After you enable an Express Connect circuit, you can create a virtual border router (VBR) for the Express Connect circuit. The VBR is used to route traffic between a Virtual Private Cloud and your data center.
Background information
A VBR is a router deployed between a VPC and the customer-premises equipment (CPE) in a data center. Each VBR is associated with a route table. You can add routes to the route table of a VBR to control network traffic forwarding. A VBR provides the following features:
Exchanges data between a VPC and a data center.
Determines the virtual interface type of an Express Connect circuit: Layer 3 router interface or Layer 3 virtual local area network (VLAN) subinterface.
Adds or identifies VLAN tags if a Layer 3 VLAN subinterface is used.
Supports Border Gateway Protocol (BGP) dynamic routing.
Create a VBR
Log on to the Express Connect console.
In the top navigation bar, select a region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
On the Virtual Border Routers (VBRs) page, click Create VBR.
In the Create VBR panel, configure the parameters that are described in the following table and click OK.
Parameter
Description
Account
Specify the Alibaba Cloud account for which a VBR is created. By default, Current Account is selected. If you use the default setting, the VBR that you create belongs to the account that you use to log on to the console.
Name
Enter a name for the VBR.
Resource Group
Select the resource group to which the VBR belongs.
Alternatively, you can add the VBR to a resource group in the following way: After the VBR is created, find the VBR and click Add to Resource Group in the Resource Group column.
Tags
Tag Key: You can select or enter a key. The tag key can be up to 64 characters in length. The tag key cannot start with
aliyun
oracs:
and cannot containhttp://
orhttps://
.Tag Value: You can select or enter a value. The tag value can be up to 128 characters in length. The tag value cannot start with
aliyun
oracs:
and cannot containhttp://
orhttps://
.
You can also add tags to the VBR in the Tags column after the VBR is created. After you add tags, you can modify, view, and delete the tags.
Express Connect Circuit
Select the type of Express Connect circuit that you want to associate with the VBR. Then, select an Express Connect circuit that is enabled and functions as expected from the drop-down list.
Valid values:
Dedicated Physical Connection: a dedicated Express Connect circuit.
Shared Physical Connection: a hosted Express Connect circuit.
VLAN ID
Enter the VLAN ID of the VBR. Valid values: 0 to 2999.
Take note of the following items when you enter the VLAN ID:
If VLAN ID is set to 0, the switch port of the VBR is a Layer 3 router interface instead of a VLAN subinterface. When a Layer 3 router interface is used, each Express Connect circuit is associated with a VBR.
If VLAN ID is set to a value from 1 to 2999, the switch port of the VBR is a Layer 3 VLAN subinterface. When a Layer 3 VLAN subinterface is used, each VLAN ID is associated with a VBR. In this case, the Express Connect circuit with which the VBR is associated can be used to connect to VPCs that belong to different Alibaba Cloud accounts. VBRs in different VLANs are isolated from each other at Layer 2.
Before you configure this parameter, take note of the following rules:
To configure the VLAN ID parameter for a dedicated connection over an Express Connect circuit, make sure that the trunking feature is enabled for the Layer 2 or Layer 3 devices that are used to connect the Express Connect circuit, VBR, and gateway device in the data center. This way, data can be transmitted from and to the VLAN based on the specified ID. The VLAN ID that you specify is preserved in the packets sent to the destination VLAN and not modified during data transmission. If the trunking feature is disabled, the connection may fail. We recommend that you set the VLAN ID parameter to 0 unless your Internet service provider has specific rules or limits on the VLAN ID configuration.
If you set the VLAN ID parameter to 0 when you create a VBR for a dedicated connection, you cannot create other VLAN subinterfaces on the VBR.
You do not need to configure the VLAN ID parameter when you create a VBR for a hosted connection. The VLAN ID parameter is already configured. Therefore, ignore the VLAN ID parameter.
Set VBR Bandwidth Value
Set the bandwidth of the VBR.
You do not need to configure this parameter when you create a VBR for a hosted connection. The bandwidth is already set when the hosted connection is created.
IPv4 Address (Alibaba Cloud Gateway)
Specify an IPv4 address for the VBR to route traffic between the VPC and your data center. The IPv4 addresses that are specified by the IPv4 Address (Alibaba Cloud Gateway) and IPv4 Address (Data Center Gateway) parameters must belong to the same CIDR block.
