Connecting On-Premises IDC to Cloud VPC via Primary and Backup Dedicated Lines (Static Routing)
Updated at:2025-11-11
Overview
This document details how to integrate the application of Express Tunnel (ET) to enable a local Internet data center (IDC) to access the cloud through an active-standby dedicated channel using static routing and establish interconnection with the on-cloud virtual private cloud (VPC).
Requirement scenarios
This document uses the scenario illustrated in the diagram below as an example to demonstrate how to access Baidu AI Cloud using the active-standby dedicated channel with static routing in the Express Tunnel product. Under normal conditions, the two physical dedicated lines operate in active-standby mode for traffic forwarding. If one physical dedicated line experiences a network failure, its traffic will automatically switch to the other physical dedicated line to ensure uninterrupted service.
Solution overview
This document adopts the scenario in the following diagram as an example to explain how the local IDC accesses Baidu AI Cloud via active-standby redundant dedicated lines.
An enterprise in Beijing has a local IDC (VPC network segment: 192.168.0.0/16) and has created a Virtual Private Cloud (VPC) (network segment: 172.16.0.0/12) in North China-Beijing Region of Baidu AI Cloud. To avoid single-point failure, the enterprise needs to apply for one physical dedicated line from each of two ISPs. Each line connects to a Baidu AI Cloud Express Tunnel POP point, with the two lines serving as primary and backup links to connect the local IDC to the cloud and link it to Baidu AI Cloud.
| Dedicated channel configuration item | Dedicated Channel 1 (Dedicated channel of physical dedicated line 1) | Dedicated Channel 2 (Dedicated channel of physical dedicated line 2) |
|---|---|---|
| VLAN ID | 0 | 0 |
| IPv4 cloud network interconnection IP | 9.39.39.1 | 9.39.39.5 |
| IPv4 IDC interconnection IP | 9.39.39.2 | 9.39.39.6 |
| IPv4 subnet mask | 30 | 30 |
| Routing protocol | Static routing | Static routing |
Configuration steps
Environment preparation
- Users have already set up a VPC in Baidu AI Cloud's North China-Beijing Region and have deployed related services using Baidu Cloud Compute (BCC) and other cloud resources within the VPC.
- Users are familiar with the security group rules applied to BCC instances in the VPC and have verified that these rules allow mutual access between the local IDC and BCC instances on the cloud.
- Prior to purchasing a physical dedicated line, users should familiarize themselves with the relevant billing rules. This document requires the purchase of two physical dedicated lines, so applications for two ports are necessary.
Configuration process
Follow the configuration steps outlined in the document, and proceed only after confirming the successful completion of the current step.
Step I: Create a physical dedicated line
- Log in to the Baidu AI Cloud console.
- Go to Product Service, select Express Tunnel (ET), click on Physical Dedicated Line, and choose Apply for Physical Dedicated Line.
- On the Create Dedicated Channel page, configure the required parameters and click OK after confirming there are no mistakes.
| Configuration | Description |
|---|---|
| Dedicated line name | Assign a name to the physical dedicated line. In this document, the name "Physical Dedicated Line 1" has been selected. |
| Access point mode | Choose the access point search mode. The system currently supports standard mode and map mode. |
| Region | Select the region where the IDC and VPC are located. This document chooses the North China-Beijing region. |
| Description | Provide a description for the physical dedicated line. |
| Access point | Make selections based on the actual situation. For further details, refer to xxx. In this document, Beijing-Beijing-Daxing-A and Beijing-Beijing-Daxing-B access points are used. |
| Physical Line ISPs | Choose a dedicated line operator. Following this, please purchase dedicated line access through the carrier of the selected access point's data center. |
| Physical port specifications | Specify the dedicated port configuration. |
| Peer address | Input the IDC's address. |
| Purchase period | Set the duration for service usage. |
| Auto-renewal | Decide whether to enable the auto-renewal option. |
- Description:
- After completing the configuration steps, submit the order to proceed to the payment page.
- After successfully completing the payment, go back to the physical dedicated line console interface, where the status will show "Pending Approval." Reach out to the Baidu AI Cloud team for review and approval.
- Once the Baidu AI Cloud team approves, the physical dedicated line status will update to "Available," and you will receive an email notification confirming the successful creation of Physical Dedicated Line 1.
- Repeat Step I to create Physical Dedicated Line 2.
Step II: Create dedicated channel
- When the physical dedicated line becomes available, click on Dedicated Channel, and then choose Add Dedicated Channel under the dedicated channels section of the account.
