Configuring Health Check for Redundant Physical Connection Access on Express Connect
Join us at the Alibaba Cloud ACtivate Online Conference on March 5–6 to challenge assumptions, exchange ideas, and explore what is possible through digital transformation.
Typically, when building a hybrid cloud environment on Alibaba Cloud, an internet data center (IDC) must communicate with Alibaba Cloud Virtual Private Cloud (VPC) through a physical connection. In addition to this, multiple-connection redundancy is required for the hybrid cloud to be stable, and the redundancy switching function is performed in the VPC. You can configure and manage the network through the VPC console.
In this article, we’ll show you how to configure health checks for redundant Express Connect connections when building a hybrid cloud environment on Alibaba Cloud.
IP Address Mechanism for VPC Health Checks
Note: The health check IP and the dedicated line link channel are mapped on a one-to-one correspondence.
When health monitoring fails on one link, Alibaba Cloud VPC will switch the connection to the healthy link. For example, if the blue link fails, traffic will be switched to the green link instead.
How Is Leased Line Redundancy Implemented through Health Check IP Addresses?
After you configure the health check IP addresses, two IP addresses are retained in the VPC as the source IP addresses for the health check. Configure the policy to send a ping packet every 2 seconds and switch the route if eight consecutive ping packets fail to get a response.
What Are the Health Check Paths and Their Mapping?
As shown in the following figure, two health check paths are available.
- Green: health check IP-1 > VRouter interface ri-1 > peering connection IP-1
- Blue: health check IP-2 > VRouter interface ri-2 > peering connection IP-2
How Do I Configure Routes on the CPE?
Configure two 32-bit static routes to two API IP addresses of Alibaba Cloud over two different leased lines.
For the green leased line: IP route — health check IP-1 255.255.255.255 — peering Alibaba Cloud IP-1
For the blue leased line: IP route — health check IP-2 255.255.255.255 — peering Alibaba Cloud IP-2
Note: If the leased line learns a route over BGP, you need to advertise this 32-bit route to the peer IDC in VBR Management.
CPE cannot block ICMP pings. To ensure that the CPE can be pinged by health check of Alibaba Cloud, do not limit the rate of health check data packets. Limiting the rate will cause packet loss and failure of the health check, resulting in unexpected route switching.
Make sure to configure the route to the VPC correctly on the Alibaba Cloud VBR.
A health check IP address must not be occupied by cloud products (such as ECS and RDS). It must be an available IP address under the VSwitch. Once an available IP address is allocated to health check, it will not be allocated to other cloud products.
Health Check IP Address Configuration
On the Alibaba Cloud Console, navigate to the Express Connect > VRouter Interface. Locate the row that contains the target VRouter interface and click More > Health Check in the Actions column.
Because health check IP addresses are configured within the VPC, you must select a VPC-side VRouter interface.
Enter the source IP address and destination IP address in health check. Click OK.
After performing the preceding configuration, you can see the status of the health check IP address.
- Normal indicates that the ECMP route in the VPC takes effect. The destination IP address can be detected by the health check IP address.
- Abnormal indicates that the ECMP route in the VPC fails. The destination IP address cannot be detected by the health check IP address. The VPC does not send traffic to the EC VRouter interface in the abnormal direction.
- Unknown indicates that ECMP route associated with this VRouter interface is configured in the VPC.
Repeat the preceding steps to configure the second health check IP address for the VPC-side VRouter interface.
Description of ECMP Routes in the VPC
The IP address mechanism of health check relies on the ECMP route. Make sure to correctly configure the ECMP route in the VPC.
On the Alibaba Cloud Console, navigate to Virtual Private Cloud > VRouter > Add Route > ECMP Route.
You may enter an IDC CIDR block and select a VRouter interface and an EMCP route as needed. If two physical connections are required, select two VRouter interfaces as the next hop.
If the health check IP address of one Alibaba Cloud VPC API is abnormal, the VPC VRouter automatically disables the ECMP route to this API. In this way, all traffic is sent to the enabled API, implementing redundancy switching.
Note that if the IP addresses of both APIs are abnormal, no route is available for sending traffic to the IDC over the leased line.
Similar to the single VPC scenario, health check IP addresses are still deployed in your VPC. However, you must configure health check IP addresses separately for each VPC that is connected to a redundant leased line.
This way, the redundancy protection mechanism of physical connections can be implemented.