IPv4 Address (Data Center Gateway)
Specify an IPv4 address for the gateway device in the data center.
NoteTo allow services in the VPC to access a specific gateway IP address, you must add a route to the route table of the VBR. Set the destination CIDR block to the CIDR block to which the specified gateway IP address belongs and set the next hop to the Express Connect circuit. For information about how to add routes to a route table, see the Add a custom route section of the "Add and manage routes" topic.
Subnet Mask (IPv4)
Enter the subnet mask of the IPv4 addresses that you specify for the VBR and the gateway device in the data center. You can enter a longer subnet mask because only two IP addresses are required.
Support IPv6
Select whether to enable IPv6 for the VBR.
Disable (default): disables IPv6.
Enable: enables IPv6. If you select this option, you cannot disable IPv6 after the VBR is created. Configure the following parameters of the VBR:
IPv6 Address (Alibaba Cloud Gateway): Enter an IPv6 address for the VBR to route network traffic between the VPC and the data center. The values of the IPv6 Address (Alibaba Cloud Gateway) and IPv6 Address (Data Center Gateway) parameters must belong to the same CIDR block.
IPv6 Address (Data Center Gateway): Enter an IPv6 address for the gateway device in the data center to route network traffic between the VPC and the data center.
Subnet Mask (IPv6): Enter the subnet mask of the IPv6 addresses that you specified for the VBR and the gateway device in your data center.
Change the bandwidth of a VBR
You can change the bandwidth of a free VBR.
Log on to the Express Connect console.
In the top navigation bar, select a region. In the left-side navigation pane, click Physical Connection.
On the Physical Connection page, click the ID of the Express Connect circuit that you want to manage.
On the Express Connect circuit details page, find the VBR whose bandwidth you want to change and click Bandwidth Settings in the Actions column.
In the Bandwidth Settings panel, configure the Bandwidth Cap parameter and click OK.
Modify the configuration of a VBR
Log on to the Express Connect console.
In the top navigation bar, select a region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
On the Virtual Border Routers (VBRs) page, find the VBR whose configuration you want to modify and click Modify in the Actions column.
Modify the parameters that are described in the following table and click OK.
Parameter
Description
VLAN ID
Enter the VLAN ID of the VBR. Valid values: 0 to 2999.
If VLAN ID is set to 0, the switch port of the VBR is a Layer 3 router interface instead of a VLAN subinterface. When a Layer 3 router interface is used, each Express Connect circuit is associated with a VBR.
If VLAN ID is set to a value from 1 to 2999, the switch port of the VBR is a Layer 3 VLAN subinterface. When a Layer 3 VLAN subinterface is used, each VLAN ID is associated with a VBR. In this case, the Express Connect circuit with which the VBR is associated can be used to connect to VPCs that belong to different Alibaba Cloud accounts. VBRs in different VLANs are isolated from each other at Layer 2.
For example, a company has multiple divisions or subsidiaries. Each division or subsidiary has a separate Alibaba Cloud account. Each Alibaba Cloud account has a separate VPC. If the company applies for an Express Connect circuit, the company must assign a VLAN ID to the connection of each division or subsidiary. When the company creates router interfaces, the VLAN IDs are used to identify the subsidiaries or divisions that use the Express Connect circuit. In this case, the VBRs of each subsidiary or division are isolated at Layer 2.
NoteIf you use a hosted Express Connect circuit, you cannot modify the VLAN ID. If you want to modify the VLAN ID, contact the Internet service provider.
IPv4 Address (Alibaba Cloud Gateway)
Specify an IPv4 address for the VBR to route traffic between the VPC and your data center.
IPv4 Address (Data Center Gateway)
Specify an IPv4 address for the gateway device in the data center.
Subnet Mask (IPv4)
Enter the subnet mask of the IPv4 addresses that you specify for the VBR and the gateway device in the data center. You can enter a longer subnet mask because only two IP addresses are required.
Support IPv6
Select whether to enable IPv6 for the VBR.
Disable (default): disables IPv6.
