Multi-Cluster Network Connectivity Practices on Alibaba Cloud: PrivateLink, CEN, and ASM East‑West Gateway

In increasingly complex business scenarios, multi‑cluster deployment has become a key practice for improving availability, isolation, stability, and security, but managing multiple clusters—especially networking across different data centers, regions, or public clouds—poses significant challenges.

Alibaba Cloud operates multiple regions, each containing several Availability Zones (AZs). A region is a physical data center, while an AZ is an independent power and network zone within a region, offering lower latency between instances.

To enable cross‑cluster service calls (e.g., for disaster‑recovery failover), the clusters' VPCs must be interconnected. The article introduces three ways to achieve this: PrivateLink, Cloud Enterprise Network (CEN), and the ASM East‑West Gateway.

PrivateLink

PrivateLink uses Alibaba Cloud's private network to connect multiple VPCs without requiring NAT gateways or Elastic IPs, keeping traffic off the public Internet for higher security and better network quality. However, it cannot connect VPCs across regions.

Cloud Enterprise Network (CEN)

CEN runs on Alibaba Cloud's global private network and uses Transit Routers to establish private communication channels between VPCs across regions or between on‑premises data centers, allowing unrestricted inter‑VPC connectivity.

ASM East‑West Gateway

Beyond PrivateLink and CEN, ASM provides a cost‑effective, flexible solution: deploying an ASM East‑West Gateway exposed to the public Internet to bridge cluster networks. While it may introduce higher latency than CEN's dedicated lines, it offers better cost‑performance for many scenarios.

Typical Multi‑Cluster Scenarios

1. Isolation Mode : Some services should not be reachable across clusters (e.g., partitioned game services). ASM’s traffic‑retention feature can enforce this while using a unified control plane.

2. Distributed Applications : Multiple clusters host the same service with independent storage; ASM ensures service names do not clash across clusters.

3. Disaster Recovery : Cross‑region or cross‑AZ deployments use ASM’s cross‑region load balancing to keep traffic local by default and automatically fail over to another region when a service becomes unavailable.

4. Multi‑Environment Testing : For large micro‑service systems, ASM’s lane (swimlane) mode enables per‑developer testing lanes without invasive changes, routing each developer’s traffic to their own version while others use the stable baseline.

Related Links

[1] ASM traffic‑retention documentation: https://help.aliyun.com/zh/asm/user-guide/enable-the-traffic-retention-function-in-the-asm-local-cluster-in-the-multi-cluster-scenario

[2] ASM cross‑region disaster recovery and load balancing: https://help.aliyun.com/zh/asm/user-guide/use-asm-to-implement-cross-region-disaster-recovery-and-load-balancing

[3] ASM traffic swimlane documentation: https://help.aliyun.com/zh/asm/user-guide/traffic-swimlane/