After an Express Connect circuit is provisioned, you can create a virtual border router (VBR) for the circuit to route traffic between a Virtual Private Cloud and an on-premises data center.
Background information
A VBR is a router that connects the customer premises equipment (CPE) in your on-premises data center to a VPC. A VBR has a route table. You can configure route entries in the route table to manage traffic forwarding on the VBR. A VBR provides the following features:
Acts as an intermediate router to exchange data packets between a VPC and an on-premises data center.
Determines the port mode of the physical connection interface: a Layer 3 routed interface or a VLAN-based Layer 3 subinterface.
In Layer 3 subinterface mode, the VBR recognizes or attaches VLAN tags.
Supports dynamic routing with BGP.
Create a VBR instance
Log on to the Express Connect console.
In the top navigation bar, select the target region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
On the Virtual Border Routers (VBRs) page, click Create VBR.
In the Create VBR panel, configure the following parameters and click OK.
Parameter
Description
Account
The account that is used to create the VBR. By default, Current Account is selected to create the VBR in your current Alibaba Cloud account.
Name
Enter a name for the VBR.
Resource Group
Select the resource group to which the VBR belongs.
You can also add the VBR to a resource group after you create the VBR. On the VBR instance list, find the target instance and click Add to Resource Group in the Resource Group column.
Tags
Select an existing tag or enter a new key-value pair. You can add tags to VBR instances to classify and manage them.
Physical Connection Interfaces
Select the type of physical connection interface to associate with the VBR. Make sure the Express Connect circuit is provisioned and active, and then select the specific physical connection interface from the drop-down list.
The following interface types are supported:
Dedicated: Create a VBR for a dedicated connection.
Hosted: Create a VBR for a hosted connection.
VLAN ID
Enter a VLAN ID for the VBR. Valid values: 0 to 2999.
The VLAN ID specifies the port mode:
If you set the VLAN ID to 0, the physical switch port of the VBR uses Layer 3 routed interface mode. In this mode, each Express Connect circuit corresponds to one VBR.
If you set the VLAN ID to a value from 1 to 2999, the physical switch port of the VBR uses a VLAN-based Layer 3 subinterface. In this mode, each VLAN ID corresponds to one VBR. This allows a single Express Connect circuit to connect to VPCs under different Alibaba Cloud accounts. VBRs in different VLANs are isolated at Layer 2 and cannot communicate with each other.
Take note of the following configuration details:
When you configure a VLAN ID for a dedicated connection, make sure that all Layer 2 or Layer 3 devices between the carrier's circuit, the Alibaba Cloud VBR, and your on-premises access device have VLAN trunking enabled. This ensures that the devices recognize your VLAN tags and allow traffic to pass without VLAN translation. Otherwise, you may encounter connectivity issues.
If the VLAN ID for a dedicated connection is set to 0, you cannot create other subinterfaces with different VLANs on the VBR.
When you configure a VLAN ID for a hosted connection, the VLAN ID is inherited from the hosted connection and you cannot change it.
VBR Bandwidth
Set the bandwidth for the VBR.
This parameter is not required when you create a VBR for a hosted connection. The VBR automatically inherits the bandwidth of the hosted connection.
Alibaba Cloud Side IPv4 Address
Enter the gateway IPv4 address for traffic from the VPC to the on-premises data center. The Alibaba Cloud Side IPv4 Address and the Data Center Side IPv4 Address must be in the same subnet.
Data Center Side IPv4 Address
Enter the gateway IPv4 address for traffic from the on-premises data center to the VPC.
NoteIf cloud resources in the VPC need to access the Alibaba Cloud-side or customer-side IPv4 interconnect IP addresses, you must add a route entry to the VBR route table. The destination of the route entry must be the subnet that contains the interconnect IP addresses, and the next hop must point to the Express Connect circuit. For more information, see Add a custom route entry.
