To allow a data center connected to a virtual border router (VBR) to communicate with other networks that are connected to a transit router, such as virtual private clouds (VPCs) in the same region or a different region, connect the VBR to the transit router. The transit router allows the data center to communicate with VPCs in the same region or in a different region, and other data centers.
Prerequisites
The Alibaba Cloud account that owns the transit router and the Alibaba Cloud account that owns the VBR belong to the same enterprise.
A transit router is deployed in the region of the VBR. For more information, see Create a transit router.
You can connect a transit router to a VBR that belongs to the same or a different Alibaba Cloud account. If you want to connect a transit router to a VBR that belongs to a different Alibaba Cloud account, you must first acquire the required permissions. For more information, see Grant a transit router permissions on a network instance that belongs to another Alibaba Cloud account.
Connect a VBR to an Enterprise Edition transit router
Create a VBR connection
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the tab, find the transit router that you want to manage and click Create Connection in the Actions column.
On the Connection with Peer Network Instance page, set the following parameters and click OK.
Parameter
Description
Network Type
Select Virtual Border Router (VBR).
Region
Select the region where the network instance is deployed.
Transit Router
The transit router in the selected region is displayed.
Resource Owner ID
Select the Alibaba Cloud account that owns the network instance.
If the network instance and the transit router that you want to connect belong to the same Alibaba Cloud account, select Current Account.
If the network instance and the transit router that you want to connect belong to different Alibaba Cloud accounts, select Different Account, and enter the ID of the Alibaba Cloud account to which the network instance belongs.
Attachment Name
Enter a name for the VBR connection.
Tag
Add a tag to the VBR connection.
Tag Key: The tag key cannot be an empty string. The tag key can be up to 64 characters in length. The key cannot start with
acs:
oraliyun
or containhttp://
orhttps://
.Tag Value: The tag value can be an empty string. The tag value must be 1 to 128 characters in length. The parameter value cannot start with
acs:
oraliyun
or containhttp://
orhttps://
.
You can add one or multiple tags to the VBR connection. For more information about tags, see Manage tags.
Network Instance
Select the ID of the VBR that you want to connect to the transit router.
Advanced Settings
When you create a VBR connection, the system automatically enables the following features in the advanced settings:
Associate with Default Route Table of Transit Router
After this feature is enabled, the VBR connection is automatically associated with the default route table of the transit router. The transit router forwards the traffic of the VBR based on the default route table.
Propagate System Routes to Default Route Table of Transit Router
After this feature is enabled, the system routes of the VBR are advertised to the default route table of the transit router. This way, the VBR can communicate with other network instances that are connected to the transit router.
Propagate Routes to VBR
After this feature is enabled, the system automatically advertises the routes in the transit router route table that is associated with the VBR connection to the VBR.
You can clear the check boxes to disable the advanced features. If you want to enable the VBR to communicate with other network instances, you can configure associated forwarding and route learning on the transit router. For more information, see Manage routes.
After you create a VBR connection, you can view the details about the VBR connection on the Intra-region Connections tab on the details page of the transit router. For more information, see View network instance connections.
NoteIf the DEVICE_MODEL_FORBIDDEN error message is returned, refer to FAQ to troubleshoot the issue.
Change the transit router route table associated with the VBR connection
After you create a VBR connection, you can change the transit router route table that is associated with the VBR connection.
If route synchronization is enabled for the VBR connection, the routes synchronized to the VBR are withdrawn after the route table is changed. Then, the routes in the new route table are synchronized to all route tables of the VBR. For more information, see Route synchronization.
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the tab, click the ID of the transit router that you want to manage.
On the Intra-region Connections tab, click the ID of the VBR connection that you want to manage.
In the Attachment Details panel, find the Basic Information section and click Modify next to Associated Route Table.
In the Modify Route Table dialog box, select a route table and click OK.
Connect a VBR to a Basic Edition transit router
Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the tab, find the transit router that you want to manage and click Create Connection in the Actions column.
On the Connection with Peer Network Instance page, set the following parameters and click OK.
Parameter
Description
Network Type
Select Virtual Border Router (VBR).
Region
Select the region where the network instance is deployed.
Transit Router
The transit router in the selected region is displayed.
If no transit router is available in the selected region, the system automatically creates a transit router.
Resource Owner ID
Select the Alibaba Cloud account that owns the network instance.
If the network instance and the transit router that you want to connect belong to the same Alibaba Cloud account, select Current Account.
If the network instance and the transit router that you want to connect belong to different Alibaba Cloud accounts, select Different Account, and enter the ID of the Alibaba Cloud account to which the network instance belongs.
Network Instance
Select the ID of the network instance that you want to connect.
After you create a VBR connection, you can view the details about the VBR connection on the Intra-region Connections tab on the details page of the transit router. For more information, see View network instance connections.
NoteIf the DEVICE_MODEL_FORBIDDEN error message is returned, refer to FAQ to troubleshoot the issue.
Connect a VBR to a transit router by calling API operations
Alibaba Cloud provides a set of tools that allow you to create VPC connections by calling API operations, such as Alibaba Cloud SDKs (recommended), Alibaba Cloud CLI, Terraform, and Resource Orchestration Service (ROS). For more information, see the following API references:
CreateTransitRouterVbrAttachment: creates a VBR connection on an Enterprise Edition transit router.
UpdateTransitRouterVbrAttachmentAttribute: modifies the configurations of a VBR connection on an Enterprise Edition transit router.
ReplaceTransitRouterRouteTableAssociation: associates a network instance connection with another transit router route table.
AttachCenChildInstance: connects a VBR to a Basic Edition transit router.