Alibaba’s private interconnection service is called Express Connect. Alibaba Express Connect enables customers to create private connections between their remote network environments and their Virtual Private Cloud (VPC) deployments.
When connecting to Alibaba Cloud services via Express Connect with Megaport Cloud Router, customers establish Layer 3 connectivity peering directly from their MCR with their Virtual Private Cloud (VPC) within Alibaba Cloud.
Benefits of Creating Alibaba Express Connections with Megaport
- Enhanced security and higher network performance
- Scalable connectivity options
- API integration between Megaport and Alibaba which simplifies the provisioning of connections for a fast and seamless experience
- Connect to any Alibaba Cloud on-ramp location from any Megaport enabled data centre
Key Alibaba Cloud terms to understand:
● Virtual Private Cloud (VPC)
A customised private network established on Alibaba Cloud. VPCs are logically isolated from each other. You can create and manage instances such as ECS, Server Load Balancer, and RDS, in a VPC.
● Virtual Border Router (VBR)
You can create multiple virtual border routers on a physical connection. Each VBR is responsible for forwarding the data of a VLAN in Alibaba Cloud. With VBR, you can transmit your data directly to any region of Alibaba Cloud.
The hub of VPCs connecting all VSwitches in a VPC and serving as a gateway device that connects the VPC to other networks. It forwards network traffic according to route entries.
● Router Interface (RI)
A router interface (or VRouter interface) is a virtual network device. It can be attached to a VRouter to create an Express Connect with another VRouter interface, delivering an intranet connection between different networks.
How to Create a VXC to Alibaba Cloud:
● You will need to have Alibaba account created in Alibaba Console. Your account number will be used to establish your Megaport VXC.
VXC Deployment Steps
First, you will need to log in to your Alibaba Cloud Console to retrieve your Account ID.
Once logged in, click on your Avatar icon located in the top right-hand corner.
Next, copy your Account ID.
Create a VXC in the Megaport Portal:
1. Create an Express Connect: Provision a VXC in the Portal to your chosen Alibaba Express Connect Peer location.
To create an Alibaba Express Connect VXC, click ‘+Connection’ on the MCR to which you want to attach your VXC. An example below reflects ‘Alibaba Express Connect’ as the customer-named MCR selected. If you haven’t connected to Megaport before, please follow the steps for establishing a Port and MCR here.
Next, select Cloud tile.
Next, select the provider as ‘Alibaba Cloud’.
Select your chosen target location for your Destination Port and click ‘Next’
To finish the configuration, simply fill in:
- Name Your Connection – This is a free text field allowing you to assign an easily identifiable name for this connection.
- Rate Limit – Enter the rate you would like to apply to your VXC.
- A-End VLAN – This is the VLAN for this connection that you will receive via the Megaport. This must be a unique VLAN ID on this Port. You can also select the toggle to ‘untag’ this VXC. This will remove the VLAN tagging for this connection but will also mean that only one VXC (Service)can be deployed on this Port.
Next, you will need to assign a /30 private CIDR. You will use the first available IP to assign to the MCR. The second available IP will be used by Alibaba and will be your neighbor for your peer. In this example we will use 192.168.100.0/30. The first available address will be 192.168.100.1/30, this IP will be assigned to the MCR.
To assign the IP to the MCR type IP address in the open field and click the ‘+’.
Next, click on ‘ Add BGP Connection’.
Next, Configure the following fields.
- Local IP: Select the IP address in the drop down assigned to the MCR. In this example 192.168.100.1/30.
- Peer IP: Input the 2nd available IP address in the /30 CIDR. In this example 192.168.100.2/30.
- Peer ASN: 45104 – This is the ASN for Alibaba. This will always be 45104.
- BGP Auth: This can be enabled if you choose. Place BGP Auth key of your choice here. You will need to use this key when you configure your BGP Peer Group in the Alibaba Console. It is not required and can be left blank.
- Override MCR ASN: 133937 – This is the default Megaport MCR ASN. However, you may use another valid private (or public) value as required. Note: this must match the
Click ‘Add’ then ‘Next’. In the next window, paste the Account ID copied from your Alibaba Console in the field provided and click ‘Next’.
Once you have finished this configuration, you are ready to add the VXC to your cart and configure further VXCs or proceed through the checkout process.
Once you have completed and deployed the VXC in the Portal, go back to your Alibaba Console. In the Alibaba Console, under the Express Connect section, you will find the connection just created in the Portal under Virtual Border Router (VBR). It will take a few minutes from the time you deploy the VXC to the connection showing up in the Alibaba Console. Make sure you select the Express Connect Region you selected in the Portal to find your connection under VBR. In this example, it would be US-East1 (Virginia).
Next, click ‘Confirm Creation’
In the next window, you will be asked to complete the VBR information. Complete the ‘Name’ and ‘Description’ fields as you like with no spaces. Next, input the Private IPs that will be used to set up BGP between your CE and Alibaba VBR. You can use a /30 or /31 represented by the subnet mask. In this example /30 subnet mask 255.255.255.252 was used.
Next, click ‘OK’
Note: the status will now reflect normal. Your Layer 2 connection has now been established.
Next, to configure BGP between the MCR and Alibaba VBR requires you to create ‘BGP Group’ and ‘BGP Peer’ in the Alibaba Console.
First Configure ‘BGP Group’, click on ‘BGP Group’ in the menu under Express Connect. Next, in the upper right hand corner click ‘Create BGP Peer Group’.
Fill out ‘BGP Peer Group’ window:
- Peer AS Number: This will be the ASN assigned to the MCR. In most cases this will be 133937. Unless you chose to override the ASN when creating BGP Peer in the Megaport portal. You would then apply the override ASN.
- VBR: Select the VBR connection just completed.
- AuthKey: If an AuthKey was created when you created the BGP configuration in the Megaport portal supply the same key here. AuthKey is not required and in the example was not used.
Next step will be to complete you BGP Peer. Click on ‘BGP Peer’ underneath ‘BGP Group’. Then in the upper right hand corner click on ‘Create BGP Peer’.
Select BGP Peer Group just created. Next assign the MCR IP address as the BGP Peer IP. Click ‘Submit’. Once completed the BGP status will update to ‘Established’. This will indicate the process has been completed. You can also confirm in the Megaport portal under ‘Logs’ BGP has been established.
The process to create the Megaport VXC and Express Connect with Alibaba is now complete. You may now advertise prefixes from your VPC that will be propagated to the MCR via BGP.