In our e-book “Start-Up to Scale Up”, we follow the journey of a fictional startup, tracking how its network evolves and begins to work on an international scale.
Driving business growth is a top priority for start-ups and SMEs, and to do this as effectively as possible companies must think about how to scale their network. Building your network into a scalable, reliable and cost-efficient solution that supports business growth is a vital asset amid today’s rapidly changing economy.
Scaling any network is not an easy feat and comes with significant challenges. It’s important that it can be deployed globally, as even if your business is currently focused on one region or country, it is likely to have global ambitions, and your network should not hamper these. Flexibility is also a vital network attribute — can it grow as your business does? Will it allow you to allocate bandwidth resources across regions and scale at any time? This will help to provision for a blog post or video that generates high traffic or a sales day that puts your e-commerce facilities to the test.
Click here to read Alibaba Cloud’s e-book, following the journey of a fictional startup, tracking how its network evolves and begins to work on an international scale.
Building a reliable network is also a top priority for businesses, so they can be sure it is secure, and that their customers will experience their sites and digital assets as intended, with high speeds and low latency. Alibaba Cloud’s Cloud Enterprise Network is a low-latency and high-speed solution, offering far superior latency compared to the public network. CEN is more than 1,000 times faster than the Internet. Alibaba Cloud also provides a comprehensive suite of security services, including Anti-DDoS, Web Application Firewall and Server Guard.
Early-stage businesses have to watch costs closely, and so running a network in the most cost-effective way, with minimal intervention, is important to SMEs as they scale. Alibaba Cloud provides a range of cost-effective solutions and the scalable nature of our cloud-based products and services means you can often pay for what you use and need. And, as your business grows, its cloud network can be elastically resized at any time to meet its changing requirements.
Running a network shouldn’t be a chore, it should be easy to manage and quick to deploy. The majority of Alibaba Cloud’s products are ready out-of-the-box, on-demand and can be rapidly deployed through the platform. For example, you can start using the CEN service in just four steps, meaning it takes as little as five minutes to set up.
Growing your business and growing your network go hand in hand. Although both come with challenges, Alibaba Cloud’s suite of networking solutions provides a scalable, reliable and cost-effective network solution that helps facilitate business growth. To learn more about how a startup can use these different networking benefits to support business growth read our e-book, Networking — Start-Up to Scale Up.
loud networking is a type of infrastructure where network capabilities and resources are available on demand through hosting on the Alibaba Cloud platform. The Networking Engineer Career Path teaches users the basics of creating a Cloud server and how to set up a range of network scenarios. Improve your ability to make connections on the cloud, earn a professional certificate from the Academy and advance your career!
This course aims to help Alibaba Cloud users quickly understand Alibaba Cloud network products, so as to have the ability to select Alibaba Cloud Network services according to scenarios, to enable individual users or enterprise users to quickly understand cloud network technology. The course mainly focuses on the services of three parts: Cloud Network, Interconnected Cloud Network and Connection to Cloud Network. Each part is composed of specific Alibaba Cloud Network services.
This course is associated with Network Series Courses. You must purchase the certification package before you are able to complete all lessons for a certificate.
This course is associated with Introduction to Network Attached Storage. You must purchase the certification package before you are able to complete all lessons for a certificate.
We have access to online software products whose nuts and bolts live in external data centers, even just a search engine that we use.
The cloud is everywhere. We all have access to online software products whose nuts and bolts live in external data centers, even if it’s just a search engine that we use. Yet it seems like only a moment ago that the daily grind involved bulky hardware, tripping over wires, and waiting for the engineers to visit. IT networking was about cables and switches, boxes and towers, heavy lifting and manual restarts, and keeping server rooms and management cool.
Then cloud companies sprang up offering to virtualize our on-premises IT services and move them to the cloud, including our network infrastructure. Since then, networking in the cloud has made what was once a manual and often stressful business, a reasonably trivial user interface experience.
Cloud networking simplifies and economizes small to very large network infrastructures. It provides solutions for the most basic requirements to vast network architectures. Alibaba Cloud has everything you need to run your successful online business in the cloud. Alibaba Cloud offers Virtual Private Cloud (VPC) solutions that include flexible network and subnet setups, load balancing, VPN and the NAT Gateway, network security, dedicated support, and much more.
