Connect DTS to a data center by using an Express Connect circuit - Express Connect

This topic describes how to use an Express Connect circuit to connect Data Transmission Service (DTS) to a data center so that you can synchronize and migrate data, and track changes between ApsaraDB RDS instances and the data center.

Scenario

The following scenario is used as an example. An enterprise created a virtual private cloud (VPC) and vSwitches in the China (Beijing) region. The enterprise also purchased ApsaraDB RDS instances. The data center of the enterprise is connected to Alibaba Cloud through a virtual border router (VBR) and an Express Connect circuit. The enterprise needs to access the data center through DTS.

To enable the enterprise to access the data center through DTS, perform the following operations:

Connect the VBR and VPC to the Enterprise Edition transit router in the China (Beijing) region.
Add configurations to the Cloud Enterprise Network (CEN) instance to enable access to DTS.
Add routes that point to the data center to the VBR and VPC.
Add a route that points to DTS to the data center.
Configure health checks on the CEN instance to test network connectivity.
Verify that data can be synchronized and migrated and changes can be tracked between the ApsaraDB RDS instances and the data center.

Prerequisites

A VPC is created in the China (Beijing) region. A vSwitch is created in each of Beijing Zone H and Beijing Zone G. The vSwitches are named vSwitch 1 and vSwitch 2 in this example. An ApsaraDB RDS instance is deployed in each of vSwitch 1 and vSwitch 2. In this example, the version of the ApsaraDB RDS instances deployed in the vSwitches is 8.0. For more information, see the following topics:
- Create a VPC with an IPv4 CIDR block
- Create an ApsaraDB RDS for MySQL instance
A VBR and an Express Connect circuit are deployed. The data center is connected to Alibaba Cloud through the VBR and Express Connect circuit. For more information, see Connect a data center to ECS by using an Express Connect circuit.
A CEN instance is created. For more information, see Create a CEN instance.
An Enterprise Edition transit router is created in the region where the VPC resides. For more information, see Create a transit router.

Procedure

Step 1: View the region where the ApsaraDB RDS instances are deployed and the CIDR blocks used by DTS

Log on to the ApsaraDB RDS console.
In the left-side navigation pane, click Instances.
In the top navigation bar, select China (Beijing) for the region.
On the Instances page, find the ApsaraDB RDS for MySQL instance that you want to manage and click its ID.
On the instance details page, find the Basic Information section. In this section, find and copy the value of the Zone parameter. Then, find the CIDR blocks of DTS based on the region and zone of the ApsaraDB RDS for MySQL instance.
For more information about the CIDR blocks of DTS, see CIDR blocks of DTS servers.
In this example, the CIDR blocks of DTS in the China (Beijing) region are 100.104.183.0/24, 100.104.236.128/26, 100.104.227.192/26, 100.104.128.192/26, 100.104.11.64/26, 100.104.84.128/26, and 100.104.200.64/26.

Step 2: Connect the VBR and VPC to the transit router in the China (Beijing) region

Note

Before you connect an Enterprise Edition transit router to a VPC, make sure that the VPC has at least one vSwitch in a zone that supports Enterprise Edition transit routers. The vSwitch must have at least one idle IP address. In this example, a transit router is deployed in the China (Beijing) region and the zones are Beijing Zone H and Beijing Zone G.

After you connect the VBR and VPC to the transit router in the China (Beijing) region, the CEN instance automatically advertises and learns routes to enable network communication between the VPC and data center.

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the Basic Settings > Transit Router tab, find the transit router that you want to manage and click Create Connection in the Actions column.

On the Connection with Peer Network Instance page, set the following parameters and click OK.

Note

The first time you perform this operation, the system automatically creates the service-linked role AliyunServiceRoleForCEN. This role allows transit routers to create elastic network interfaces (ENIs) on vSwitches in VPCs. For more information, see AliyunServiceRoleForCEN.

