Operation guide for Express Connect partners - Express Connect

After you acquire the permissions to create shared ports, you can create shared ports for tenants to access resources on Alibaba Cloud. Each shared port can be associated with a virtual border router (VBR).

Requirements

Before you start, make sure that the following requirements are met:

Two or more Express Connect circuits are connected to different access points of Alibaba Cloud. Permissions to access relevant resources on Alibaba Cloud are acquired. To apply for permissions to access relevant resources on Alibaba Cloud, contact your account manager.
The service terms in Limits on networks are fulfilled.
The switch that connects to the network of the tenant supports bandwidth adjustment and traffic monitoring. Traffic monitoring is enabled for the switch to collect statistics about bandwidth (bit/s), packet loss rate (bit/s), packet forwarding rate (pps), and data transfer (bytes).
The following traffic throttling features are configured on the customer-premises equipment (CPE): Quality of Service (QoS) policies and Address Resolution Protocol (ARP) throttling. In most cases, the limit is set to one ARP packet per second per tenant.
If Internet Control Message Protocol (ICMP) throttling is configured, the limit on ICMP echo requests must be set to a value greater than 500 pps.
The maximum bandwidth is set for the hosted connection that you want to create for the tenant. The sum of the maximum bandwidth that you set for all hosted connections over an Express Connect circuit cannot be greater than the maximum bandwidth of the Express Connect circuit.
A virtual local area network (VLAN) ID is assigned to each shared port. The VLAN IDs of shared ports that belong to the same Express Connect circuit must be unique.
For tenants that require high availability, they can associate their shared ports with different Express Connect circuits.

Prerequisites

The permissions to create shared ports are acquired. To apply for the permissions, go to Quota Center. For more information, see the Apply for the permissions to create shared ports section of this topic.
The Express Connect circuits are installed and enabled. For more information, see Create and manage a dedicated connection over an Express Connect circuit.
To create a shared port for a new hosted connection of a tenant, you must acquire the account ID of the tenant.
To create a shared port for an existing hosted connection of a tenant, take note of the following items:
- Before you start, you need to notify the tenant and request the tenant to enable billing for outbound data transfer.
- Make sure that the VBR associated with the hosted connection supports bandwidth adjustment.
- By default, the tenant pays for the shared port. If you want to pay for the shared port with the current Express Connect partner account, contact your business manager to acquire the permissions.

Apply for the permissions to create shared ports

Important

Only China Mobile, China Unicom, China Telecom, CITIC Network, and China Broadcasting Network are allowed to apply for the permissions to create shared ports.

Log on to the Express Connect console.
In the left-side navigation pane, choose Products > Privileges.
On the Products with Privileges page, click Express Connect in the Networking section.
On the Privileges page, click Apply in the Actions column that corresponds to the quota that you want to manage. In this example, the quota name is Shared port below 1G can be purchased and the quota ID is ec/can_buy_1G_vpconn.

In the Apply for Privileges dialog box, configure the following parameters and click OK.

Parameter	Description
Quota ID	The ID of the quota. The value of this parameter is automatically displayed on the page.
Description	The description of the quota. The value of this parameter is automatically displayed on the page.
Quota Value	The value of the quota. Valid values: Valid Invalid In this example, Valid is selected.
Time	The validity period of the quota. Note This parameter is required only if the Quota Value parameter is set to Valid. In this example, set the validity period to one day that starts from the day when the application is made.
Reason	The reason why you are applying for the quota. The following example is provided for reference. YYYY (tenant name + Alibaba Cloud account ID) wants to connect services to Alibaba Cloud and needs a bandwidth of XX Mbit/s. The permissions to create shared ports are required.
Notify Result	Specifies whether to notify the application result. Yes No

Create a shared port for a new hosted connection of a tenant

If this is the first time a tenant uses your pre-installed Express Connect circuit, you need to create a shared port to establish a connection based on the business requirements of the tenant.