Computer networks connect people to people, people to services, and machines to machines. Like people, network servers have addresses that allow them to communicate with each other. Server IP addresses are numerical labels mapped to website addresses (URLs) by domain name system (DNS) servers.
Virtual cloud networks are the same, except the processing is done at enormous data centers around the world and the low-level details of how it happens are irrelevant to the end user, who may or may not be a network administrator.
Alibaba Cloud simplifies setting up and managing IT infrastructure in the cloud. What may have once taken months and thousands of hours and vast teams to develop and implement can now be achieved at your desk in a few days or even hours.
Let’s look at a simple example of an Alibaba Cloud VPC. The image below shows a small company’s VPC infrastructure. They are running a few ECS server instances in the cloud. These are Alibaba Cloud Elastic Compute Service (ECS) instances. ‘Elastic’ means the server can be reconfigured at any time and you can have your servers grow or diminish in memory or processing power whenever you like.
The user clicks through to a public Internet IP address and the request goes to the router. The network administrator has configured an Alibaba Cloud NAT Gateway on the router which translates (or NATs) public IPs to the private subnet IPs in the VPC and routes the request to the correct ECS instance. Every Alibaba Cloud VPC comes with one configurable router and you can add as many switches and servers as you need.
As your business and online traffic grows, you might want to build another Alibaba Cloud VPC in another region to help with load balancing. You can connect them with an Alibaba Cloud VPN Gateway. These provide secure and reliable transfer tunnels for traffic flowing between private networks. Alibaba Cloud VPN Gateway is an out-of-the-box service designed for easy configuration and immediate function.
You can also manage your peak throughput with Alibaba Cloud’s substantially stress-tested Server Load Balancer. A server load balancer ensures high availability to applications which may experience sudden spikes in traffic such as a busy e-commerce site might on the 11–11 Global Shopping Festival or Black Friday, for example.
The Alibaba Cloud Server Load Balancer guarantees up to 99.9% availability and redistributes traffic automatically across all available regions. It will auto-scale up or down, depending on the load. It monitors and detects unhealthy ECS instances and immediately reroutes the traffic to healthy instances. It also protects your network from SYN flood and DDoS attacks. Like your ECS instances, Alibaba Cloud offers a Pay-As-You-Go model for Server Load Balancer and is up to 60% more cost-effective when compared to traditional load balancers.
If you are worried about network reliability, Alibaba Cloud Server Load Balancer is built to cope with extreme levels of high volume traffic. Each year in November, the Alibaba Cloud Server Load Balancer is put to the test during Alibaba’s annual 11–11 Global Shopping Festival, now four times bigger than Black Friday in the U.S. Alibaba relies on Server Load Balancer to provide uninterrupted shopper access by switching requests between data centers and transferring transactions to healthy and available servers in regions located up to over 1,000 kilometers away.
In the case of server failure, the public IP address never changes and the user is protected from backend performance issues. Server Load Balancer also has a host of configuration and algorithm options making your network design simple and flexible.
Furthermore, Alibaba Cloud offers you the freedom to architect your own cloud solution that can be as big and as detailed as you wish. If you start small and your business grows, scaling up is a matter of just a few clicks inside the Alibaba Cloud user console.
Along with cloud networking products and services, Alibaba Cloud offers Domain Name System (DNS) servers, Content Delivery Network (CDN) for speedy delivery of your images and caches, and web application firewall (WAF) for protecting your sites from online attacks.
In this article, we will discover how to build global enterprise networks quickly with Alibaba Cloud Enterprise Network.
For a distributed or hybrid network, the interconnectivity between different tenants is crucial. There are many ways to connect different parts of a network depending on your business needs. For a small hub and spoke type network, a Virtual Private Network (VPN) connection will suffice. But as your network grows geographically, you need to connect different tenants with a low-latency, high-speed network with a systematic and centralized network management platform. Above all, redundant connections to ensure the connectivity even in disastrous conditions is highly desirable.
Alibaba Cloud Enterprise Network (CEN) fulfils these requirements for both small and large enterprise network architectures. CEN helps to build a business system that is distributed in the hybrid cloud or over Alibaba Cloud across multiple geographic locations.
