Cloud Enterprise Network (CEN) is a highly available network built on the global private network of Alibaba Cloud. CEN uses transit routers to establish inter-region connections between virtual private clouds (VPCs). This enables VPCs to communicate with data centers and builds flexible, stable, and enterprise-class networks in the cloud.
Components
Component | Name | Description |
| CEN instance | A CEN instance is the foundational resource for creating and managing an integrated cloud intelligent network. As the host for transit routers, a CEN instance contains one or more transit routers. You can create inter-region connections between multiple transit routers to build a flexible cloud network. |
| Transit router | A transit router is a key network element that forwards data within a region or across regions and supports flexible routing policies. Within a CEN instance, you can create one transit router in a region. |
| Network instance | A network instance is a crucial component of both cloud and on-premises network architectures. Common examples of network instances include Virtual private cloud (VPC), Express Connect Router (ECR), Cloud Connect Network (CCN), IPsec-VPN connection, Virtual Border Router (VBR), and transit router. Transit routers serve as a hub to connect these instances and enable data transfer and communication between networks. |
| Instance connection | An instance connection is formed when a network instance connects to a transit router. This allows for seamless connection between cloud resources, cross-region communication, and connectivity between cloud and on-premises resources. To connect instances, you must choose an appropriate connection from VPC connection, ECR connection, CCN connection, VPN connection, VBR connection, and Inter-region connection. |
| Route table of transit router | Transit routers forward traffic from the instances by querying route tables. A transit router includes a default system route table and supports the creation of custom route tables. You can use associated forwarding and route learning to determine connection, isolation, and traffic redirection policies to cater to diverse networking requirements. |
Scenarios
CEN is commonly used in the following scenarios:
Intra-region VPC connection: Connect VPCs in the same region with CEN.
Inter-region VPC connection: Connect VPCs across various regions.
Connection between on-premises data centers and cloud: Enable communication between on-premises and cloud networks.
Other typical scenarios include the following:
VPC traffic filtering
Through the route management feature of the transit router, traffic can be directed to a security control server where only the filtered traffic is permitted to communicate. This significantly bolsters network security. For more information, see Use an Enterprise Edition transit router to establish and secure network communication.
Isolated VPCs with shared services
The route management feature allows isolated VPCs to obtain concurrent access to shared services. For more information, see Allow isolated VPCs to access a shared VPC.
Inter-region Quality of Service (QoS)
By leveraging traffic scheduling, you can label different types of inter-region traffic and impose bandwidth limits on the traffic based on label values. This ensures the inter-region bandwidth for different services and improves network efficiency. For more information, see Use traffic scheduling to limit bandwidth for inter-region connections.
Inter-region traffic analysis
The flow log feature is available in transit routers, which captures traffic information across connections, including inter-region, VPC, VPN, ECR, and VBR connections. For more information, see Configure a flow log.
Multicast
After an instance connection has been created, you can build and manage multicast networks and utilize the transit router as a multicast router to forward traffic of network instances. For more information, see Manage multicast.
Benefits
Global network | Low latency and high speed | Reliability and quality |
Transit routers enable rapid connection of VPCs across regions and on-premises networks to facilitate global resource sharing. Each Enterprise Edition transit router can support up to 1,000 VPCs in the same region, accommodating network growth. | Transit routers offer low latency and fast network transmission. In the same region, the data transfer rate can reach the maximum rate supported by the device port. Because resources can communicate with each other on a global scale, network latency is significantly reduced compared to data transmission over the Internet. | Transit routers can be deployed in active and standby modes and traffic is automatically switched between modes to maintain service availability. Multiple sets of quality connections between any two nodes ensure that the network automatically converges during interruption events. |
Enterprise-class networking | Pay-as-you-go and fast delivery | One-stop O&M |
You can configure custom routing policies to meet enterprise-class networking requirements. For example, you can create a complex network topology that supports security domain isolation, demilitarized zones, and service chaining. | Pay-as-you-go billing is supported. When the connected instances are in the same region, you are charged only for the traffic that flows through the connected instances and transit routers. Inter-region connections can be quickly created and modified without purchasing devices or lines. This reduces network costs. | The console features a visual interface that is based on geographical locations and network resources. It gives you the ability to view the network topology within the same region and across different regions to grasp the operation state and enhance the efficiency of network maintenance. |
Regions and zones supported by transit routers
Transit routers are available in two editions, Enterprise and Basic:
Basic Edition: Discontinued. Newly created transit routers are now exclusively Enterprise Edition, with the exception of Cloud Connect Network (CCN) regions.
