Connect branches to a data center through CEN - Cloud Enterprise Network

This topic describes how to use route maps of Cloud Enterprise Network (CEN) to connect the branches of a company to its data center.

Prerequisites

Before you configure route maps, make sure that the following requirements are met:

A Cloud Connect Network (CCN) instance is created. Smart Access Gateway (SAG) instances that are created for the branches are attached to the CCN instance. For more information, see Create a CCN instance and Attach a network instance.
A CEN instance is created. Network instances to be connected are attached to the CEN instance. For more information, see Create a CEN instance and Attach a network instance.
A bandwidth plan is purchased and the bandwidth for cross-region communication is allocated. For more information, see Purchase a bandwidth plan and Manage bandwidth for cross-region connections.

Background information

The system automatically adds a default route map to the regional gateway of a CEN instance. The priority value of the default route map is 5000 and the action policy is deny. This route map forbids virtual border routers (VBRs) and CCN instances that are attached to the CEN instance to communicate with each other. However, in some scenarios, you may need to allow the VBRs and CCN instances that are attached to the CEN instance to communicate with each other.

Important

If you delete the default route map, routing loops may occur. Proceed with caution.

Connect branches to a data center by using route maps of CEN

The data center of a company is deployed in the China (Beijing) region as shown in the preceding figure. The data center is connected to Alibaba Cloud through a VBR. A branch of the company (Branch 1) is located in the China (Shanghai) region. Another branch of the company (Branch 2) is located in the China (Hangzhou) region. Branch 1 is connected to a CCN instance through an SAG instance (SAG 1). Branch 2 is connected to the same CCN instance through another SAG instance (SAG 2). By default, the data center cannot communicate with Branch 1 and Branch 2. You can configure a route map to allow the data center and Branch 1 to communicate with each other.

Step 1: Configure a route map to allow the data center to access Branch 1

Perform the following operations to configure a route map to allow the data center to access Branch 1:

Log on to the CEN console.
In the left-side navigation pane, click Instances.
On the Instances page, find the CEN instance that you want to manage and click Manage in the Actions column.
On the CEN page, click the Route Maps tab and then click Add Route Map.
In the Add Route Map panel, set the following parameters and click OK to create a route map:
- Route Map Priority: Enter a priority value for the route map. A lower value indicates a higher priority. In this example, 20 is entered.
- Region: Select the region to which the route map is applied. In this example, China (Beijing) is selected.
- Transmit Direction: Select the direction of the route map. In this example, Export from Regional Gateway is selected.
- Match Conditions: Set the match conditions of routes. The following conditions are set in this example:
  - Source Instance IDs: Select the ID of SAG 1.
  - Target Instance IDs: Select the ID of the VBR.
  - Route Prefix: Enter 172.16.0.0/24.
- Action Policy: Select the action that you want to perform to a route if the route meets all match conditions. In this example, Permit is selected.
After you configure the route map, you can view the route that allows the data center to access Branch 1 on the Routes tab.

Step 2: Configure a route map to allow the CCN instance to access the data center

Perform the following operations to configure a route map to allow the CCN instance to access the data center:

Log on to the CEN console.
In the left-side navigation pane, click Instances.
On the Instances page, find the CEN instance that you want to manage and click Manage in the Actions column.
On the CEN page, click the Route Maps tab and then click Add Route Map.
In the Add Route Map panel, set the following parameters and click OK to create a route map:
- Route Map Priority: Enter a priority value for the route map. A lower value indicates a higher priority. In this example, 20 is entered.
- Region: Select the region to which the route map is applied. In this example, Chinese Mainland CCN is selected.
- Policy Direction: Select the direction of the route map. In this example, Egress Regional Gateway is selected.
- Match Conditions: Set the match conditions of routes. The following match conditions are set:
  - Source Instance ID List: Select the ID of VBR.
  - Destination Instance ID List : Select the ID of the CCN instance.
  - Route Prefix: Enter 192.168.0.0/24.
- Action Policy: Select the action that you want to perform to a route if the route meets all match conditions. In this example, Allow is selected.
After you add the route map, you can view the route that allows the CCN instance to access the data center on the Routes tab.

Step 3: Test the connectivity

Perform the following operations to test the connectivity between the data center and Branch 1:

Open the command prompt on a PC in the data center.
Run the ping command to ping the IP address of a PC in Branch 1.
The result shows that the data center can access Branch 1.
Open the command prompt on a PC in Branch 1.
Run the ping command to ping the IP address of a PC in the data center.
The result shows that Branch 1 can access the data center.

Perform the following operations to test the connectivity between the data center and Branch 2:

Open the command prompt on a PC in the data center.
Run the ping command to ping the IP address of a PC in Branch 2.
The result shows that the data center cannot access Branch 2.