IPv4 Subnet Mask
The subnet mask for the Alibaba Cloud-side and customer-side IPv4 addresses. Because only two IP addresses are required, you can use a longer subnet mask.
Support IPv6
Specifies whether to enable IPv6 for the VBR.
Disable: This is the default value. IPv6 is not enabled.
Enable: Enables IPv6 for the VBR. After IPv6 is enabled, you cannot disable it. Configure the following parameters for the VBR:
Alibaba Cloud Side IPv6 Address: Enter the gateway IPv6 address for traffic from the VPC to the on-premises data center. The Alibaba Cloud Side IPv6 Address and the Data Center Side IPv6 Address must be in the same subnet.
Data Center Side IPv6 Address: Enter the gateway IPv6 address for traffic from the on-premises data center to the VPC.
IPv6 Subnet Mask: The subnet mask for the Alibaba Cloud-side and customer-side IPv6 addresses.
Modify VBR bandwidth
You can modify the bandwidth of free VBR instances.
Log on to the Express Connect console.
In the top navigation bar, select the target region. In the left-side navigation pane, click Physical Connection.
On the Physical Connection page, click the ID of the target physical connection interface.
On the details page of the physical connection interface, find the target VBR instance and click Bandwidth Settings in the Actions column.
In the Bandwidth Settings panel, select a value for Bandwidth Cap and click OK.
Modify VBR information
Log on to the Express Connect console.
In the top navigation bar, select the target region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
On the Virtual Border Routers (VBRs) page, find the target VBR instance and click Modify in the Actions column.
Modify the VBR instance information and click OK.
Parameter
Description
VLAN ID
Enter a VLAN ID for the VBR. Valid values: 0 to 2999.
If you set the VLAN ID to 0, the physical switch port of the VBR uses Layer 3 routed interface mode. In this mode, each Express Connect circuit corresponds to one VBR.
If you set the VLAN ID to a value from 1 to 2999, the physical switch port of the VBR uses a VLAN-based Layer 3 subinterface. In this mode, each VLAN ID corresponds to one VBR. This allows a single Express Connect circuit to connect to VPCs under different Alibaba Cloud accounts. VBRs in different VLANs are isolated at Layer 2 and cannot communicate with each other.
For example, a company has multiple subsidiaries or departments, each with its own Alibaba Cloud account and VPC. If the parent company applies for the Express Connect circuit, it can assign a unique VLAN ID to each subsidiary or department. When you create router interfaces, you can use VLAN IDs to segment the traffic for each subsidiary or department. This ensures they are isolated at Layer 2.
NoteIf the connection type is a hosted connection, you cannot modify the VLAN ID. To make changes, contact your partner for assistance.
Alibaba Cloud Side IPv4 Address
Enter the gateway IPv4 address for traffic from the VPC to the on-premises data center.
Data Center Side IPv4 Address
Enter the gateway IPv4 address for traffic from the on-premises data center to the VPC.
IPv4 Subnet Mask
The subnet mask for the Alibaba Cloud-side and customer-side IPv4 addresses. Because only two IP addresses are required, you can use a longer subnet mask.
Support IPv6
Specifies whether to enable IPv6 for the VBR.
Disable: This is the default value. IPv6 is not enabled.
Enable: Enables IPv6 for the VBR. After IPv6 is enabled, you cannot disable it. Configure the following parameters for the VBR:
Alibaba Cloud Side IPv6 Address: Enter the gateway IPv6 address for traffic from the VPC to the on-premises data center. The Alibaba Cloud Side IPv6 Address and the Data Center Side IPv6 Address must be in the same subnet.
Data Center Side IPv6 Address: Enter the gateway IPv6 address for traffic from the on-premises data center to the VPC.
IPv6 Subnet Mask: The subnet mask for the Alibaba Cloud-side and customer-side IPv6 addresses.
