All Products
Search
Document Center

Virtual Private Cloud:Use custom route tables to manage network traffic

Last Updated:Dec 26, 2024

You can create a custom route table in a virtual private cloud (VPC), add custom routes, and associate the table with a vSwitch to manage traffic and network flexibly.

Limits

  • Each VPC can have at most 10 route tables, including the system route table.

  • Each vSwitch can be associated with only one route table, whether it is a system route table or a custom one.

Prerequisites

A VPC and a vSwitch have been created. For more information, see Create a VPC with an IPv4 CIDR block.

Procedure

Step 1: Create a custom route table

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click Route Tables.

  3. In the top navigation bar, select the region where you want to create a custom route table.

  4. On the Route Tables page, click Create Route Table.

  5. On the Create Route Table page, set the following parameters and click OK.

    • VPC: Select the VPC to which the custom route table belongs.

    • Associated Resource Type: Select the type of resource with which you want to associate the route table.

      • vSwitch: Controls traffic routing policies.

      • Border Gateway: Controls inbound traffic routing policies of border gateway.

    On the Route Tables page, you can view route tables classified as Custom, which is in the Route Table Type column. The following system routes are automatically added to the custom route table:

    • A route whose destination CIDR block is 100.64.0.0/10. This route is used for communication among cloud resources in the VPC.

    • A route destined for the CIDR block of a vSwitch of the VPC to which the route table belongs. This route is used for communication between cloud resources within the vSwitch.

    For example, the CIDR block of your VPC is 192.168.0.0/16 and you create two vSwitches whose respective CIDR blocks are 192.168.1.0/24 and 192.168.0.0/24 in the VPC. The custom route table that you create for your VPC includes the following system routes, where the hyphen (-) indicates the VPC:

    Destination CIDR Block

    Next Hop

    Type

    100.64.0.0/10

    -

    System Route

    192.168.1.0/24

    -

    System Route

    192.168.0.0/24

    -

    System Route

Step 2: Add a custom route to the custom route table

Note
  • The system automatically creates a system route table for each VPC and adds route entries to manage traffic. These entries cannot be manually created or deleted.

  • You can add or delete custom route tables in both system and custom route tables to enable traffic routing to a specific CIDR block.

  • Custom route entries cannot have a destination CIDR block that is more specific than the CIDR block of the vSwitch.

  1. On the Route Table page, find the custom route table that you want to manage and click its ID.

  2. On the details page, choose Route Entry List > Custom Route and click Add Route Entry.

  3. In the Add Route Entry dialog box, configure the following parameters and click OK.

    Parameter

    Description

    Destination CIDR Block

    Enter the destination CIDR block.

    • IPv4 CIDR Block: The destination CIDR block is an IPv4 address range.

    • IPv6 CIDR Block: The destination CIDR block is an IPv6 address range.

      Note

      When the route table is a system route table and the associated resource is a custom route table of a vSwitch, you can set Destination CIDR Block to IPv6 CIDR Block. For more information on the available regions, see Regions that support VPC features.

    • VPC Prefix List: The destination CIDR block is a prefix list.

    Next Hop Type

    Select a next hop type. Valid values:

    The following types of next hop are supported if Destination CIDR Block is set to IPv4 CIDR Block or VPC Prefix List:

    • IPv4 Gateway: Traffic destined for the destination CIDR block is routed to the specified IPv4 gateway.

    • NAT Gateway: Traffic destined for the destination CIDR block is routed to the specified NAT Gateway.

    • VPC Peering Connection: Traffic destined for the destination CIDR block is routed to the specified VPC peering connection.

    • Transit Router: Traffic destined for the destination CIDR block is routed to the specified transit routers.

    • VPN Gateway: Traffic destined for the destination CIDR block is routed to the specified VPN gateway.

    • ECS Instance: Traffic destined for the destination CIDR block is routed to the specified Elastic Compute Service (ECS). Select this type if you want to route traffic to an ECS instance for centralized traffic forwarding and management. For example, you can set an ECS instance as the Internet-facing gateway to route traffic from other ECS instances to the Internet.

    • ENI: Traffic destined for the destination CIDR block is routed to a specified elastic network interface (ENI).

