Creating a Dedicated Tunnel

Last updated: 2021-03-22 16:44:52

    A dedicated tunnel is a network link segmentation of a connection. You can create dedicated tunnels that connect to different direct connect gateways to enable communication between your IDC and multiple VPCs. After a dedicated tunnel is created, its event alarms will be automatically configured to facilitate your monitoring and OPS of it. This document describes how to apply for a dedicated tunnel.

    Note:

    The shared connection feature of new dedicated tunnels has stopped accepting new applications since August 1, 2020 at 00:00:00. If you are using a shared connection, it will not be affected by this change, but if you delete it, you will not be able to apply for new dedicated tunnels with shared connection after August 1, 2020 at 00:00:00.

    Prerequisites

    Directions

    Step 1: apply for a dedicated tunnel

    1. Log in to the Direct Connect - Dedicated Tunnel console.
    2. Click +New at the top of the Dedicated Tunnels page, complete the basic configurations such as name, connection type, access network, region and associated direct connect gateway, and click Next.
    Field Description
    Name Enter the name of the dedicated tunnel
    Tunnel Type Select 1.0 or 2.0, depending on the associated connection you select.
    Connection Select a connection you have applied for.
    Access Network
    • For a 1.0 tunnel, select from CCN, BM Network, and VPC.
    • For a 2.0 tunnel, select either CCN or VPC.
    Region
    • If CCN is selected as the access network, the region is where the CCN-based direct connect gateway resides by default.
    • If VPC is selected as the access network, you can only select the region where the connection resides for a 2.0 tunnel and select any region for a 1.0 tunnel.
    • If BM Network is selected as the access network, you can select any region for a 1.0 tunnel.
    VPC Select the VPC instance to be connected to by the dedicated tunnel.
    Direct Connect Gateway Associate an existing direct connect gateway with the dedicated tunnel. A 2.0 tunnel does not support a NAT-type direct connect gateway.
    1. Configure the following parameters on the Advanced Configuration page.
    Field Description
    VLAN ID A VLAN corresponds to a tunnel. Enter a value within the range of 0-3000. Entering “0” means one dedicated tunnel can be created. If MSTP connection passes through to multiple VLANs, the ISP needs to enable the Trunk mode.
    Bandwidth Specify the bandwidth cap of the dedicated tunnel, which cannot exceed the maximum bandwidth of the associated connection. If the billing mode is pay-as-you-go by monthly 95th percentile, this parameter does not mean the billable bandwidth.
    Tencent Cloud Primary Border IP Enter the primary border IP of the connection on the Tencent Cloud side. DO NOT use the following IP ranges or addresses: 169.254.0.0/16, 127.0.0.0/8, 255.255.255.255, 224.0.0.0 - 239.255.255.255, and 240.0.0.0 - 255.255.255.254.
    Tencent Cloud Backup Border IP Enter the backup border IP of the connection on the Tencent Cloud side. This field is not supported when the mask of the border IP address is 30 or 31.
    User Border IP Configure the connection IP address on the user (or ISP) side.
    Routing Mode BGP Routing and Static Routing supported:
    • BGP Routing: applicable to the exchange of routing information and network accessibility across autonomous systems (AS).
    • Static Routing: applicable to a simper network environment.
    BGP ASN Enter the BGP neighbor ASN on the CPE side. Note that the Tencent Cloud ASN is 45090. If this field is left empty, a random ASN will be assigned.
    BGP Key Enter the MD5 value of the BGP neighbor, which is "tencent" by default. If it is left empty, no BGP key is required. It cannot contain 6 special characters, including ?, &, space", \, and +.
    User IDC IP Range Enter the IP ranges of your IDC, with one IP range per line.

    Note:

    If Static Routing is selected as the routing mode, do not directly publish the following IP ranges: 9.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 100.64.0.0/10, 131.87.0.0/16, 172.16.0.0/12 and 192.168.0.0/16 when configuring IDC IP ranges. Otherwise, you need to first split them in the following ways.

    • 9.0.0.0/8 is split into 9.0.0.0/9 + 9.128.0.0/9.
    • 10.0.0.0/8 is split into 10.0.0.0/9 + 10.128.0.0/9.
    • 172.16.0.0/12 is split into 172.16.0.0/13 + 172.24.0.0/13.
    • 192.168.0.0/16 is split into 192.168.0.0/17 + 192.168.128.0/17.
    • 100.64.0.0/10 is split into 100.64.0.0/11 + 100.96.0.0/11.
    • 131.87.0.0/16 is split into 131.87.0.0/17 + 131.87.128.0/17.
    • 172.16.0.0/12 is split into 172.16.0.0/13 + 172.24.0.0/13.
    • 192.168.0.0/16 is split into 192.168.0.0/17 + 192.168.128.0/17.
    1. Configure IDC devices. You can click Download Configuration Guide to download related files and complete the configurations as instructed in the guide.
    Parameter Description Remarks
    User IDC IP Range Enter the CPE IP range on the user side if Static Routing is selected as the routing mode. This parameter cannot conflict with the VPC IP range in a non-NAT mode. You can update the IP range later via “Change Tunnel” on the console.
    1. Click Submit.

    Step 2: set the alarm recipient

    After a dedicated tunnel is created, Tencent Cloud automatically configures four event alarms such as DirectConnectTunnelDown, DirectConnectTunnelBFDDown, DirectConnectTunnelBGPSessionDown, and DirectConnectTunnelRouteTableOverload, helping you monitor and manage your dedicated tunnels. For more information on the event alarms, please see the “Event Alarms” section in Alarm Overview.
    This default alarm policy does not configure recipient information, so you can only view alarms on the console. To configure a recipient, take the following steps.

    1. Log in to the Cloud Monitor console and choose Alarm Configuration > Alarm Policy on the left sidebar.

    2. Select Direct Connect as the “Product Type” at the top of the “Alarm Policy” page.

    3. Perform the following operations as needed.

    • Configure alarm recipients

      1. Click the name of the target default policy in the “Alarm Policy” list.
      2. Click Edit under the Alarm Recipient tab and select alarm recipients from the list in the pop-up window. You can also click Add Recipient Group to configure new recipient groups if you don’t have any alarm recipient.
    • Modify an alarm policy

      1. Click the name of the target default policy in the alarm policy list.
      2. Click Edit next to the Trigger Condition and modify the trigger conditions in the pop-up window. For more information on the event alarm, please see the “Event Alarms” section in Alarm Overview. After the modification, click Save.
    • Set a default policy
      If the default alarm policy cannot meet your needs, you can select a custom alarm policy and click Set Default under the Policy Type column. Then the selected alarm policy will be automatically applied to dedicated tunnels being created afterwards.

    Connection Status

    After the dedicated tunnel is created, it will be displayed on the Dedicated Tunnels page in the Applying status.

    The possible connection statuses of a dedicated channel include:

    • Applying
      The system has received your application for a new dedicated tunnel and is ready to start the creation.
    • Configuring
      The system is delivering the parameter configuration. If this status lasts for a long time, a failure may occur. In this case, contact your architect or submit a ticket for assistance.
    • Configured
      The system has completed the configuration based on the specified parameters but is unable to ping to the IP address of your IDC. A dedicated tunnel in this status can be deleted.
    • Connected
      The system pings to your IDC device successfully. However, this does not mean that your business is connected. You have to configure the route table of the VPC or CCN instance to implement the connection.
    • Deleting
      If you delete your dedicated tunnel on the console, the connection status of the dedicated tunnel becomes Deleting. If this status lasts for a long time, a failure may occur. In this case, contact your architect or submit a ticket for assistance.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help