Applying for a Tunnel

Last updated: 2021-01-08 17:12:34

    Dedicated tunnels are network link segmentation of a connection. You can create dedicated tunnels that connect to different direct connect gateways to enable communication between your on-premises IDC and multiple VPCs. This document describes how to apply for a dedicated tunnel. After a dedicated tunnel is created, its event alarms will be automatically configured to facilitate your monitoring and OPS.

    Note:

    The shared connection feature of new dedicated tunnels has stopped accepting new applications since August 1, 2020 at 00:00:00. If you are using a shared connection, it will not be affected by this change, but if you delete it, you will not be able to apply for new dedicated tunnels with shared connection after August 1, 2020 at 00:00:00.

    Prerequisites

    Directions

    Step 1: apply for a dedicated tunnel

    1. Log in to the Direct Connect - Dedicated Tunnel console.
    2. Click +New at the top of the Dedicated Tunnel page, complete the basic configurations such as name, connection type, access network, region and associated direct connect gateway, and click Next.
      Field Description
      Name Enter a name for your dedicated tunnel.
      Connection Select a connection you have applied for.
      Access Network Select from CCN, VPC and BM Network.
      Region Select the region of the VPC or BM VPC or the region where the CCN-based direct connect gateway resides.
      Virtual Private Cloud Select the VPC or BM network instance to be connected to by the dedicated tunnel.
      Direct Connect Gateway Associate an existing direct connect gateway with the dedicated tunnel.
    3. Configure the following parameters on the Advanced Configuration page.
      Field Description
      VLAN ID A VLAN represents a tunnel. Enter a value in the range of 0-3000. Entering “0” means one dedicated tunnel can be created. MSTP connection passthrough to multiple VLANs requires the carrier's line to enable the Trunk mode.
      Bandwidth Bandwidth is the bandwidth cap, which can be changed later in "Change Tunnel". If the billing mode is pay-as-you-go by monthly 95th percentile, this parameter does not mean the billable bandwidth.
      Tencent Cloud Primary Edge IP Enter the connection secondary IP address on the Tencent Cloud side.
      Tencent Cloud Backup Edge IP Enter the connection secondary IP address on the Tencent Cloud side.
      CPE Peer IP Configure the connection IP on the user (or carrier) side.
      Routing Mode Select BGP or Static.
      • BGP: applies to the exchange of routing information and network accessibility across autonomous systems (AS).
      • Static: applies to a simper network environment.
      BGP ASN Enter the BGP neighbor AS number on the CPE side. Note that 45090 is Tencent Cloud ASN. If this field is left empty, a random ASN will be assigned.
      BGP Key Enter the MD5 value of the BGP neighbor, which defaults to "tencent". If it is left empty, no BGP key is required. It cannot contain special characters such as ?, &, space, ", \, and +.
      CPE IP Range Enter the IP ranges of your IDC, with one IP range per line.

    Note:

    When configuring a IP range route, do not directly publish the following routes: 9.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 100.64.0.0/10, 131.87.0.0/16, 172.16.0.0/12 and 192.168.0.0/16. Instead, you need to first split them.

    • 9.0.0.0/8 should be split into 9.0.0.0/9 + 9.128.0.0/9.
    • 10.0.0.0/8 should be split into 10.0.0.0/9 + 10.128.0.0/9.
    • 172.16.0.0/12 should be split into 172.16.0.0/13 + 172.24.0.0/13.
    • 192.168.0.0/16 should be split into 192.168.0.0/17 + 192.168.128.0/17.
    • 100.64.0.0/10 should be split into 100.64.0.0/11 + 100.96.0.0/11.
    • 131.87.0.0/16 should be split into 131.87.0.0/17 + 131.87.128.0/17.
    • 172.16.0.0/12 should be split into 172.16.0.0/13 + 172.24.0.0/13.
    • 192.168.0.0/16 should be split into 192.168.0.0/17 + 192.168.128.0/17.
    1. Configure IDC devices.
      You can download the CPE configuration guide for your devices, which provides several common configuration guidelines.
      Parameter Description Remarks
      CPE IP Range Enter the customer IP range if Static is selected for the Routing Mode. This parameter cannot conflict with VPC IP range in a non-NAT mode. You can update the IP range via Change Tunnel in the console.
    2. Click Submit.

    Step 2: set the alarm recipient

    After a dedicated tunnel is created, Tencent Cloud automatically configures four event alarms such as DirectConnectTunnelDown, DirectConnectTunnelBFDDown, DirectConnectTunnelRouteTableOverload, and DirectConnectTunnelBFDDown, helping you monitor and manage your dedicated tunnels. For more information on the event alarms, please see the “Event Alarms” section in Alarm Overview.

    This default alarm policy is not provided with a recipient, so you can only view alarms in the console Message Center. To configure a recipient, perform the following steps.

    1. Log in to the Cloud Monitor console and select Alarm Configuration > Alarm Policy in the left side bar.
    2. Select Dedicated Line channel for the Product Type in the top right of the Alarm Policy page.
    3. Perform the following operations as needed.
      • Configure alarm recipient objects
        1. Click the name of the target default policy in the alarm policy list.
        2. Click Edit under the Alarm Recipient Object and select object from the list in the pop-up window. You can also click Add Recipient Group to configure new user groups.
      • Modify an alarm policy
        1. Click the name of the target default policy in the alarm policy list.
        2. Click Edit next to the Hit Condition and modify the trigger conditions in the pop-up window. For more information on the event alarm, please see the “Event Alarms” section in Alarm Overview. After completing the modification, click Save.
      • Set a default policy
        If the default alarm policy cannot meet your needs, you can select a custom alarm policy and click Set Default under the Policy Type column. Then the selected alarm policy will automatically apply to dedicated tunnels being created afterwards.

    Connection Status

    After the dedicated tunnel is created, it will be displayed on the Dedicated Tunnels page in the Applying connection status.
    The possible connection statuses of a dedicated channel include the following:

    • Applying
      The system has received your application for a new dedicated tunnel and is ready to start the creation.
    • Configuring
      The system is delivering the configuration. If this status lasts for a long time, there may be an exception. In this case, contact your architect or submit a ticket for assistance.
    • Configured
      The system has completed the configuration based on the specified parameters, but has not been able to ping through the IP address of your IDC. A dedicated tunnel in this status can be deleted.
    • Connected
      The system pings to your IDC device successfully. However, this does not mean that your business is connected. You have to configure the route table of the VPC or CCN instance to implement the connection.
    • Deleting
      If you delete your dedicated tunnel in the console, the connection status of the dedicated tunnel becomes Deleting. If this status lasts for a long time, there may be an exception. In this case, contact your architect or submit a ticket for assistance.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help