All Products
Search

This Product

    Express Connect:Migrate from transit router connections to ECR connections to connect a data center to Alibaba Cloud

    Document Center

    Express Connect:Migrate from transit router connections to ECR connections to connect a data center to Alibaba Cloud

    更新時間:May 20, 2024

    If you want to use an Express Connect circuit to access Alibaba Cloud with a lower latency, a higher bandwidth, and no additional advanced network requirements, you can deploy your hybrid cloud networking by using an Express Connect Router (ECR).

    Example scenario

    Important

    • During the migration process, services are interrupted. We recommend that you plan a proper migration time.

    • When you migrate from multiple transit router connections to ECR connections, you must initiate migration for the transit router connections one by one. Make sure that the current ECR connection after the migration forwards traffic as expected before you can migrate from the next transit router connection.

    In this example, a data center is connected to Alibaba Cloud virtual private clouds (VPCs) by using a transit router before the migration. The following figure shows the migration configurations. After the migration, VPC 1 and VPC 2 can communicate with each other by using a transit router, and VPC 1 and VPC 2 can communicate with virtual border router (VBR) 1 and VBR 2 by using an ECR.

    image

    The following table describes how CIDR blocks are allocated in this example. You can allocate CIDR blocks based on your business requirements. Make sure that the CIDR blocks do not overlap with each other.

    Entity

    CIDR block

    Data center

    10.10.10.0/24

    VPC

    192.168.1.0/24

    VBR 1

    IPv4 address of the gateway on the Alibaba Cloud side: 10.0.0.1

    IPv4 address of the gateway on the customer side: 10.0.0.2

    IPv4 subnet mask: 255.255.255.252

    VBR 2

    IPv4 address of the gateway on the Alibaba Cloud side: 10.0.0.5

    IPv4 address of the gateway on the customer side: 10.0.0.6

    IPv4 subnet mask: 255.255.255.252

    Prerequisites

    Step 1: Specify the active and standby VBRs and forward traffic to the active VBR

    You need to configure a routing policy in Cloud Enterprise Network (CEN) to set VBR 1 as the active VBR, set VBR 2 as the standby VBR, and forward traffic from VBR 2 to VBR 1.

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you want to manage.

    3. Navigate to the Basic Settings > Transit Router tab and click the ID of the transit router that you want to manage.

    4. On the details page of the transit router, click the Route Table tab.

    5. In the left-side area of the route table details page, click the ID of the default route table.

    6. On the details page of the default route table, click the Routing Policies tab.

    7. On the Routing Policies tab, click Add Route Map.

    8. On the Add Routing Policy page, configure the parameters described in the following table and click OK.

      Parameter

      Description

      Policy Priority

      The priority of the routing policy. Valid values: 1 to 100. A smaller value indicates a higher priority.

      In this example, 20 is used.

      Description

      The description of the routing policy.

      Associated Route Table

      The route table to be associated with the routing policy.

      You can associate a routing policy with the system route table or a custom route table. In this example, the default route table is selected.

      Policy Direction

      The direction in which the routing policy applies. Valid values:

      • Ingress Regional Gateway: Routes are advertised to the transit router deployed in the current region. For example, routes are advertised from network instances deployed in the current region or transit routers deployed in other regions to the transit router deployed in the current region.

      • Egress Regional Gateway: Routes are advertised from the transit router deployed in the current region. For example, routes are advertised from the transit router deployed in the current region to network instances deployed in the current region or transit routers deployed in other regions.

      In this example, Ingress Regional Gateway is selected.

      Match Conditions

      The match condition of the routing policy.

      In this example, Source Instance ID List is selected and the ID of VBR 1 is selected. This way, the routing policy applies to all routes of VBR 1.

      Click 添加Add Match Condition to add multiple match conditions. For more information, see the "Table 2. Match conditions" section of the Routing policy overview topic.

      Policy Action

      Set the Policy Action parameter to Allow and set a priority for routes.

