After you attach virtual border routers (VBRs) and Cloud Connect Network (CCN) instances to a Cloud Enterprise Network (CEN) instance, you can configure the on-premises networks connected to the VBRs and CCN instances to access Alibaba Cloud services through the CEN instance.
Background information
The cloud services discussed in this topic refer to the Alibaba Cloud services that use the 100.64.0.0/10 CIDR block to provide services, such as Object Storage Service (OSS), Log Service, and Data Transmission Service (DTS). If an on-premises network needs to access a cloud service, you must attach the VBR or CCN instance associated with the on-premises network to a CEN instance, and then attach a virtual private cloud (VPC) to the CEN instance. The VPC and the cloud resource must belong to the same region. This way, your on-premises network can access the VPC and access the cloud service through the VPC.
Limits
An on-premises network associated with a VBR can access only a cloud service that is deployed in the same region by using CEN.
For example, if the cloud service is deployed in the China (Beijing) region, only an on-premises network associated with a VBR in the China (Beijing) region can access the cloud service.
Prerequisites
A VPC that is deployed in the same region as the cloud service is attached to the CEN instance.
The VBR or CCN instance associated with your on-premises network is attached to the CEN instance. For more information, see Attach a network instance.
Configure access to the cloud service
- Log on to the CEN console.
- On the Instances page, find the CEN instance that you want to manage and click Manage in the Actions column.
On the instance details page, click the AnyTunnel tab and then click Configure AnyTunnel.
In the Configure AnyTunnel panel, set the following parameters and click OK.
Service IP address: Enter an IP address or CIDR block used by the cloud service. This IP address or CIDR block must fall within 100.64.0.0/10. For example, you can enter 100.118.28.52/32.
Service Region: Select the region where the cloud service is deployed.
Host VPC: Select the VPC attached to the CEN instance from the drop-down list.
After you set the preceding parameters, the on-premises network associated with the VBR or CCN instance can access the cloud service through the VPC.
Access Region: Select the region where the VBR or CCN instance that needs to access the cloud service is deployed.
Description: Enter a description for the cloud service.
The description must be 2 to 256 characters in length, and can contain digits, hyphens (-), periods (.), and underscores (_). It cannot start with
http://
orhttps://
.
NoteTypically, a cloud service uses multiple IP addresses or CIDR blocks. Repeat the preceding steps to add routes to all the IP addresses of the cloud service.
Delete cloud service configurations
- Log on to the CEN console.
- On the Instances page, find the CEN instance that you want to manage and click Manage in the Actions column.
On the details page of the CEN instance, click the AnyTunnel tab. Find the cloud service configuration that you want to delete and click Delete in the Actions column.
In the Delete Route Service message, click OK.
References
ResolveAndRouteServiceInCen: configures a cloud service.
DescribeRouteServicesInCen: queries cloud service configurations.
DeleteRouteServiceInCen: deletes cloud service configurations.