It is simple to use; you can bring up the connectivity between two tenants in only a few minutes. Furthermore, it provides free connectivity between different data centers located in the same region, making it perfect for distributed disaster recovery solutions. CEN features high availability and network redundancy. As stated in the official documentation, there are at least four redundant links between any two access points. If a link is interrupted, CEN can ensure service continuity without network jitter and interruption. It dynamically detects the links and chooses the shortest path. You can learn more about CEN features here.
This quick start guide will help you to quickly setup your desired solution. There are two scenarios covered in this tutorial; you can choose the one most suitable for your business needs.
A. Connecting two VPCs in the same Region but different zones.
B. Connecting two VPCs in different Regions.
Connecting Two VPCs in the Same Region
- An active Alibaba Cloud account
- Two isolated VPCs and two ECS instances provisioned. You should have a VPC and ECS instance pair in each zone.
Step 1: Create CEN instance
The product is already activated for each account. Go to the CEN management console and click on Create CEN Instance.
Under Create Instance:
- Enter the instance name. I have chosen “infinitycloudConnect” as the name.
- Select VPC under Network Types as we want to connect two Virtual Private Clouds.
- Select the region where your VPC is located.
- Select the VPC from the drop-down menu under Networks. Click OK.
Cloud Enterprise Network allows you to create a global network for rapidly building a distributed business system with a hybrid cloud computing solution.
11.11 The Biggest Deals of the Year. 40% OFF on selected cloud servers with a free 100 GB data transfer! Click here to learn more.
Connecting distributed locations are always a challenge. This becomes quite complicated when the location involve multiple countries and countries with strict inter-connectivity regulations. Alibaba Cloud’s networking solutions offer multiple products that can be ease this complexity and allow seamless connectivity between locations.
Cloud Enterprise Network (CEN) is a service that allows you to create a global network for rapidly building a distributed business system with a hybrid cloud computing solution. CEN enables you to build a secure, private, and enterprise-class interconnected network between VPCs in different regions and your local data centers. CEN provides enterprise-class scalability that automatically responds to your dynamic computing requirements.
Connecting Global Locations
The below diagram looks a global network deployment for a large enterprise. This articles looks at the various connectivity options involved in setting up this global network.
Cloud Enterprise Network provides a hybrid and distributed global network ideal for enterprise users with high demand on network coverage. With its stable transmission and next-generation network environment, the network provides high transmission speed and low latency for end-users.
Cloud Enterprise Network can be used to facilitate communication between VPC to VPC and VPC to IDC. Routing information in CEN can be learned and distributed automatically, which allows CEN to achieve fast routing convergence and improved network quality and security.
In this article, we will provide a solution to the multi-CIDR block issue when connecting different sites using IKEv1 IPSec VPN gateway within a single CEN instance.
By Rohit Kumar, Solutions Architect
Alibaba Cloud provides VPN Gateway as a service that can be used to connect your on-premises data center office or personal devices to Alibaba Cloud VPC. To connect a data center/office network to Alibaba Cloud VPC, you can use IKEv1 or IKEv2 protocols and configure an IPSec connection. However, IKEv1 protocol by default does not support multiple CIDR block selection. The IKEv1 protocol only support a single CIDR block as local traffic selector and a single CIDR block for remote traffic selector. This is a limitation of the protocol itself.
In Alibaba Cloud, we provide the recommendation to use IKEv2 protocol for a better support of multi-CIDR block scenario. However, there are many clients (enterprises) who already use IKEv1 for their VPN requirement and are not in a position to change to IKEv2 protocol when they want to connect different networks in different geographies using Cloud Enterprise Network (CEN) and last mile connectivity with VPN.
In this document, we will provide a solution to the multi-CIDR block issue faced by many clients when setting up a multi-CIDR-block VPN using the IKEv1 Protocol as part of the CEN. This can help connect different sites using IKEv1 IPSec VPN gateway and use within a single CEN instance.
Consider a scenario where you have two offices (or datacenters) in different parts of the world and you want to use CEN to connect to these offices. In that case, once you have created a VPN Gateway using IKEv1 protocol between local office and Alibaba Cloud VPC in local region, you need to add the remote VPC CIDR block from remote region to the VPN tunnel to make sure that all three networks are part of a larger private network. In Alibaba Cloud console, when you try to add more than one ‘Local Network’ or ‘Remote Network’ entry while using IKEv1 protocol, it gives you error “Use the IKEv2 protocol if the local network segment or remote network segment contains multiple subnets.”