Parameter	Description
Network Type	Select the type of network instance that you want to attach. In this example, VPC is selected.
Region	Select the region where the network instance is deployed. In this example, China (Beijing) is selected.
Transit Router	The transit router in the selected region is displayed.
Resource Owner ID	Select the Alibaba Cloud account to which the network instance belongs. In this example, Your Account is selected.
Billing Method	By default, transit routers use the Pay-As-You-Go billing method. For more information about the billing rules, see Billing rules.
Attachment Name	Enter a name for the network connection. In this example, `VPC-test` is used.
Networks	Select the VPC that you want to attach. In this example, the VPC in the China (Beijing) region is selected.
vSwitch	Select a vSwitch in a zone that supports transit routers. In this example, the following vSwitches are selected: Beijing Zone H: vSwitch 1 Beijing Zone G: vSwitch 2
Advanced Settings	By default, the following advanced features are enabled: Associate with Default Route Table of Transit Router, Propagate System Routes to Default Route Table of Transit Router, and Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC. In this example, the default settings are used.

On the Connection with Peer Network Instance page, click Create More Connections.

On the Connection with Peer Network Instance page, set the following parameters and click OK.

Parameter	Description
Network Type	In this example, Virtual Border Router (VBR) is selected.
Region	Select the region where the network instance is deployed. In this example, China (Beijing) is selected.
Transit Router	The transit router in the selected region is displayed.
Resource Owner ID	Select the Alibaba Cloud account to which the network instance belongs. In this example, Your Account is selected.
Attachment Name	Enter a name for the VBR connection. In this example, `VBR-test` is used.
Networks	Select the ID of the VBR that you want to attach. In this example, the VBR in the China (Beijing) region is selected.
Advanced Settings	By default, the following advanced features are enabled: Associate with Default Route Table of Transit Router, Propagate System Routes to Default Route Table of Transit Router, and Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC. In this example, the default settings are used.

After the connections are created, you can view the details about the connections on the Intra-region Connections tab. For more information, see View network instance connections.

Step 3: Add configurations to the CEN instance to enable access to DTS.

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the Basic Settings > Transit Router tab, click the ID of the transit router that resides in the region where the cloud service is deployed.
On the details page of the transit router, click the Route Table tab.
On the Route Table tab, click the ID of the route table that you want to manage in the left-side list. In the Route Table Details section, click the Route Entry tab, and then click Add Route Entry.

In the Add Route Entry dialog box, set the following parameters and click OK.

Parameter	Description
Route Table	By default, the current route table is selected.
Transit Router	By default, the current transit router is selected.
Name	Enter a name for the route entry.
Destination CIDR	Enter the IP address or CIDR block that the cloud service uses to provide services. In this example, the DTS CIDR blocks obtained in Step 1: View the region where the ApsaraDB RDS instances are deployed and the CIDR blocks used by DTS are used.
Blackhole Route	Select whether to specify the route as a blackhole route. Valid values: Yes: specifies that the route is a blackhole route. All traffic destined for this route is dropped. No: specifies that the route is not a blackhole route. In this case, you must specify the next hop of the route. No is selected in this example.
Next Hop	Select a next hop. Select the ID of the VPC connection on the transit router.
Description	Enter a description for the route.

Typically, a cloud service uses multiple IP addresses or CIDR blocks. Repeat the preceding steps to add all the IP addresses or CIDR blocks of the cloud service. In this example, DTS uses the following CIDR blocks: 100.104.183.0/24, 100.104.236.128/26, 100.104.227.192/26, 100.104.128.192/26, 100.104.11.64/26, 100.104.84.128/26, and 100.104.200.64/26.

Step 4: Add the CIDR block used by the data center to the VBR

Log on to the Express Connect console.
In the top navigation bar, select a region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
On the details page of the VBR, click the Routes tab and click Add Route Entry.

In the Add Route Entry panel, set the following parameters and click OK.

Parameter	Description
Next Hop Type	Select VPC or Physical Connection Interface. In this example, Physical Connection Interface is selected.
Destination CIDR Block	Enter the CIDR block to which network traffic is forwarded. In this example, the CIDR block of the data center is used.
Next Hop	Select the Express Connect circuit used by the data center.
Description	Enter a description.

Step 5: Add the CIDR block of the data center to the VPC

After you enable Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC, the system automatically adds routes whose destination CIDR blocks are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 to the route tables of the VPC. The next hop of the routes is the VPC connection. If the CIDR block of the data center falls within the preceding CIDR blocks, skip this step.

Log on to the VPC console.
In the left-side navigation pane, click Route Tables.
In the top navigation bar, select the region to which the route table that you want to manage belongs.
In this example, China (Beijing) is selected.
On the Route Tables page, find the custom route table that you want to manage and click its ID.
On the details page of the custom route table, choose Route Entry List > Custom Route, and click Add Route Entry.

