A dedicated tunnel is a network link segmentation of a connection. You can create dedicated tunnels that connect to different direct connect gateways to enable communication between your on-premises IDC and multiple VPCs. After a dedicated tunnel is created, its event alarms will be automatically configured to facilitate your monitoring and OPS of it. This document describes how to apply for a dedicated tunnel.
The shared connection feature of new dedicated tunnels has stopped accepting new applications since August 1, 2020 at 00:00:00. If you are using a shared connection, it will not be affected by this change, but if you delete it, you will not be able to apply for new dedicated tunnels with shared connection after August 1, 2020 at 00:00:00.
|Name||Enter a name for your dedicated tunnel.|
|Tunnel Type||Set to 1.0 or 2.0 depending on the associated connection you select.|
|Connections||Select a connection you have applied for.|
|VPC||Select the VPC instance to be connected to by the dedicated tunnel.|
|Direct Connect Gateway||Associate an existing direct connect gateway with the dedicated tunnel. A 2.0 tunnel does not support a NAT-type direct connect gateway.|
|VLAN ID||A VLAN corresponds to a tunnel. Enter a value within the range of 0-3000. Entering “0” means one dedicated tunnel can be created. If MSTP connection passes through to multiple VLANs, the carrier needs to enable the Trunk mode.|
|Bandwidth||Specify the bandwidth cap of the dedicated tunnel, which cannot exceed the maximum bandwidth of the associated connection. If the billing mode is pay-as-you-go by monthly 95th percentile, this parameter does not mean the billable bandwidth.|
|Tencent Cloud Primary IP||Enter the connection IP address on the Tencent Cloud side. DO NOT use the following IP ranges or addresses:
|Tencent Cloud Secondary IP||Enter the secondary IP address of the connection on the Tencent Cloud side. The secondary IP will be automatically used to ensure the normal operation of your business when the Tencent Cloud primary IP fails and becomes unavailable. This field is not supported when the mask of the secondary IP address is 30 or 31.|
|CPE Peer IP||Configure the connection IP address on the user (or carrier) side.|
|BGP ASN||Enter the BGP neighbor ASN on the CPE side. Note that the Tencent Cloud ASN is 45090. If this field is left empty, a random ASN will be assigned.|
|BGP Key||Enter the MD5 value of the BGP neighbor, which defaults to "tencent". If it is left empty, no BGP key is required. It cannot contain 6 special characters such as ?, &, space, ", \, and +.|
|CPE IP Range||Enter the IP ranges of your IDC, with one IP range per line.
If the new tunnel and existing tunnel are redundant, it is recommended to publish other IP ranges for CPE IP Range, and complete test for new tunnel with the IDC devices. And then publish the final service IP range via Change Tunnel, to prevent effects against traffic in running redundant tunnel.
If Static is selected as the routing mode, do not directly publish the following routes:
and192.168.0.0/16` when configuring IDC IP ranges. Instead, you need to first split them as follows
220.127.116.11/8is split into
10.0.0.0/8is split into
18.104.22.168/8is split into
22.214.171.124/8is split into
100.64.0.0/10is split into
126.96.36.199/16is split into
172.16.0.0/12is split into
192.168.0.0/16is split into
|CPE IP Range||Enter the customer IP range if Static is selected as the routing mode. This parameter cannot conflict with the VPC IP range in a non-NAT mode.||You can update the IP range later via Change Tunnel on the console.|
After a dedicated tunnel is created, Tencent Cloud automatically configures four event alarms such as
DirectConnectTunnelRouteTableOverload, helping you monitor and manage your dedicated tunnels. For more information on the event alarms, see Alarm Overview.
This default alarm policy does not configure recipient information, so you can only view alarms on the console. To configure a recipient, take the following steps.
After the dedicated tunnel is created, it will be displayed on the Dedicated Tunnels page in the Applying status.
The possible connection statuses of a dedicated channel include: