Add cross-account dedicated channel

This article describes how to add a cross-account dedicated channel.

What is a cross-account dedicated line channel

Baidu AI Cloud Express Tunnel product supports sharing physical dedicated line capabilities across Baidu AI Cloud accounts. You can create cross-account dedicated channels for other Baidu AI Cloud accounts, enabling multiple Baidu AI Cloud accounts to share a single physical dedicated line. This reduces costs while allowing resource management by account.

Description

• All "accounts" mentioned in this article refer to Baidu AI Cloud accounts.
• A "cross-account dedicated channel" refers to a scenario where Account A creates and provides a cross-account dedicated channel for Account B to use (Account A cannot use this dedicated channel). It does not mean that multiple accounts share a single dedicated channel.

Constraints and limitations

The creator of a cross-account dedicated channel (Account A) cannot use the cross-account dedicated channel; it can only be used by other accounts (e.g., Account B).

Scenario description

Scenarios involving cross-account dedicated channels involve resources from 2 or more accounts, and there are significant differences compared to exclusive cross-dedicated channel scenarios. The specific differences are shown in the table below:

When a cross-account dedicated channel is bound to a dedicated gateway, it consumes the recipient’s quota (since the dedicated gateway is created under the recipient). The quota for dedicated gateway bindings is 5. If more quotas are needed, submit a ticket to request an increase.

Difference	Account A (creator of the cross-account dedicated channel)	Cross-account dedicated channel gateway
Resource ownership	Physical dedicated line	Account B (recipient of the cross-account dedicated channel)
Cost ownership	When the cost payer is set to the creator: Must pay the egress traffic fee for the dedicated channel. Must pay the physical dedicated line port resource occupancy fee. For details, refer to port resource occupancy fee Billing Item Instructions .	When the cost payer is set to the recipient and the recipient agrees: Must pay the egress traffic fee for the dedicated channel. For details, refer to egress traffic fee Billing Item Instructions .
Quota ownership	Creating a cross-account dedicated channel consumes Account A’s quota for the number of dedicated channels per account (maximum limit: 10). If more quotas are needed, submit a ticket to request an increase.	Cross-account dedicated channels consume the creator’s cross-account dedicated channel quota (global limit: 10 per account). If more quotas are needed, submit a ticket to request an increase.
Permission allocation	Permissions are divided into management permissions and usage permissions; the system selects management permissions by default. Management permissions include configuration and usage permissions, while usage permissions only allows using dedicated channels without configuration permissions. Dedicated channel management permissions include route management and configuration permissions for reliability probe settings.

Cross-account dedicated channel permission description:

Dedicated channel management permissions include route management and configuration permissions for reliability probe settings.

Cross-account dedicated channel
Operable item	Management permission (newly added, default)	Usage permission	Remarks
Whether selected by default	Yes	No	Management permissions include configuration and usage permissions, while usage permissions only allows using dedicated channels without configuration permissions.
Configure VLAN, routing protocol, interconnection address, assignee, and re-submit	No	No	Keep current status (Only the channel allocator has this right; cannot be assigned)
Configure channel association	Yes, operable by Account B, inoperable by Account A.	Yes, operable by Account A inoperable by Account B.
Configure route management
Configure reliability detection
Update BGP key
Edit IPv6 for the dedicated channel
Modify channel name and description	Yes	No
Cross-account dedicated channel display	Yes	Yes

Unsupported scenarios: For a dedicated channel authorized to another account for usage permission, the creator cannot associate the dedicated channel, and the authorized account cannot associate the dedicated channel.

Add cross-account dedicated channel

Prerequisites

• The account creating the cross-account dedicated channel (referred to as "Account A" in this article) must have available physical dedicated lines, and the number of dedicated channels associated with the physical dedicated lines has not reached the upper limit. For specific operations, refer to Apply for Physical Dedicated Line.
• Account A must have obtained the account ID of the recipient (referred to as "Account B" in this article) and confirmed the network configuration and other details of the cross-account dedicated channel with Account B.
• The total of your account balance (i.e., cash balance) and available vouchers for purchasing dedicated channels must be no less than RMB 100. You can recharge your account in advance; for specific operations, refer to Recharge Instructions.