In the Add Route Entry panel, set the following parameters and click OK.

Parameter	Description
Name	Enter a name for the custom route.
Destination CIDR Block	Enter the CIDR block to which network traffic is forwarded. In this example, the CIDR block of the data center is used.
Next Hop Type	Select the next hop type. Transit Router is selected in this example.
Transit Router	Select the VPC connection on the transit router in the China (Beijing) region.

Step 6: Add the DTS CIDR blocks to the data center

In the data center, add routes that point to the following CIDR blocks: 100.104.183.0/24, 100.104.236.128/26, 100.104.227.192/26, 100.104.128.192/26, 100.104.11.64/26, 100.104.84.128/26, and 100.104.200.64/26. If a firewall is enabled in the data center, modify the firewall policy to allow network traffic to be forwarded to the following CIDR blocks: 100.104.183.0/24, 100.104.236.128/26, 100.104.227.192/26, 100.104.128.192/26, 100.104.11.64/26, 100.104.84.128/26, and 100.104.200.64/26.

Step 7: Configure health checks on the CEN instance

You must configure health checks on the CEN instance to test the network connectivity between DTS and the data center.

Log on to the CEN console.
In the left-side navigation pane, click Health Check.
On the Health Check page, select the China (Beijing) region and click Set Health Check.

In the Set Health Check dialog box, set the following parameters and click OK.

Parameter	Description
Instances	Select the CEN instance on which you want to configure health checks. In this example, the CEN instance that connects the data center and VPC is selected.
Virtual Border Router (VBR)	Select a VBR. In this example, the VBR in the China (Beijing) region is selected.
Source IP	You can use one of the following methods to specify the source IP address: Automatic IP Address: The system automatically assigns an IP address from the 100.96.0.0/16 CIDR block. Custom IP Address: Specify an IP address. The IP address cannot conflict with the source and destination IP addresses connected by CEN, the IP address of the VBR, or the IP address of the gateway in the data center. In this example, Custom IP Address is selected and an IP address from a DTS CIDR block obtained in Step 1: View the region where the ApsaraDB RDS instances are deployed and the CIDR blocks used by DTS is used.
Destination IP	Enter the destination IP address of health checks. In this example, the IP address of the data center is used.
Probe Interval (Seconds)	Select a time interval at which probe packets are sent during the health checks. Unit: seconds. Valid values: 2 to 3. Default value: 2. In this example, `2` is selected.
Probe Packets	Enter the number of consecutive probe packets that are sent during the health checks. Unit: packets. Valid values: 3 to 8. Default value: 8. In this example, `8` is specified.
Change Route	Specify whether to allow the health check feature to switch to the redundant route. Yes is selected by default. The health check feature can switch to the redundant route. If a redundant route is configured on the CEN instance, the health check feature immediately switches to the redundant route if an error is detected on the Express Connect circuit. If you clear Yes, the health check feature does not switch to the redundant route. Only probing is performed. The health check feature does not switch to the redundant route even if an error is detected on the Express Connect circuit. Warning Before you clear the check box, make sure that the health check feature can switch to a redundant route by using other mechanisms. Otherwise, network connections are interrupted if the Express Connect circuit fails. Yes is selected in this example.

After you configure health checks, wait for 5 to 10 minutes. Then, you can click the Monitoring icon in the Monitor column to view the packet loss rate metric.

If the packet loss rate is 0, network communication is established between DTS and the data center. If the packet loss rate is greater than 0, network errors or jitters exist. In this case, check whether the bandwidth of the Express Connect circuit has reached the maximum value or whether the Express Connect circuit is disconnected from a device. If the problem persists, Submit a ticket to request technical support.

Step 8: Verify that data can be synchronized and migrated and changes can be tracked between the ApsaraDB RDS instances and the data center

After you complete the preceding steps, you can create data synchronization, data migration, and change tracking tasks in DTS to enable communication between the ApsaraDB RDS instances and the data center.

In this example, a data synchronization task is performed. You can perform other tasks to verify the performance. For more information, see Synchronize data from an ApsaraDB RDS for MySQL instance to a self-managed MySQL database connected over Express Connect, VPN Gateway, or Smart Access Gateway.

Express Connect：Connect DTS to a data center by using an Express Connect circuit