Support Jumbo Frame
When enabled, the VBR supports jumbo frames with an MTU of 8,500. By default, this feature is disabled, and the MTU is 1,500. Note the following:
You can enable jumbo frames only after you associate the VBR with an Express Connect Router (ECR).
Modifying the jumbo frame setting causes a brief network interruption. Make sure that you have business continuity measures in place.
According to the Path MTU Discovery (PMTUD) mechanism, the smallest MTU of any link in the path determines the path's effective MTU. If a device on the path does not support jumbo frames, the actual MTU for that path is 1,500. For example:
If two VBRs use Equal-Cost Multi-Path (ECMP) routing and one of them has jumbo frames disabled, the MTU for the entire path is 1,500.
If two VBRs are configured in an active-standby pair where the active VBR has jumbo frames enabled and the standby VBR does not, the MTU of the active path is 8,500. If the active path fails and traffic switches to the standby path, the path MTU becomes 1,500.
For a list of ECS instance types that support jumbo frames, see Instance types that support jumbo frames.
BFD Parameter
After you enable Bidirectional Forwarding Detection (BFD), a BFD session is established between the Alibaba Cloud side and your on-premises data center. After the session is established, both ends periodically send BFD packets. If an endpoint does not receive a BFD packet within the detection time, it considers the link down.
NoteThe configured BFD parameters take effect only when BFD is enabled. For more information about how to enable BFD, see Configure and manage BGP.
Submission Interval: The interval at which BFD packets are sent. Valid values: 200 to 1,000. Unit: milliseconds.
Reception Interval: The interval at which BFD packets are expected to be received. Valid values: 200 to 1,000. Unit: milliseconds.
Detection Time Multiplier: The number of consecutive BFD packets that an endpoint can miss before it considers the BFD session down. Valid values: 3 to 10.
Increase VBR quota
After you enable outbound traffic billing, you can create a maximum of five VBRs for each Express Connect circuit instance in your account. To request a quota increase, do the following:
Go to the Quota Center page, search for the ec_quota_same_acount_vbr_per_pconn quota, and click Ticket in the Actions column.
Delete a VBR instance
You can delete VBR instances that you no longer need. Before you delete a VBR instance, release the following associated resources:
Delete all route entries. For more information, see Delete a custom route entry and Delete a prefix-based route.
Delete all BGP peers, BGP groups, and advertised BGP CIDR blocks. For more information, see Configure and manage BGP.
Delete the failover group. For more information, see Configure a failover group.
Unbind the Cloud Enterprise Network (CEN) instance. For more information, see Unbind from a CEN instance.
Delete the peering connection. For more information, see Delete a VBR uplink connection.
If the VBR instance is associated with multiple physical connection interface instances, unbind them.
Log on to the Express Connect console.
In the top navigation bar, select the target region. In the left-side navigation pane, click Virtual Border Routers (VBRs).
On the VBR page, find the target VBR instance and click Delete in the Actions column.
NoteTo delete a VBR associated with multiple physical connection interfaces, you must first unbind them. To do this, click the ID of the VBR instance. Then, on the Physical Connection Interfaces tab, find the target physical connection interface and click Disassociate in the Actions column.
In the Delete VBR dialog box, click OK.
Related APIs
AttachVbrToVpconn: Associates a VBR with a hosted connection.
CreateVirtualBorderRouter: Creates a VBR instance.
DescribeVirtualBorderRouters: Queries created VBR instances.
DescribeVirtualBorderRoutersForPhysicalConnection: Queries the VBR instances that are associated with a specified Express Connect circuit. This includes VBRs owned by the Express Connect circuit owner and by other Alibaba Cloud accounts.
DeleteVirtualBorderRouter: Deletes a VBR instance.
ListVirtualPhysicalConnections: Queries information about hosted connections.
ModifyVirtualBorderRouterAttribute: Modifies the attributes of a VBR instance.
UpdateVirtualBorderBandwidth: Updates the outbound bandwidth cap of a VBR instance.