Operation steps

1. Sign in to the Baidu AI Cloud Dedicated Channel Console using Account A.
2. Click the "Add Dedicated Channel" button.
3. Use the table below as a guide to configure the dedicated channel.

The following network segments are prohibited: 0.0.0.0/24, 127.0.0.0/24, 255.255.255.0/24, 224.0.0.0–239.255.255.255, 240.0.0.0–255.255.255.254.10.0.0.1/30 The following network segments are prohibited: 0.0.0.0/24, 127.0.0.0/24, 255.255.255.0/24, 224.0.0.0–239.255.255.255, 240.0.0.0–255.255.255.254. 10.0.0.2/30 Example: IPv6 interconnection address on cloud network side: 2400:DA00:E003:0000:016A:0400:0000:100/127, IPv6 interconnection address on IDC side: 2400:DA00:E003:0000:016A:0400:0000:101/127 2400:DA00:E003:0000:016A:0400:0000:100/127 Usage scenario: Client-side upgrades, ASN modifications. However, due to ASN changes, configurations on both PEER ends need to be updated, causing network interruptions during this process. If the local end is unwilling/unable to modify the ASN or does not want to expose its real AS, a FAKE ASN must be used (e.g., ASN100 is replaced with ASN200 locally, while the peer uses ASN300. In this case, FAKE ASN 200 can be configured on the local end).200 The BGP key is sensitive information. Please store it securely to prevent loss or leakage.E0g5****d8go1

Parameters	Description	Example
Configuration information
Physical dedicated line ID	Dropdown selection required: Choose the physical dedicated line ID that has already been created and is in an available status. Note: The physical dedicated line ID must belong to this account.	dcphy-xxxxxxxxxxxx
Channel name	Enter the name of the dedicated channel. Naming format: 1–65 characters, allowing uppercase/lowercase letters, numbers, Chinese characters, and special characters (-, _, /). The name must begin with a letter or a Chinese character.	test456
Allocation object	This field is required. Options are "current account" (default) or "other accounts.\	Current account
VLAN ID	The system default is set to 2, with an input range of 0, 2–4009. Note: VLAN 0 operates in Layer 3 mode, allowing only one dedicated channel per physical dedicated line. VLANs 2–4009 support trunk mode, which allows multiple dedicated channels under a single physical dedicated line.	2
Cloud network interconnection IP	Enter the IPv4 interconnection IP address. For the interconnection IP on Baidu AI Cloud: Set the IPv4 IP address and mask for the on-cloud dedicated channel. You can customize IP addresses as per network planning, ensuring that the cloud and IDC interconnection IPs are in the same segment without overlap. It is recommended to use private IP addresses that do not conflict with existing cloud or on-premises IP addresses.
IDC interconnection IP	Enter the IPv4 interconnection IP address. For the interconnection IP on the user side: Configure the IPv4 IP address and subnet mask for the user IDC's dedicated channel. Ensure the cloud and IDC interconnection IPs are in the same segment without duplication, as per your network planning. It is recommended to use private IP addresses that do not conflict with existing cloud or on-premises IP addresses.
IPv6 function	An allowlist feature is available; submit a ticket for approval to enable this function. By default, the setting is "disabled.\	Enable
Cloud network IPv6 interconnection address	IPv6 functionality is disabled by default and cannot be configured. It can be set up after activation. Note: Once enabled, the IPv6 switch cannot be turned off when binding to a dedicated gateway or adding to a CSN network instance. The two IPv6 interconnection addresses must belong to the same network segment, with a mask range of 88-127.
Cloud network IPv6 interconnection address		2400:DA00:E003:0000:016A:0400:0000:101/127
Routing protocol	Supports both static routing (default) and dynamic routing, with dynamic routing based on the BGP protocol.	Dynamic routing
BGP ASN	Baidu AI Cloud’s BGP ASN is 45085. In the Baidu AI Cloud console, users need to input the BGP ASN of their IDC side, which must fall within the range 1 - 4294967295.	65530
Fake ASN function	Defaults to off and can be enabled manually.	Enable
Fake ASN	Valid range: 1 - 4294967295. The value 45085 is prohibited and must differ from the BGP ASN.
BGP key	This parameter is displayed only when the routing type is set to "dynamic routing." Input the password for the BGP neighbor. Maximum 80 characters, minimum 8 characters. It must contain English letters, numbers, and symbols (limited to !@#$%*()_.) simultaneously.
Description	Optional, with a character length of 0-200.	For testing purposes

