tencent cloud


Getting Started

Last updated: 2021-11-12 19:54:32

    A VPC-based direct connect gateway can be used to interconnect one Tencent Cloud VPC with one or more local IDCs. This document describes how to use a VPC-based direct connect gateway to build the Direct Connect network architecture that connects a VPC in Beijing to an IDC in Guangzhou.


    The following figure shows you how to interconnect a Tencent Cloud VPC ( and a local IDC ( with a bandwidth of 2 Mbps.

    Follow the steps below:



    Step 1: create a connection

    To create a connection, you need to first confirm the information and submit an application in the console, and then the carrier will start the engineering investigation and wiring. This process takes about 2-3 months. For more information, see Connection Overview. Perform the following steps to apply for a connection in the console.

    1. Log in to the Direct Connect console.
    2. Click Connections on the left sidebar to access the Connections page. Click +New.
    3. In the pop-up window, read Tencent Cloud Direct Connect Service Level Agreement, select Read and Agreed, and click Next.
    4. Complete the following configurations and click OK.
      Connection NameEnter a name for the connection, such as "Connection to Beijing IDC".
      RegionSelect Beijing.
      Access Point We recommend you first search for access points and check their distances to your IDC, and then select the nearest access point. For more information, see Searching for Access Point Locations or Direct Connect Access Point.
      Connection Provider Select an eligible carrier, such as CTCC.
      Cloud port Ports in 1, 10, and 100 Gbps are available. To use a 100 Gbps port, please submit a ticket. Select 1 Gbps as an example.
      Port Type Choose fiber optic port or electrical port as needed. The available ports vary with the port type. For example, 1 Gbps ports include fiber optic port and electrical port, while 10 Gbps ports only include fiber optic port. Select Fiber optic port as an example.
      Bandwidth CapSelect 998 Mbps as an example.

      For more information on parameter configurations, see Applying for Connection

    5. After your application is submitted, Tencent Cloud Direct Connect representative will comprehensively assess Direct Connect resources and then check with you the service details over the phone. After the connection is confirmed to be accessible, you should complete the payment in the console.

    Step 2: create a direct connect gateway

    1. Log in to the Direct Connect console.
    2. Select Beijing in the region at the top of the Direct Connect Gateway page, and click +New.
    3. Complete the configurations in the pop-up window and click OK.
      NameEnter a name for the direct connect gateway, such as "Beijing VPC - Guangzhou IDC".
      Associate NetworkSelect VPC.
      NetworkSelect an existing VPC instance.
      Gateway Type Select Standard as an example.
      • Standard: does not support the network address translation feature.
      • NAT Type: supports the network address translation feature. You should also configure the network address translation (NAT) if you want to use a NAT direct connect gateway.

    Step 3: create a dedicated tunnel

    1. Log in to the Direct Connect console.
    2. Click Dedicated Tunnels on the left sidebar to access the Dedicated Tunnels page. Click +New.
    3. Complete basic configurations such as name, connection type, access network, region and associated direct connect gateway, and click Next.
      NameEnter a name for the dedicated tunnel, such as "Beijing VPC - Guangzhou IDC".
      ConnectionSelect the connection created in Step 1.
      Access NetworkSelect VPC.
      VPCSelect an existing VPC instance.
      Direct Connect GatewaySelect the direct connect gateway created in Step 2.

      For more information on the parameter configurations, see Creating a Dedicated Tunnel

    4. Configure the following parameters in the Advanced Configuration tab, and click Next.
      VLAN ID A VLAN corresponds to a tunnel. Enter a value within the range of 0-3000. Entering 0 means one dedicated tunnel can be created. Enter 0 as an example.
      Bandwidth Specify the bandwidth cap of the dedicated tunnel, which cannot exceed the maximum bandwidth of the associated connection. Set it to 2 Mbps as an example.
      Tencent Cloud Primary IP Enter the connection IP address on the Tencent Cloud side. Set it to as an example.
      Tencent Cloud Secondary IP Enter the secondary IP address of the connection on the Tencent Cloud side. Set it to as an example.
      CPE Peer IP Configure the connection IP address on the user (or carrier) side. Set it to as an example.
      Routing modeSelect Static.
      CPE IP rangeSelect as an example.
    5. Configure IDC devices. You can click Download configuration guide to download related files and complete the configurations as instructed in the guide.
      CPE IP rangeEnter the customer IP range if Static is selected as the routing mode. This parameter cannot conflict with the VPC IP range in a non-NAT mode.
    6. Click Submit.

    Step 4: configure the route table

    To use a VPC-based direct connect gateway, configure a routing policy with direct connect gateway as the next hop and IDC IP range as the destination in the route table of the VPC subnet to enable communication.

    1. Log in to the VPC console.
    2. Select Route Tables on the left sidebar, and click the ID/Name of the target VPC to enter its details page.
    3. Click +New routing policies on the Basic Information page.
    4. In the pop-up window, enter “” for the Destination, select “Direct Connect Gateway” for the Next hop type, locate the direct connect gateway created in Step 2 for the Next hop, and click Create.
    5. Click OK.

    Step 5: set alarms

    After a connection and a dedicated tunnel are created, Cloud Monitor will automatically create a default alarm policy for each service. This default alarm policy does not configure recipient information, so you can only view alarms on the console. To configure a recipient, take the following steps.

    • Default alarm policy for connections
      MetricStatistical PeriodConditionCondition ValueConsecutive PeriodsPolicy
      Bandwidth utilization 1 minute>=80%5 periodsAlarm once a day
    • Default alarm policy for dedicated tunnels: four types of event alarms are available, including DirectConnectTunnelDown, DirectConnectTunnelBFDDown, DirectConnectTunnelBGPSessionDown, and DirectConnectTunnelRouteTableOverload.
    1. Log in to the Cloud Monitor console.
    2. Select Alarm Configuration > Alarm Policy on the left sidebar. Click Advanced Filter in the upper-right corner of the Alarm Policy page, select All for Monitor Type, and select the relevant product for Policy type.
    3. Click the name of the target default policy in the Alarm Policy list.
    4. Select a template in the Alarm Notification section.
      Click Edit Recipient to configure alarm recipients in the template. If existing templates are not suitable, you can click Create Template and configure it as prompted. Then you can select the template to configure alarm recipients.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support