      To set a priority for routes, click 添加Add Action Object, select Route Priority from the drop-down list, and then enter a value in the input box. A smaller value indicates a higher priority. In this example, the Route Priority parameter is set to 10.

      Note

      In this example, You do not need to configure the Associated Policy Priority parameter for VBR 1.

    9. Repeat the preceding steps to set VBR 2 as the standby VBR.

      The following table describes only the key parameters. Use the same values as VBR 1 for the other parameters.

      Parameter

      Description

      Policy Priority

      A smaller value indicates a higher priority. The priority value of the routing policy for VBR 2 must be greater than that of the routing policy for VBR 1.

      In this example, 30 is used.

      Match Conditions

      In this example, Source Instance ID List is selected and the ID of VBR 2 is selected. This way, the routing policy applies to all routes of VBR 2.

      Policy Action

      Set the Policy Action parameter to Allow and set a priority for routes.

      • A smaller value indicates a higher priority. The priority value of routes for VBR 2 must be greater than that of routes for VBR 1. In this example, the Route Priority parameter is set to 20.

      • In this example, you do not need to configure the Associated Policy Priority parameter for VBR 2.

    Step 2: Create and start a failure drill task for Express Connect circuit 2

    You need to create and start a failure drill task for Express Connect circuit 2 that is associated with VBR 2. The failure drill task disables Express Connect circuit 2 and VBR 2 to simulate failure scenarios. For more information, see the Create a failure drill task and Start a failure drill task sections of the "Use the failure drill feature" topic.

    Step 3: Delete the associated forwarding correlation between VBR 2 and the transit router

    Delete the associated forwarding correlation between VBR 2 and the transit router.

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you want to manage.

    3. Navigate to the Basic Settings > Transit Router tab and click the ID of the transit router that you want to manage.

    4. On the details page of the transit router, click the Route Table tab.

    5. In the left-side section, click the ID of the route table that you want to manage. On the details page of the route table, click the Route Table Association tab.

    6. On the Route Table Association tab, find the network instance connection that you want to manage and click Delete in the Actions column.

    7. In the Delete Association message, confirm the information and click OK.

    Step 4: Delete the route learning policy between VBR 2 and the transit router

    Delete the route learning policy between VBR 2 and the transit router.

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you want to manage.

    3. Navigate to the Basic Settings > Transit Router tab and click the ID of the transit router that you want to manage.

    4. On the details page of the transit router, click the Route Table tab.

    5. In the left-side section, click the ID of the route table that you want to manage. On the details page of the route table, click the Route Table Association tab.

    6. On the Route Table Association tab, find the network instance connection that you want to manage and click Delete in the Actions column.

    7. In the Delete Association message, confirm the information and click OK.

    Step 5: Disassociate VBR 2 from the transit router

    You must disassociate VBR 2 from the transit router before you can associate VBR 2 with the ECR.

    1. Log on to the CEN console.

    2. On the Instances page, find the CEN instance that you want to manage and click the instance ID.

    3. On the Basic Information tab of the instance details page, click the Transit Router tab. On the Transit Router tab, find the transit router that you want to manage and click its ID.

    4. On the Intra-region Connections tab, find the connection between VBR 2 and the transit router and click Detach in the Actions column.

    5. In the dialog box that appears, confirm the information and click OK.

    Step 6: Associate the VPCs with the ECR

    Associate VPC 1 and VPC 2 with the ECR.

    1. Log on to the Express Connect console.

    2. In the top navigation bar, select a region.

    3. In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR.

    1. On the ECR details page, click the VPC tab. On the VPC tab, click Associate VPC.

    2. In the Associate VPC dialog box, configure the parameters described in the following table and click OK.

      Parameter

      Description

      Region

      The region in which the VPC resides.

      Resource Owner

      The type of the account to which the VPC belongs. Valid values:

      • Current Account

      • Another Account

      VPC ID

      The ID of the VPC.

      Allowed Route Prefixes

      The prefixes of the routes that you want to advertise to the local network by using the ECR.