Interconnection information

The following network segments are prohibited: 0.0.0.0/24, 127.0.0.0/24, 255.255.255.0/24, 224.0.0.0–239.255.255.255, 240.0.0.0–255.255.255.254.10.0.0.1/30 The following network segments are prohibited: 0.0.0.0/24, 127.0.0.0/24, 255.255.255.0/24, 224.0.0.0–239.255.255.255, 240.0.0.0–255.255.255.254. 10.0.0.2/30 Example: IPv6 interconnection address on cloud network side: 2400:DA00:E003:0000:016A:0400:0000:100/127, IPv6 interconnection address on IDC side: 2400:DA00:E003:0000:016A:0400:0000:101/127 2400:DA00:E003:0000:016A:0400:0000:100/127 Usage scenario: Client-side upgrades, ASN modifications. However, due to ASN changes, configurations on both PEER ends need to be updated, causing network interruptions during this process. If the local end is unwilling/unable to modify the ASN or does not want to expose its real AS, a FAKE ASN must be used (e.g., ASN100 is replaced with ASN200 locally, while the peer uses ASN300. In this case, FAKE ASN 200 can be configured on the local end).200 The BGP key is sensitive information. Please store it securely to prevent loss or leakage.E0g5****d8go1

Parameters	Description	Example
Cloud network interconnection IP	Enter the IPv4 interconnection IP address. For the interconnection IP on Baidu AI Cloud: Set the IPv4 IP address and mask for the on-cloud dedicated channel. You can customize IP addresses as per network planning, ensuring that the cloud and IDC interconnection IPs are in the same segment without overlap. It is recommended to use private IP addresses that do not conflict with existing cloud or on-premises IP addresses.
IDC interconnection IP	Enter the IPv4 interconnection IP address. For the interconnection IP on the user side: Configure the IPv4 IP address and subnet mask for the user IDC's dedicated channel. Ensure the cloud and IDC interconnection IPs are in the same segment without duplication, as per your network planning. It is recommended to use private IP addresses that do not conflict with existing cloud or on-premises IP addresses.
IPv6 function	An allowlist feature is available; submit a ticket for approval to enable this function. By default, the setting is "disabled.\	Enable
Cloud network IPv6 interconnection address	IPv6 functionality is disabled by default and cannot be configured. It can be set up after activation. Note: Once enabled, the IPv6 switch cannot be turned off when binding to a dedicated gateway or adding to a CSN network instance. The two IPv6 interconnection addresses must belong to the same network segment, with a mask range of 88-127.
Cloud network IPv6 interconnection address		2400:DA00:E003:0000:016A:0400:0000:101/127
Routing protocol	Supports both static routing (default) and dynamic routing, with dynamic routing based on the BGP protocol.	Dynamic routing
BGP ASN	Baidu AI Cloud’s BGP ASN is 45085. In the Baidu AI Cloud console, users need to input the BGP ASN of their IDC side, which must fall within the range 1 - 4294967295.	65530
Fake ASN function	Defaults to off and can be enabled manually.	Enable
Fake ASN	Valid range: 1 - 4294967295. The value 45085 is prohibited and must differ from the BGP ASN.
BGP key	This parameter is displayed only when the routing type is set to "dynamic routing." Input the password for the BGP neighbor. Maximum 80 characters, minimum 8 characters. It must contain English letters, numbers, and symbols (limited to !@#$%*()_.) simultaneously.
Description	Optional, with a character length of 0-200.	For testing purposes
Tag	A Tag consists of a tag key (key) and a tag value (value), which can be used to categorize and search for physical dedicated lines. *Click +Add Icon to add multiple tags; multiple tags can be added in a single operation. *The tag key (key) for multiple tags on the same dedicated channel cannot be duplicated, and each tag key (key) can only have one tag value (value). *Tag keys (key) and tag values (value) are case-sensitive. For example, Key=tag and Key=Tag are considered different Tag Keys. For more details, refer to Tag Management (https://cloud.baidu.com/doc/TAG/s/ukboeqze7)	key:test