As shown in the screenshots below, it is a requirement by Alibaba Cloud (because of protocol requirements) and adding more than 1 pair of CIDR blocks as part of the network gives the error.
To solve the issue of allowing more than one network CIDR block pair as part of the same VPN tunnel, we need to create more than one IPSec connection as part of the same VPN Gateway and IKEv1 protocol. This would allow user to create only one VPN Gateway to connection local office to local VPC and remote network. This way everything would still be part of the same large network even when using IKEv1 protocol.
Here is the architecture diagram to explain the scenario.
In this example implementation, we will be using three different VPCs in Alibaba Cloud in three different regions and use one of them as an on-premises DC, one as local VPC and third one as remote VPC in a different region. All three networks would be part of CEN network to reflect the client requirements and also to show that the solution delivers the intended results.
Cloud Enterprise Network (CEN) is an enterprise class network on Alibaba Cloud that enables organizations to connect their VPCs across regions.
Imagine your rapidly growing business needing to expand from a single region in the United States to three regions across the globe. And you need to achieve this within two weeks to be ahead of the competition. Is this possible?
For enterprise-level networks, you’ll need high speed, low latency, low packet loss connections — VPN + internet is not an option. Here’s what you may face today. First, a bunch of dedicated lines (DL) need to be rented from cloud service providers or ISPs. Usually this step alone could take up to several months.
If there is no in-house networking expertise available, you may have to hire a few network architects or sign a contract with a reliable external party. Even with the expertise, international route configuration for each link could take a few days. To create a full-mesh global network, such as interconnecting 4 global nodes with 6 lines, you’ll need to repeat the above process 6 times!
In reality, it’s highly possible that several DL segments instead of one DL connect two regions, given the complexity of cross-region network design. In the end, building such global enterprise network could take several months instead of two weeks.
What is Cloud Enterprise Network (CEN)?
Cloud Enterprise Network (CEN) is an enterprise class network on Alibaba Cloud that enables organizations to connect their VPCs and on premise networks across regions within a couple of minutes.
To better understand CEN, let’s take a look at some of its key elements:
A CEN instance is the basic resource for creating and managing your global network. You can add network instances into the CEN, and purchase a bandwidth package that can be shared by the cross-regions links connecting two districts.
Network instances are the network resources that can be connected using CEN. The network instances attached to a CEN instance can communicate with each other. The supported network instance types are VPC and virtual border router (vBR).
A bandwidth package is required only for cross-regional communication. Same region communication is free of charge and does not require a bandwidth package. When purchasing a bandwidth package, you need to specify the two interconnected districts that include the network resources to communicate with one another.
A district is a collection of Alibaba Cloud regions, and consists of one or more regions. Interconnection districts are two districts where the network resources to be connected are located. The table lists the districts and their respective regions.
Related Market products
Through this course, you can understand the functions and usage scenarios of Alibaba Cloud Network products, and be able to use basic service functions. Study Now
By the end of this course, you will be able to plan, configure and administer Alibaba Cloud VPC connection using Cloud Enterprise Network (CEN) and establish global connectivity.
Introduction of network basic concepts, switching and routing concepts, load balancing solutions and network security concepts.
Cloud Enterprise Network (CEN) is a highly-available network built on the high-performance and low-latency global private network provided by Alibaba Cloud.
By using CEN, you can establish private network connections between Virtual Private Cloud (VPC) networks in different regions, or between VPC networks and on-premises data centers. CEN supports automatic route distribution and learning, which speeds up network convergence, improves the quality and security of cross-network communications, and interconnects all network resources. CEN helps enterprises build an interconnection network.
This topic describes how to detach a network instance from a CEN instance. After you detach a network instance from a CEN instance, the network instance cannot communicate with other network instances in the CEN instance.
A global network for rapidly building a distributed business system and hybrid cloud to help users create a network with enterprise level-scalability and the communication capabilities of a cloud network
Provides network acceleration service for your Internet-facing application globally with guaranteed bandwidth and high reliability.