    Step 7: Add routes to the VPCs

    Repeat the following procedure to add routes to VPC 1 and VPC 2.

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click Route Tables.

    3. In the top navigation bar, select the region to which the route table belongs.

    4. On the Route Tables page, find the route table that you want to manage and click its ID.

    5. On the details page of the route table, choose Route Entry List > Custom Route. On the Custom Route tab, click Add Route Entry.

    6. Parameter

      Description

      Name

      The name of the custom route.

      Resource Group

      The resource group to which the next hop belongs.

      Destination CIDR Block

      The destination CIDR block to which traffic is forwarded and the type of the destination CIDR block. In this example, IPv4 CIDR Block is selected and 10.10.10.0/24 is used as the destination CIDR block.

      Next Hop Type

      The type of the next hop. In this example, Transit Router is selected.

      Transit Router

      The name of the transit router.

      Description

      The description of the custom route.

    Step 8: Associate VBR 2 with the ECR

    1. Log on to the Express Connect console.

    2. In the top navigation bar, select a region.

    3. In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR.

    4. Click the VBR tab. On the VBR tab, click Associate VBR.

    5. In the Associate VBR dialog box, configure the parameters described in the following table and click OK.

      Parameter

      Description

      Resource Owner

      The type of the account to which the VBR belongs. Valid values:

      • Current Account

      • Another Account

      Region

      The region in which the VBR resides.

      Network Instance

      The VBR that you want to associate with the ECR. In this example, VBR 2 is selected.

    Step 9: Configure routes and health checks in the data center

    You need to configure routes and health checks in the data center, and then configure the gateway device to route network traffic based on the health check results. This way, active/active connections can be established between the data center and Alibaba Cloud by using two Express Connect circuits.

    1. Configure routes in the data center.

      The configuration commands may vary based on gateway devices. The following example is for reference only. For more information about the configuration commands, consult the vendor of your gateway device. 

      # Configure routes in the data center to route network traffic to the VPCs.
ip route 192.168.0.0 255.255.0.0 10.0.0.1
ip route 192.168.0.0 255.255.0.0 10.0.0.5
# Configure the return route of the probe packets.
ip route <Source IP address for health checks> 255.255.255.255 10.0.0.1
ip route <Source IP address for health checks> 255.255.255.255 10.0.0.5

    2. Configure health checks in the data center.

      You can configure Bidirectional Forwarding Detection (BFD) or Network Quality Analyzer (NQA) on the gateway device in the data center to test the reachability of routes destined for VBRs. For more information about the configuration commands, consult the vendor of your gateway device.

    3. Configure the gateway device to route network traffic based on health check results.

      The configuration may vary based on the network environment. For more information about the configuration commands, consult the vendor of your gateway device.

    Step 10: Finish the failure drill task for Express Connect circuit 2

    Finish the failure drill task that is created for Express Connect circuit 2 and restore Express Connect circuit 2 and VBR 2 to the previous state. For more information, see the Finish a failure drill task section of the "Use the failure drill feature" topic.

    Step 11: View the traffic monitoring data

    After the preceding steps are complete, check the traffic monitoring data of VBR 2 to ensure that the ECR connection after the migration starts to forward traffic. Then, you can proceed to migrate from another transit router connection.

    1. Log on to the Express Connect console.

    2. In the top navigation bar, select a region. In the left-side navigation pane, click Virtual Border Routers (VBRs).

    3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click the 监控 icon in the Monitor column to view the traffic monitoring data.

    Step 12: Remove the static routes that point to the transit router from the VPCs

    After the preceding steps are complete, outbound traffic is forwarded by using VBR 1 and Express Connect circuit 1, and inbound traffic is forwarded by using two Express Connect circuits and two VBRs. In this case, you must remove the static routes that point to the transit router from VPC 1 and VPC 2 to allow inbound and outbound traffic to be forwarded by using VBR 2.

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click Route Tables.

