Moving IDCs to the Cloud with BGP Primary and Backup Links
By Chen Cheng, Product Manager for Cloud Enterprise Network
Today I will explain how to move customers’ IDCs to the cloud through redundant links, and implement a solution that features the primary-backup link mode using leased lines and Cloud Enterprise Network.
As mentioned above, our goal is to use leased lines and Cloud Enterprise Network to move customers’ IDCs to the cloud through primary and backup links. We then connect the IDCs to the Virtual Private Cloud (VPC) in different regions on the cloud.
Customers’ IDCs have been linked to different virtual boarder routers (VBRs) of Alibaba Cloud and has implemented redundant links through the double redundancy of the leased line. The BGP routing protocol is used between IDC and VBR.
Virtual Private Cloud (VPC) is deployed in different regions on the cloud, including intra-region and cross-region interconnections.
To avoid address conflicts, the network segment of IDC is 10.1.1.0/24, and network segments of VPC in individual regions on the cloud are as follows:
- VPC in Beijing: 192.168.1.0/24
- VPC in Shanghai: 192.168.2.0/24
- VPC in Hong Kong: 192.168.3.0/24
To implement primary-backup link routing (the primary link is prioritized) from Alibaba Cloud to IDC, the following configuration is required:
1. BGP routing on the IDC
We need to declare BGP routing on the IDC side and set the weights. To do this, first let’s assume that the BGP neighbor relationship has been established between IDC and VBR. (For more information about how to configure BGP for VBR, visit https://www.alibabacloud.com/help/doc-detail/52410.htm)
Now configure BGP routing declared to Alibaba Cloud on IDC (10.1.1.0/24), and set AS-Path to determine the routing weight to implement the primary-backup routing mode from Alibaba Cloud to IDC.
Assume that the green link (CPE1) is the primary link and the red link (CPE2) is the backup link. Use the information shown in the following table to configure BGP in the two CPEs on IDC.
Set different length values for AS-Path to implement route selection priority. The shorter As-Path is, the higher the priority is.
2. VBR BGP routing table
VBR1 and VBR2 show the routing information learned from the opposite end and the next hops. Because VBRs have been loaded into Cloud Enterprise Network, VBRs will send BGP routing information learned from IDC to Cloud Enterprise Network, including AS-Path.
3. Full routing table
Because VBRs and VPC have been loaded into Cloud Enterprise Network, BGP routing learned from VBR is also published to Cloud Enterprise Network. Then Cloud Enterprise Network synchronizes routing inside Cloud Enterprise Network based on the route selection weight and other information.
The destination network segments that the two VBRs have learned from IDC are consistent but the routing weight values are different, VBR1 is used as the primary link (with a shorter AS-Path) and VBR2 is used as the backup link (with a longer AS-Path). Therefore, Cloud Enterprise Network will notify other network instances (for example, VPC) of the attribute of this route. As we can see in the routing table of VPC, all routes going to 10.1.1.0/24 point to VBR1.
Cloud Enterprise Network also republishes the system routing inside Cloud Enterprise Network to BGP. Therefore, the learned routing information in Cloud Enterprise Network is included in the BGP routing table of IDC, and the next hop points to the interface IPs of the two VBRs that have established the neighboring relationship with IDC.
Similarly, to set the primary-backup link that goes to the Alibaba Cloud business address (192.168.X.0/24), you can separately set a weight on IDC for the 192.168.X.0/24 routing learned from individual neighbors (VBR1 and VBR2) through the BGP route selection attributes. This allows you to implement the primary-backup route selection from IDC to Alibaba Cloud.
Configure Health Check
After a connection is established through the leased line, to monitor the link quality of the leased line, we recommend each user to configure health check on the leased line. Configuring health check is a necessary so that the traffic can be switched to the other link when one equivalent redundant leased line link is interrupted.
The configuration method is as follows:
- Select CEN where VBR is located and the corresponding VBR.
- For the source IP address, enter an IP address that has not been used within any VPC in CEN.
- For the destination IP address, we recommend that you enter the IP address of the CPE interface that is interconnected with VBR.
We looked at how Cloud Enterprise Network (CEN) helps customers migrate IDCs to the cloud and implement a solution that features the primary-backup link mode.
CEN is a global network for rapidly building a distributed business system and hybrid cloud with enterprise level-scalability. CEN is ideal for enterprise users with high demand on network coverage. With its stable transmission and next-generation network environment, the network provides high transmission speed and low latency for end-users.
To learn more about CEN, visit www.alibabacloud.com/product/cen