Log on to the Express Connect console.
In the top navigation bar, select a region.
You can use one of the following methods to navigate to the Create Shared Port panel.
- On the Physical Connection page, find the Express Connect circuit that you want to manage, and click Create Shared Port in the Actions column.
- On the Physical Connection page, click the ID of the Express Connect circuit that you want to manage. On the Shared Physical Connection tab, click Create Shared Port.

In the Create Shared Port panel, set the parameters of the shared port and click OK.

Parameter	Description
Account ID	The account ID of the tenant for which you want to create the shared port. By default, Pay by Other Account is selected, which indicates that the tenant pays the resource usage fee for the shared port.
VLAN ID	You can isolate VBRs by assigning a VLAN ID to each VBR. Valid values: 0 to 2999. If the VLAN ID parameter is set to 0, the switch port of the VBR is a Layer 3 router interface instead of a VLAN interface. When a Layer 3 router interface is used, each Express Connect circuit corresponds to a VBR. If the VLAN ID parameter is set to a value from 1 to 2999, the switch port of the VBR is a Layer 3 VLAN subinterface. When a Layer 3 VLAN subinterface is used, each VLAN ID corresponds to a VBR. In this case, the Express Connect circuit with which the VBR is associated can be used to connect to virtual private clouds (VPCs) that belong to different Alibaba Cloud accounts. VBRs in different VLANs are isolated from each other at Layer 2. Note After you create a shared port for a tenant, you need to notify the tenant to accept the shared port. Then, the tenant can create a VBR that uses the specified VLAN ID for the shared port. The tenant is not allowed to change the VLAN ID of the VBR.
Shared Physical Connection Bandwidth Limit	You can specify a bandwidth value based on the business requirements of the tenant.
Resource Group	The resource group to which the Express Connect circuit belongs, Select the resource group from the drop-down list. You can click Manage Resource Group to create or modify a resource group in the Resource Management console. For more information, see Create a resource group.
Tags	Tag Key: the key of a tag. You can select or enter a key. The tag key can be up to 64 characters in length. The tag key cannot start with `aliyun` or `acs:` and cannot contain `http://` or `https://`. Tag Value: the value of a tag. You can select or enter a value. The tag value can be up to 128 characters in length. The tag value cannot start with `aliyun` or `acs:` and cannot contain `http://` or `https://`. Note You can add a tag to a shared port only if Pay by Other Account is not selected.

After you create a shared port, on the Shared Physical Connection tab, Pending for Acceptance is displayed in the Status column of the shared port.

In the message that appears, click OK.
Notify the tenant to accept the shared port and pay the resource usage fee. For more information, see Operation guide for tenants.

Create a shared port for an existing hosted connection of a tenant

If you have created a hosted connection for a tenant before, you can add a shared port to the hosted connection. The service of the tenant is not interrupted in this process. The newly added shared port is displayed in the tenant account. After the tenant accepts the shared port, you must confirm it in the console. Then, the VBR is automatically transferred to the tenant account and associated with the shared port.

After the VBR is transferred to the tenant account, Alibaba Cloud no longer charges VBR fees. If you have prepaid VBR fees, you can request a refund. For more information, see Rules for canceling the subscription of an Alibaba Cloud service.

Log on to the Express Connect console.
In the top navigation bar, select a region.
On the Physical Connection page, click the ID of the Express Connect circuit.
On the VBR tab, find the VBR of the tenant.
If the tenant has not set a bandwidth value for the VBR, perform the following operations to set a bandwidth value: Click the icon and select Bandwidth Settings in the Actions column. In the Bandwidth Settings panel, configure the Bandwidth Cap parameter and click OK.
Note
You cannot set the Bandwidth Cap parameter to Speed Unlimited.
On the VBR tab, find the VBR that you want to manage. Click the icon and select Transform to Shared Port in the Actions column. In the message that appears, click OK.
By default, Pay by Other Account is selected, which specifies that the tenant pays the resource usage fee for the shared port.
Notify the tenant to accept the shared port and pay the resource usage fee. For more information, see Operation guide for tenants.
On the VBR tab, find the VBR of the tenant. Click the icon and select Confirm. In the message that appears, click OK.