    3. In the top navigation bar, select the region to which the route table belongs.

    4. On the Route Tables page, find the route table that you want to manage and click its ID.

    5. On the details page of the route table, choose Route Entry List > Custom Route. On the Custom Route tab, find the route that you added in Step 7, and click Delete in the Actions column. In the message that appears, click OK.

    Step 13: Create and start a failure drill task for Express Connect circuit 1

    You need to create and start a failure drill task for Express Connect circuit 1 that is associated with VBR 1. The failure drill task disables Express Connect circuit 1 and VBR 1 to simulate failure scenarios. For more information, see the Create a failure drill task and Start a failure drill task sections of the "Use the failure drill feature" topic.

    Step 14: Delete the associated forwarding correlation between VBR 1 and the transit router

    Delete the associated forwarding correlation between VBR 1 and the transit router.

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you want to manage.

    3. Navigate to the Basic Settings > Transit Router tab and click the ID of the transit router that you want to manage.

    4. On the details page of the transit router, click the Route Table tab.

    5. In the left-side section, click the ID of the route table that you want to manage. On the details page of the route table, click the Route Table Association tab.

    6. On the Route Table Association tab, find the network instance connection that you want to manage and click Delete in the Actions column.

    7. In the Delete Association message, confirm the information and click OK.

    Step 15: Delete the route learning policy between VBR 1 and the transit router

    Delete the route learning policy between VBR 1 and the transit router.

    1. Log on to the CEN console.

    2. On the Instances page, click the ID of the CEN instance that you want to manage.

    3. Navigate to the Basic Settings > Transit Router tab and click the ID of the transit router that you want to manage.

    4. On the details page of the transit router, click the Route Table tab.

    5. In the left-side section, click the ID of the route table that you want to manage. On the details page of the route table, click the Route Table Association tab.

    6. On the Route Table Association tab, find the network instance connection that you want to manage and click Delete in the Actions column.

    7. In the Delete Association message, confirm the information and click OK.

    Step 16: Disassociate VBR 1 from the transit router

    You must disassociate VBR 1 from the transit router before you can associate VBR 1 with the ECR.

    1. Log on to the CEN console.

    2. On the Instances page, find the CEN instance that you want to manage and click the instance ID.

    3. On the Basic Information tab of the instance details page, click the Transit Router tab. On the Transit Router tab, find the transit router that you want to manage and click its ID.

    4. On the Intra-region Connections tab, find the connection between VBR 1 and the transit router and click Detach in the Actions column.

    5. In the dialog box that appears, confirm the information and click OK.

    Step 17: Associate VBR 1 with the ECR

    1. Log on to the Express Connect console.

    2. In the top navigation bar, select a region.

    3. In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click the name of the ECR.

    4. Click the VBR tab. On the VBR tab, click Associate VBR.

    5. In the Associate VBR dialog box, configure the parameters described in the following table and click OK.

      Parameter

      Description

      Resource Owner

      The type of the account to which the VBR belongs. Valid values:

      • Current Account

      • Another Account

      Region

      The region in which the VBR resides.

      Network Instance

      The VBR that you want to associate with the ECR. In this example, VBR 1 is selected.

    Step 18: Finish the failure drill task for Express Connect circuit 1

    Finish the failure drill task that is created for Express Connect circuit 1 and restore Express Connect circuit 1 and VBR 1 to the previous state. For more information, see the Finish a failure drill task section of the "Use the failure drill feature" topic.

    Step 19: View the traffic monitoring data

    Check the traffic monitoring data of VBR 2 to ensure that the ECR connection after the migration starts to forward traffic. This way, the migration is complete. Traffic is forwarded from and to the cloud based on active/active connections that are established by associating an ECR and two Express Connect circuits.

    1. Log on to the Express Connect console.

    2. In the top navigation bar, select a region. In the left-side navigation pane, click Virtual Border Routers (VBRs).

    3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click the 监控 icon in the Monitor column to view the traffic monitoring data.