition transit routers.

Background information

The system automatically adds a default routing policy to the transit router of a CEN instance. The priority value of the default routing policy is 5000 and the action policy is Reject. This routing policy forbids virtual border routers (VBRs) and Cloud Connect Network (CCN) instances from communicating with those that are also attached to the CEN instance. However, in some scenarios, you may need to allow the VBRs and CCN instances to communicate with those that are also attached to the CEN instance.

Important

If you delete the default routing policy, routing loops may occur. Proceed with caution.

不同IDC间互通

As shown in the preceding figure, Data Center 1 is located in the China (Beijing) region and connected to Alibaba Cloud by using VBR 1. Data Center 2 is located in the China (Hangzhou) region and connected to Alibaba Cloud by using VBR 2. VBR 1 and VBR 2 are attached to the CEN instance. By default, Data Center 1 and Data Center 2 cannot communicate with each other. To enable communication between Data Center 1 and Data Center 2, you can configure routing policies for the VBRs by performing the following steps:

Step 1: Add a routing policy that allows Date Center 1 to access Data Center 2

  1. Log on to the CEN console.

  2. On the Instances page, click the ID of the CEN instance that you want to manage.

  3. On the instance details page, click the ID of the transit router in the region in which you want to create a routing policy.

  4. On the details page of the transit router, click the Route Table tab and click Routing Policies.

  5. On the Routing Policies tab, click Add Routing Policy. Set the following parameters and click OK:

    • Route Policy Priority: Enter a priority value for the routing policy. A smaller value indicates a higher priority. In this example, 20 is entered.

    • Description: Enter a description for the routing policy. This parameter is optional.

    • Region: Select the region to which you want to apply the routing policy. In this example, China (Beijing) is entered.

    • Policy Direction: Select the direction in which you want to apply the routing policy. In this example, Egress Regional Gateway is selected.

    • Match Conditions: Configure match conditions for the routing policy. In this example, the following match conditions are specified:

      • Source Instance ID List: The ID of VBR 2 is selected.

      • Destination Instance ID List: The ID of VBR 1 is selected.

    • Action Policy: Select the action that you want to perform on routes that meet the match conditions. In this example, Allow is selected.

    After the routing policy is created, you can view the route that allows Data Center 1 to access Data Center 2 on the Network Routes tab.IDC间互通-策略1

Step 2: Add a routing policy that allows Data Center 2 to access Data Center 1

  1. In the left-side navigation pane, click Instances.

  2. On the Instances page, click the ID of the CEN instance that you want to manage.

  3. On the instance details page, click the ID of the transit router in the region in which you want to create a routing policy.

  4. On the details page of the transit router, click the Route Table tab and click Routing Policies.

  5. On the Routing Policies page, click Add Routing Policy. Set the following parameters and click OK:

    • Routing Policy Priority: Enter a priority value for the routing policy. A smaller value indicates a higher priority. In this example, 20 is entered.

    • Description: Enter a description for the routing policy. This parameter is optional.

    • Region: Select the region to which you want to apply the routing policy. In this example, China (Hangzhou) is entered.

    • Policy Direction: Select the direction in which you want to apply the routing policy. In this example, Egress Regional Gateway is selected.

    • Match Conditions: Configure match conditions for the routing policy. In this example, the following match conditions are specified:

      • Source Instance ID List: The ID of VBR 1 is selected.

      • Destination Instance ID List: The ID of VBR 2 is selected.

    • Action Policy: Select the action that you want to perform on routes that meet the match conditions. In this example, Allow is selected.

    After the routing policy is created, you can view the route that allows Data Center 2 to access Data Center 1 on the Network Routes tab.IDC互通-策略2

Step 3: Test the connectivity between Data Center 1 and Data Center 2

  1. Open the command prompt on a computer in Data Center 1.

  2. Run the ping command to ping the IP address of a computer in Data Center 2 to test the connectivity.

    The result shows that the computer in Data Center 1 can access the computer in Data Center 2.IDC1下的PC可以访问IDC2下的PC

  3. Open the command prompt on a computer in Data Center 2.

  4. Run the ping command to ping the IP address of a PC in Data Center 1 to test the connectivity.

    The result shows that the computer in Data Center 2 can access the computer in Data Center 1.IDC2下的PC可以访问IDC1下的PC