- On the Create Dedicated Channel page, configure the required parameters and click OK after confirming there are no mistakes.
| Configuration | Description |
|---|---|
| Physical dedicated line ID | Assign a name to the physical dedicated line. In this document, the name "Physical Dedicated Line 1" has been selected. |
| Channel name | Specify a name for the dedicated channel. |
| Allocation object | Select a user for the dedicated channel. In this document, the current account is chosen. |
| VLAN ID | Input the VLAN ID for the dedicated channel. In this document, the value 0 is used, indicating that the physical dedicated line is exclusively assigned to you. |
| Cloud network interconnection IP | Enter the IPv4 address and subnet mask for the ingress gateway from the VPC to the local IDC. Here, the address 9.39.39.1 with a mask of 30 is used. |
| IDC interconnection IP | Provide the IPv4 address and subnet mask for the ingress gateway from the local IDC to the VPC. The address 9.39.39.2 with a mask of 30 is used in this document. |
| Routing protocol | Choose between static routing and dynamic routing (BGP). This document uses static routing as an example. |
| Description | Add a description for the dedicated channel. |
- Description:
- After completing the configuration, the status of the dedicated line channel on the console will display "Pending Application." Contact the Baidu AI Cloud team for review and approval.
- After receiving approval from Baidu AI Cloud staff, the dedicated line channel status will change to "Available." At this point, you can test the connectivity between the IPs of the cloud network interconnection and the local IDC interconnection. If dynamic routing was chosen in the earlier steps, verify that the BGP peers have successfully established connections.
- Repeat Step II to consecutively set up dedicated channels for Physical Dedicated Line 2.
Step III: Create a dedicated gateway and bind a dedicated channel
- Start by creating a VPC in the desired Region. In this document, a VPC has been created in the North China-Beijing Region of Baidu AI Cloud, and associated cloud resources, like BCC cloud servers, have been deployed within the VPC for related services.
- Once the dedicated channel is active, click on Dedicated Gateway. Alternatively, log in to the VPC Management Console and select Dedicated Gateway under Network Connections.
- From the dropdown menu at the top of the page, choose the desired cloud VPC, and then click Create Dedicated Gateway.
- On the Create Dedicated Gateway page, configure the parameter details, and click OK after ensuring that there are no errors.
| Configuration | Description |
|---|---|
| Virtual private cloud | Choose the VPC on the cloud where the new dedicated gateway will be deployed. The VPC selected in the previous dropdown is set as the default but can be changed if needed. |
| Gateway name | Set the name for the dedicated gateway instance. In this document, "Dedicated Gateway 1" has been chosen. |
| Egress bandwidth | Select the outbound cloud bandwidth according to your actual service requirements. |
| Bind physical dedicated line | Decide whether to bind a physical dedicated line. In this document, a physical dedicated line is bound. Choose the line ID for Physical Dedicated Line 1 from the dropdown menu, then select the corresponding dedicated channel ID. |
| Description | Provide a description for this dedicated gateway. |
| Resource group | Select the resource group that the dedicated gateway will belong to. After successfully creating the dedicated gateway, you can also locate the target instance and click "Add Resource" in the Resource Group column to finalize the process. |
- Description:
- Once the above configuration is complete, the dedicated gateway status on the console will display as "available." Repeat Step III to create Dedicated Gateway 2 and bind it to Physical Dedicated Line 2.
Step IV: Create a dedicated gateway and bind a dedicated channel
- Configure routes in the VPC Route Table and on the Dedicated Channel Details page. Carefully review and verify this step, as any missing configuration could disrupt link connectivity.
- Configure the VPC multi-line routing
- Log in to the VPC Management Console and select "Route Table" under the Virtual Private Cloud (VPC) section.
- Use the dropdown at the top of the page to select a cloud VPC, and click on the corresponding route table name.
- Navigate to the VPC route interface and click "Add Route."
- In the "Add Route" interface, configure the necessary parameters and click "Confirm" after verifying them.
| Configuration | Description |
|---|---|
| Segment type | Choose to add IPv4 or IPv6 routing. IPv4 routing is selected in this document. |
| Source network segment | Select a subnet within the VPC or input a custom source network segment. In this document, "172.16.0.0/12" is used. |
| Destination segment | Enter the destination network segment. This document uses "192.168.0.0/16." |
| Route type | Choose the route type. For dedicated gateway routing, you can select single-line or multi-line routing. In this document, the "Dedicated Gateway" option is chosen, followed by multi-line routing. Fields marked with * in the table below will appear only when multi-line routing is selected. |
| *Multi-Line mode | Choose the dedicated line cloud access method, which can either be active-standby mode or load balancer mode (i.e., ECMP). This document uses the active-standby mode. |
| Next-hop instance | Select a next hop for the route. In this document, Path 1 uses Dedicated Gateway 1, and Path 2 uses Dedicated Gateway 2. |
| Description | Provide a description for the routing entry. |
- Configure dedicated line route
- Log in to the Express Tunnel (ET) management console, go to the "Dedicated Channel" tab, select the channel ID associated with Physical Dedicated Line 1, and open the Dedicated Channel Details page.