Change the VLAN ID of a shared port

VBRs that belong to different VLANs are isolated from each other based on VLAN IDs. Express Connect partners can change the VLAN IDs of shared ports based on business requirements. However, the VLAN ID of each shared port must be unique in the same Express Connect circuit.

Log on to the Express Connect console.
In the top navigation bar, select a region.
On the Physical Connection page, click the ID of the Express Connect circuit.
Click the Shared Physical Connection tab, find the shared Express Connect circuit that you want to manage and click Edit in the Actions column.
In the Modify Shared Port dialog box, change VLAN ID and click OK.

What to do next

If you are the payer of a shared port, you can perform the following operations on the shared port and its associated VBR.

Disable a shared port

You can disable a shared port as needed. After a shared port is disabled, it is not automatically released. You can contact your partner to restore a disabled shared port.

Important

A disabled shared port is still billed. For more information, see Resource usage fee and Renewal management. If you no longer need to use a shared port, you can unsubscribe from the shared port and release it. For more information, see Unsubscription and refund policies.

Log on to the Express Connect console.
In the top navigation bar, select a region.
You can disable a shared port and its associated VBR.
- Disable a VBR
  1. On the Physical Connection page, click the ID of the Express Connect circuit that you want to manage.
  2. On the VBR tab, find the VBR that you want to terminate and click Terminate Connection in the Actions column.
  3. In the Terminating the VBR dialog box, click OK.
- Disable a shared port
  1. On the Physical Connection page, click the ID of the Express Connect circuit that you want to manage.
  2. Click the Shared Physical Connection tab, find the shared port, and then click Terminate in the Actions column.
  3. In the Terminate Physical Connection dialog box, click OK.
After you disable a shared port, its status changes to Disabled. You can click Recover in the Actions column to enable the shared port.

Delete a VBR

Delete a VBR that belongs to a tenant account. Before you can delete a VBR, you must disable the VBR. For more information, see Disable a VBR.

Note

This section describes how to delete a VBR that belongs to a tenant account. To delete a VBR that belongs to your current account, see Delete a VBR.

Log on to the Express Connect console.
In the top navigation bar, select a region.
On the Physical Connection page, click the ID of the Express Connect circuit.
On the VBR tab, find the VBR that you want to delete and choose > Delete in the Actions column.
In the Delete VBR message, click OK.

Delete a shared port

Before you delete a shared port, delete the VBR that is associated with the shared port. For more information, see Delete a VBR.

Log on to the Express Connect console.
In the top navigation bar, select a region.
On the Physical Connection page, click the ID of the Express Connect circuit.
On the Shared Physical Connection tab, find the shared port ID and choose > Delete in the Actions column.
- If the port has expired, click OK in the Confirm Deletion message.
- If the port is still billed, click OK in the Confirm Deletion message. You will be redirected to the refund page. For more information about unsubscription and refund, see Refund.

References

Operation
You can view the status of connections over Express Connect circuits updated in real time. This helps you detect connectivity errors at the earliest opportunity. For more information, see Monitoring and alerting for connections over Express Connect circuits.
API
- CreateVirtualPhysicalConnection: creates a hosted connection.
- CreateVpconnFromVbr: adds a shared port to a hosted connection.
- UpdateVirtualPhysicalConnection: changes the VLAN ID of a hosted connection.
- TerminatePhysicalConnection: terminates a connection over an Express Connect circuit.
- TerminateVirtualBorderRouter: disables a VBR.
- DeleteVirtualBorderRouter: deletes a VBR.
- DeletePhysicalConnection: deletes a connection over an Express Connect circuit.
- CreatePhysicalConnectionOccupancyOrder: generates an order for resource usage when an Express Connect partner is specified to pay the resource usage fee.