This topic describes how to connect data centers by using routing policies of Cloud Enterprise Network (CEN).
Prerequisites
The data centers are connected to Alibaba Cloud by using Express Connect circuits. For more information, see Create and manage a dedicated connection over an Express Connect circuit.
A CEN instance is created. Network instances that you want to connect are attached to the CEN instance. For more information, see CEN instances and Manage network instance connections.
A bandwidth plan is purchased and bandwidth for inter-region communication is allocated. For more information, see Work with a bandwidth plan and Manage inter-region connections.
Background information
The system automatically adds a default routing policy to the transit router of a CEN instance. The priority value of the default routing policy is 5000 and the action policy is Reject. This routing policy forbids virtual border routers (VBRs) and Cloud Connect Network (CCN) instances from communicating with those that are also attached to the CEN instance. However, in some scenarios, you may need to allow the VBRs and CCN instances to communicate with those that are also attached to the CEN instance.
If you delete the default routing policy, routing loops may occur. Proceed with caution.
As shown in the preceding figure, Data Center 1 is located in the China (Beijing) region and connected to Alibaba Cloud by using VBR 1. Data Center 2 is located in the China (Hangzhou) region and connected to Alibaba Cloud by using VBR 2. VBR 1 and VBR 2 are attached to the CEN instance. By default, Data Center 1 and Data Center 2 cannot communicate with each other. To enable communication between Data Center 1 and Data Center 2, you can configure routing policies for the VBRs by performing the following steps:
Step 1: Add a routing policy that allows Date Center 1 to access Data Center 2
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the instance details page, click the ID of the transit router in the region in which you want to create a routing policy.
On the details page of the transit router, click the Route Table tab and click Routing Policies.
On the Routing Policies tab, click Add Routing Policy. Set the following parameters and click OK:
Route Policy Priority: Enter a priority value for the routing policy. A smaller value indicates a higher priority. In this example, 20 is entered.
Description: Enter a description for the routing policy. This parameter is optional.
Region: Select the region to which you want to apply the routing policy. In this example, China (Beijing) is entered.
Policy Direction: Select the direction in which you want to apply the routing policy. In this example, Egress Regional Gateway is selected.
Match Conditions: Configure match conditions for the routing policy. In this example, the following match conditions are specified:
Source Instance ID List: The ID of VBR 2 is selected.
Destination Instance ID List: The ID of VBR 1 is selected.
Action Policy: Select the action that you want to perform on routes that meet the match conditions. In this example, Allow is selected.
After the routing policy is created, you can view the route that allows Data Center 1 to access Data Center 2 on the Network Routes tab.
Step 2: Add a routing policy that allows Data Center 2 to access Data Center 1
In the left-side navigation pane, click Instances.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the instance details page, click the ID of the transit router in the region in which you want to create a routing policy.
On the details page of the transit router, click the Route Table tab and click Routing Policies.
On the Routing Policies page, click Add Routing Policy. Set the following parameters and click OK:
Routing Policy Priority: Enter a priority value for the routing policy. A smaller value indicates a higher priority. In this example, 20 is entered.
Description: Enter a description for the routing policy. This parameter is optional.
Region: Select the region to which you want to apply the routing policy. In this example, China (Hangzhou) is entered.
Policy Direction: Select the direction in which you want to apply the routing policy. In this example, Egress Regional Gateway is selected.
Match Conditions: Configure match conditions for the routing policy. In this example, the following match conditions are specified:
Source Instance ID List: The ID of VBR 1 is selected.
Destination Instance ID List: The ID of VBR 2 is selected.
Action Policy: Select the action that you want to perform on routes that meet the match conditions. In this example, Allow is selected.
After the routing policy is created, you can view the route that allows Data Center 2 to access Data Center 1 on the Network Routes tab.
Step 3: Test the connectivity between Data Center 1 and Data Center 2
Open the command prompt on a computer in Data Center 1.
Run the ping command to ping the IP address of a computer in Data Center 2 to test the connectivity.
The result shows that the computer in Data Center 1 can access the computer in Data Center 2.
Open the command prompt on a computer in Data Center 2.
Run the ping command to ping the IP address of a PC in Data Center 1 to test the connectivity.
The result shows that the computer in Data Center 2 can access the computer in Data Center 1.