L2CG

A Layer 2 connection gateway (L2CG) is a virtual tunnel gateway that can work with a Direct Connect connection to establish network communication between the cloud and on-premises networks. The gateway allows you to migrate data center or private cloud services to the cloud without changing subnets and IP addresses.

A Direct Connect connection establishes a Layer 3 network tunnel between the cloud and on-premises networks, but the subnets on the cloud and on-premises networks must not overlap. If the cloud and on-premises networks are on the same subnet but need to communicate with each other, you can use a L2CG to enable the communication at a Layer 2 network.

Figure 1 shows the networking diagram of a L2CG.

Figure 1 L2CG networking

A L2CG is a tunnel gateway of a VPC and corresponds to a tunnel gateway of your data center. A L2CG can work together with a Direct Connect connection to establish a Layer 2 network between a VPC and your data center.

A Layer 2 connection connects a VPC subnet to a L2CG and specifies the L2CG to connect to the tunnel gateway in an enterprise data center so that the VPC subnet can communicate with the subnet in the enterprise data center at the Layer 2 network.

L2CGs are currently available for open beta test in CN East-Shanghai1 and CN South-Guangzhou. You can use this function after obtaining the open beta test permissions.

L2CG Configuration Process

Figure 2 L2CG configuration process

1. Create a Direct Connect connection.

   Create a Direct Connect connection to enable cloud and on-premises communication at the Layer 3 network. For details, see Direct Connect.

2. Buy a L2CG.

   Specify a VPC and a local subnet of a Direct Connect connection to create a L2CG and assign a local tunnel IP address.

3. Create a Layer 2 connection.

   Specify a subnet on the cloud and a tunnel IP address on your data center side to create a Layer 2 connection.

4. Configure a tunnel in your data center.

   Configure a VXLAN tunnel on the gateway in your data center.

Application Scenario

A L2CG establishes a Layer 2 network between an on-premises data center and a VPC, helping enterprises quickly and smoothly migrate services to the cloud.

• You can migrate your services to the cloud without changing IP addresses, reducing service awareness and accelerating the migration.
• Your data center and a VPC can communicate at a Layer 2 network. A virtual IP address allows the cloud-based and on-premises networks to back each other up, coping with single points of failures (SPOFs) and forming a hybrid cloud networking.
• Service systems can be migrated to the cloud in the gray mode. Core services can be smoothly migrated to the cloud in batches and VM-based migration is supported to prevent adverse service effects.

Notes and Constraints

• By default, each account can create a maximum of five L2CGs. (Only one L2CG can be created during the OBT.)

  To request a quota increase, submit a service ticket.

• A L2CG has to work together with a Direct Connect connection. Therefore, you need to create a Direct Connect or VPN connection first.
• A VXLAN tunnel is required between a L2CG and your data center. The switch of your data center must support the VXLAN tunnel.
• A VPC can be attached to multiple L2CGs. However, each L2CG can only be attached to one VPC.
• Each L2CG supports a maximum of six Layer 2 connections to connect cloud and on-premises networks.
• The remote tunnel VNI and tunnel IP address of each Layer 2 connection using the same L2CG must be unique.
• A subnet that has been associated with a Layer 2 connection cannot be used by any other Layer 2 connection or L2CG.
• L2CGs and Layer 2 connections cannot be modified or deleted if they are in the creating, deleting, or modifying status.
• Forwarding unknown unicast, broadcast, and multicast (except VRRP) IP packets from your data center to the cloud is not allowed.
• The used IP addresses (except the subnet gateway IP address) on and off the cloud cannot conflict with each other.
• On-premises servers cannot use VPC peering connections, load balancers, route tables, and NAT gateways on the cloud.
• Each Layer 2 connection of a L2CG requires two IP addresses (interface IP address and tunnel IP address) in the Layer 2 subnet. The two IP addresses must be different from the used IP addresses of your data center.
• Each L2CG gateway requires three IP addresses in the tunnel subnet.