Enterprise Edition: In addition to all the features of Basic Edition, it supports flexible routing policies. For more information, see How transit routers work.
The table below lists the regions and zones where Enterprise Edition transit routers are supported.
Table 1: Regions and zones that support Enterprise Edition transit routers
Area | Region | Zone |
Chinese Mainland | China (Hangzhou) | Zone B, Zone H, Zone I, Zone J, and Zone K |
China (Shanghai) | Zone F, Zone G, Zone E, Zone B, Zone N, Zone M, and Zone L | |
China (Nanjing - Local Region) | Zone A | |
China (Fuzhou - Local Region) | Zone A | |
China (Shenzhen) | Zone D, Zone E, Zone F, Zone A, and Zone C | |
China (Heyuan) | Zone A and Zone B | |
China (Guangzhou) | Zone A and Zone B | |
China (Qingdao) | Zone B and Zone C | |
China (Beijing) | Zone C, Zone H, Zone G, Zone J, Zone K, Zone I, and Zone L | |
China (Zhangjiakou) | Zone A, Zone B, and Zone C | |
China (Hohhot) | Zone A and Zone B | |
China (Ulanqab) | Zone A, Zone B, and Zone C | |
China (Chengdu) | Zone A and Zone B | |
Asia Pacific | Singapore | Zone A, Zone B, and Zone C |
China (Hong Kong) | Zone B, Zone C, and Zone D | |
Malaysia (Kuala Lumpur) | Zone A and Zone B | |
Indonesia (Jakarta) | Zone A, Zone B, and Zone C | |
Philippines (Manila) | Zone A | |
Japan (Tokyo) | Zone A, Zone B, and Zone C | |
South Korea (Seoul) | Zone A | |
Thailand (Bangkok) | Zone A | |
Europe | Germany (Frankfurt) | Zone A and Zone B |
UK (London) | Zone A and Zone B | |
North America | US (Virginia) | Zone A and Zone B |
US (Silicon Valley) | Zone A and Zone B | |
Middle East | SAU (Riyadh - Partner Region) | Zone A and Zone B |
The following table lists the regions that support CCN. When you create a transit router in these regions, the default is Basic Edition.
Table 2: Regions and zones that support Basic Edition transit routers
Area | Region |
Chinese Mainland | Chinese Mainland CCN |
Asia Pacific | Japan CCN, Singapore CCN, Hong Kong CCN, Malaysia CCN, and Indonesia CCN |
Europe | Frankfurt CCN |
Notes on network transmission
Alibaba Cloud offers a private network with high performance and low latency. This private network provides a secure cloud computing environment to meet your networking requirements. Packet loss during network transmission may be caused by many factors, such as network stream collisions and Layer 2 network errors. Alibaba Cloud aims to provide network services with an hourly packet loss rate of less than 0.0001% for 99% of packets.
When you use CEN, take note of the following rules:
Only network traffic transmitted over CEN passes through the Alibaba Cloud transmission network. CEN can minimize the packet loss rate in inter-region transmission when bandwidth resources are sufficient.
Express Connect circuits that connect the Chinese Mainland to regions outside the Chinese Mainland are provided by China Unicom. These Express Connect circuits are optimized and maintained in the same way as the Alibaba Cloud transmission network to minimize packet loss.
Work with CEN
To use the CEN console, see Connect VPCs in the same region with CEN