All Products
Search

This Product

    :Use Express Connect to connect ECS instances to a CSG instance

    Document Center

    :Use Express Connect to connect ECS instances to a CSG instance

    更新時間:Oct 21, 2024

    This topic describes how to use Express Connect to allow Elastic Compute Service (ECS) instances in different virtual private clouds (VPCs) to communicate with the same Cloud Storage Gateway (CSG) instance.

    Background information

    CSG is a storage service that helps you seamlessly integrate on-premises applications, infrastructure, and data storage with Alibaba Cloud. You can deploy virtual devices compatible with standard storage protocols in an on-premises data center and on Alibaba Cloud to connect your storage applications and workloads to Alibaba Cloud storage and computing services.

    On Alibaba Cloud, many enterprise users interconnect multiple VPCs to run a large number of ECS clusters. However, CSG V1.0.31 and earlier versions support interconnecting ECS instances that are deployed only in the same VPC. These versions do not support interconnecting ECS instances that are deployed in different VPCs. Starting from V1.0.32, CSG supports multiple VPC CIDR blocks, including 192.168.0.0/16, 172.16.0.0./12, and 10.0.0.0/8.

    This example shows how to configure networks, Express Connect, and security groups to enable ECS instances in three different VPCs to communicate with the same CSG instance.

    拓扑图

    • SG represents a security group.

    • VPC represents virtual private network. 172.16.0.0/12 and other CIDR blocks represent the supported CIDR blocks.

    Create a CSG instance

    1. Log on to the CSG console.

    2. Select the region in which you want to create a file gateway. In this example, the region is China (Hangzhou).

    3. On the Gateways page, create a gateway.

      When you create the gateway, select VPC-172 (172.16.0.0./12).

      • For information about how to create a file gateway in the cloud, see Create a file gateway.

      • For information about how to create an Internet Small Computer System Interface (iSCSI) gateway in the cloud, see Create an iSCSI gateway.

    Configure VPCs and Express Connect

    1. In the Express Connect console, choose VPC Peering Connections > VBR-to-VPC. In the upper-left corner, select a region. In this example, the region is China (Hangzhou).

    2. On the VBR-to-VPC page, click Create Peering Connection.

    3. On the Establish VBR-VPC Interconnection page, configure the parameters. For more information, see Connect two VPCs under the same Alibaba Cloud account.

      This example shows how to establish peering connections from VPC-172 to VPC-10 and VPC-192. VPC-172 is the initiator VPC.

    4. After the peering connections are established, add routes for the interconnected VPCs.

      1. Find and click the initiator instance.

      2. On the Basic Information page, click Add Route.

      3. Enter the CIDR block of the acceptor VPC or vSwitch, and click OK.

        In this example, enter the following CIDR blocks of the acceptor VPCs: 192.168.0.0/16 (VPC-192) and 10.0.0.0/8 (VPC-10).

      4. After you configure the route settings, test the connectivity between the initiator and acceptor VPCs.

        In this example, you can successfully ping the ECS instances in VPC-192 and VPC-10 from the ECS instance in VPC-172.

    Create security group rules

    You can create security groups for the CSG instance to enable the Cloud Enterprise Network (CEN) instance to share the same CSG instance. In this example, you need to create the following security groups: SG-10 and SG-192.

    1. Log on to the ECS console.

    2. In the left-side navigation pane, choose Network & Security > Security Groups. On the Security group page, find the security group and click Manage Rules.

    3. In the Access Rule section of the Security Group Details tab, go to the Inbound tab. Click Add Rule or Quick Add, select a protocol type, specify a port range, and configure authorization objects.

      Different protocols use different ports. Specify the ports based on your actual business requirements.

      • HTTPS: 443.

      • NFS: 111 (TCP and UDP), 875 (TCP and UDP), 892 (TCP and UDP), 2049 (TCP and UDP), 32888 (TCP and UDP), and 32889 (TCP and UDP).

      • SMB: 137 (UDP), 138 (UDP), 139 (TCP), 389 (TCP), 445 (TCP and UDP), and 901 (TCP).

      • iSCSI: 860 (TCP) and 3260 (TCP).

      If you need to use Active Directory (AD), set Protocol Type to Custom TCP or Custom UDP, and set Port Range to 53/636. For more information about security group rules, see Security group rules.

    After you configure security group rules, ECS instances in the VPCs can access the CSG instance through Express Connect. CSG supports standard storage protocols NFS, SMB, and iSCSI. This way, you can easily scale storage, share and deliver data across regions, and meet business requirements in scenarios such as traditional applications and backup archiving. For more information, see Scenarios.

    Access the CSG instance

    • Access file gateways
      • For more information about how to access file gateways from a client that runs the Linux operating system, see Access an NFS share.
      • For more information about how to access file gateways from a client that runs the Windows operating system, see Access an SMB share.
    • Access block gateways