- Go to the Route Management tab and click on Create New Route Entry.
- In the Create Route Entry interface, set the parameter details and click OK after reviewing them.
| Configuration | Description |
|---|---|
| Rule type | Choose to add IPv4 or IPv6 routing. IPv4 routing is selected in this document. |
| Destination segment | Input the destination network segment. For this example, 172.16.0.0/12 is used. |
| Next-hop instance type | Choose the appropriate instance ID. This document uses Dedicated Gateway 1 as an example. |
| Next-hop instance ID | Choose the appropriate instance ID. This document uses Dedicated Gateway 1 as an example. |
| Description | Provide a description for the routing entry. |
- After completing the configuration, repeat the steps to set up dedicated routing for Dedicated Channel 2.
Step V: Configure local IDC
- Users need to finalize route settings on the local IDC side. Note that the commands will differ based on the vendor's equipment. Consult directly with the device vendor for detailed configuration commands.
- Here’s an example using configuration commands for a Cisco C-series switch.
ip route 172.16.0.0 255.240.0.0 9.39.39.1 10
ip route 172.16.0.0 255.240.0.0 9.39.39.5 20
Step VI: Create link probe
- By default, Baidu AI Cloud sends an ICMP packet every 3 seconds from the source IP address of each line to the destination address. If no response is received for three consecutive periods on a physical dedicated line, Baidu AI Cloud initiates a secondary inspection mechanism to identify the fault location. If an issue is detected, traffic will automatically reroute to another physical dedicated line.
- Log into the VPC Management Console and select Dedicated Gateway from the Network Connections section.
- In the Operations column for the appropriate dedicated gateway instance, click on Link Probe.
- Go to the Link Probe page and click the Add Rule button.
- On the Create Rules page, fill in the required parameters and click OK once all information is verified to be correct.
| Configuration | Description |
|---|---|
| Rule type | Choose either IPv4 or IPv6 link probe rules (IPv6 is optional if IPv6 is enabled for the VPC and dedicated lines). For this example, IPv4 is selected. |
| Probe subnet belonged | Scroll down to choose the subnet where the probe will be created. An unused IP address within the subnet will be allocated for the link probe. |
| Physical dedicated line ID | Select the physical dedicated line you wish to probe (this becomes available when the gateway is connected to multiple dedicated lines). |
| Dedicated channel ID | Choose the dedicated channel to be probed (you can select from multiple dedicated channels available under the physical line). |
| Probing method | The default protocol used is ICMP. |
| Source IP | The source IP address can be configured in two ways: Auto-assign (recommended): The system automatically selects an unused IP address from the specified subnet range. Custom: You can manually specify any unused IP address within the chosen subnet range. |
| Destination IP | The destination IP address can be set up in two ways: Bind channel IDC interconnection IP (recommended): The system automatically picks the designated channel IDC interconnection IP from the table above as the probe address. Custom: Users can specify the destination address as desired. |
| Health check interval | Define the time interval for sending probe packets during health checks. The unit is seconds, and you can input an integer between 1 and 60. It's recommended to set it to 3 seconds. |
| Unhealthy threshold | If consecutive health check failures surpass this threshold, the dedicated channel linked to the dedicated gateway will be considered abnormal. The threshold is an optional integer between 2 and 5, defaulting to 3 seconds. |
| Health threshold | If consecutive health check successes surpass this threshold, the dedicated channel linked to the dedicated gateway will be considered available. The threshold is an optional integer between 2 and 5, defaulting to 3 seconds. |
| Automatically generate route | A route is automatically created for connectivity testing. If disabled, users must manually add a route to the destination address for testing connectivity. Enabled by default. |
- Description:
- After completing the above configuration, wait a moment for the initialization inspection of the link probe.
- Once the link probe status is confirmed to be normal, repeat Step 6 to create a link probe for Dedicated Gateway 2.
Step VII: Connectivity testing
- Description:
- After completing the above configuration, users should test the connectivity of the physical dedicated line.
- Log in to the BCC Instance within the VPC via the VPC Management Console.
- Run the ping command to verify connectivity between the BCC instance in the cloud VPC (172.16.0.0/12) and the local IDC (192.168.0.0/16). A reply message indicates a successful connection.
- Run the tracert/traceroute command to verify that the two physical dedicated lines are configured for active-standby access through route tracking commands.