Enable: enables IPv6. If you select this option, you cannot disable IPv6 after the VBR is created. Configure the following parameters of the VBR:
IPv6 Address (Alibaba Cloud Gateway): Enter an IPv6 address for the VBR to route network traffic between the VPC and the data center. The values of the IPv6 Address (Alibaba Cloud Gateway) and IPv6 Address (Data Center Gateway) parameters must belong to the same CIDR block.
IPv6 Address (Data Center Gateway): Enter an IPv6 address for the gateway device in the data center to route network traffic between the VPC and the data center.
Subnet Mask (IPv6): Enter the subnet mask of the IPv6 addresses that you specified for the VBR and the gateway device in your data center.
BFD Parameter
After you enable Bidirectional Forwarding Detection (BFD), the system establishes a BFD session between the VBR and the gateway device in the data center. This way, the VBR and the gateway device can exchange BFD packets on a regular basis to verify network connectivity. If no packets are returned, the peer is considered unreachable.
NoteThe BFD parameters take effect only if BFD is enabled. For more information about how to enable BFD, see Configure and manage BGP.
Submission Interval: the interval at which BFD packets are sent. Valid values: 200 to 1000. Unit: milliseconds.
Reception Interval: the interval at which BFD packets are received. Valid values: 200 to 1000. Unit: milliseconds.
Detection Time Multiple: the detection time multiplier. Valid values: 3 to 10.
Apply for a quota increase for VBRs
After you enable billing for outbound data transfer, you can create up to 10 VBRs for each Express Connect circuit free of charge within the current account. You can apply for a quota increase for your account based on your business requirements.
For more information about the quotas of VBRs, see Limits.
Log on to the Express Connect console.
In the top navigation bar, select a region. In the left-side navigation pane, click Physical Connection.
In the Increase VBR Quota for Current Account section, click Upgrade Now.
On the General Quotas page, find the ec_quota_same_acount_vbr_per_pconn quota and click Apply in the Actions column.
In the Apply for Quotas dialog box, configure the Applied Quotas and Reason parameters and click OK.
Delete a VBR
You can delete VBRs that you no longer need. Before you delete a VBR, make sure that the following resources of the VBR are deleted or disassociated:
All routes are deleted. For more information, see the Delete a custom route section of the "Add and manage routes" topic and the Delete route prefixes section of the "Add and manage route prefixes" topic.
All BGP peers, BGP groups, and advertised BGP CIDR blocks are deleted. For more information about how to delete BGP groups, BGP peers, and advertised BGP CIDR blocks, see Configure and manage BGP.
All failover groups are deleted. For more information, see Configure a failover group.
The VBR is disassociated from Cloud Enterprise Network (CEN). For more information, see the Detach a VBR from a CEN instance section of the "Connect to a VPC" topic.
All peering connections are deleted. For more information, see the Delete a VBR-to-VPC connection section of the "Create and manage a VBR-to-VPC connection" topic.
The VBR is disassociated from the Express Connect circuits if the VBR is associated with more than one Express Connect circuit. To disassociate the VBR from the Express Connect circuit, perform the following steps:
Log on to the Express Connect console.
In the top navigation bar, select a region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
On the Virtual Border Routers (VBRs) page, find the VBR that you want to disassociate from the Express Connect circuit and click Delete in the Actions column.
NoteTo delete a VBR that is associated with multiple Express Connect circuits, click the ID of the VBR. On the Physical Connection Interfaces tab, click Unbind in the Actions column of an Express Connect circuit. Repeat this step to disassociate the VBR from all Express Connect circuits.
In the Delete VBR message, click OK.
References
AttachVbrToVpconn: associates a VBR with a hosted connection.
CreateVirtualBorderRouter: creates a VBR.
DescribeVirtualBorderRouters: queries VBRs.
DescribeVirtualBorderRoutersForPhysicalConnection: queries VBRs that are associated with a specific Express Connect circuit. The VBRs can be created by the owner of the Express Connect circuit and by other Alibaba Cloud accounts.
DeleteVirtualBorderRouter: deletes a VBR.
ListVirtualPhysicalConnections: queries the information about hosted connections.
ModifyVirtualBorderRouterAttribute: modifies the configuration of a VBR.
UpdateVirtualBorderBandwidth: updates the outbound bandwidth of a VBR.