    • HaVip: Traffic destined for the destination CIDR block is routed to the specified high-availability virtual IP address (HAVIP).

    • Router Interface (to VBR): Traffic destined for the destination CIDR block is routed to the router interface that is associated with a VBR. Select this type if you want to connect the VPC to a data center through Express Connect circuits.

      You must also select from the following routing modes:

      • General Routing: Select an associated router interface.

      • Active/Standby Routing: Select two instances as the next hops. The active route has a weight of 100 and the standby route has a weight of 0. If the active route fails a health check, the standby route will take control.

      • Load Balancing Routing: Select two to eight instances as the next hops. The instances must have the same weight, which must be an integer from 0 to 255. Network traffic is evenly distributed across the next hops.

    • Router Interface (to VPC): Traffic destined for the destination CIDR block is routed to a specified VPC.

    • ECR: Traffic destined for the destination CIDR block is routed to the specified Express Connect Router (ECR).

    • Gateway Load Balancer Endpoint: Traffic destined for the destination CIDR block is routed to the Gateway Load Balancer Endpoint.

      Note

      China (Ulanqab) is the only region where you can set the Next Hop Type to Gateway Load Balancer Endpoint.

    If the region of the route table supports IPv6 CIDR blocks and you select IPv6 CIDR Block for Destination CIDR Block, the following next hop types are supported:

    • ECS Instance: Traffic destined for the destination CIDR block is routed to the specified ECS Instance.

    • IPv6 Gateway: Traffic destined for the destination CIDR block is routed to the specified IPv6 Gateway.

    • ENI: Traffic destined for the destination CIDR block is routed to the specified ENI.

    • Router Interface (to VBR): Traffic destined for the destination CIDR block is routed to the router interface that is associated with VBR. Select this type if you want to connect the VPC to a data center through Express Connect circuits.

      You must also select from the following routing modes:

      • General Routing: Select an associated router interface.

      • Load Balancing Routing: Select two to eight instances as the next hops. The instances must have the same weight, which must be an integer from 0 to 255. Network traffic is evenly distributed across the next hops.

    • ECR: Traffic destined for the destination CIDR block is routed to the specified ECR.

    • VPC Peering Connection: Traffic destined for the destination CIDR block is routed to a specified VPC peering connection.

    • Gateway Load Balancer Endpoint: Traffic destined for the destination CIDR block is routed to a specified Gateway Load Balancer Endpoint.

      Note

      China (Ulanqab) is the only region where you can set the Next Hop Type to Gateway Load Balancer Endpoint.

    After you specify the Next Hop Type, you can select an instance as the next hop. You can also go to the product page to create an instance.

Step 3: Associate the custom route table with a vSwitch

You can associate the custom route table with a vSwitch to manage the routes of the vSwitch.

Note
  • A route table can be associated with multiple vSwitches, but each vSwitch can only be linked to one route table at a time.

  • Associating a custom route table with a vSwitch automatically disassociates the system route table.

  • To disassociate a custom route table, use the Unbind option in the Actions column on the Associate vSwitch tab. The vSwitch will then revert to the system route table.

  • Custom route tables with a CIDR block matching a vSwitch cannot be associated with that vSwitch.

  1. On the Route Table page, find the custom route table that you want to manage and click its ID.

  2. On the details page of the route table, click the Associate vSwitch tab and click Associate vSwitch.

  3. In the Associate vSwitch dialog box, choose the vSwitch that you want to associate.

    On the Associate vSwitch tab, click the vSwitch ID in the vSwitch column to go to the vSwitch details page. Then, click the Route tab. In the Associated with Route Table section, you can verify that the route table associated with the vSwitch is a custom route table.

Related steps

Modify system route entries

You can modify the next hop of system route entries in a custom route table to direct traffic to ECS Instance or ENI for dynamic traffic management.

Note
  • You cannot modify the next hops of system route entries in a system route table.

  • Currently, China (Ulanqab) is the only region where you can modify the next hop of system route entries to the Gateway Load Balancer Endpoint.

  • After associating a custom route table with a vSwitch, you cannot modify the next hop of the system route entry with the same Destination CIDR Block as the vSwitch. For example, if a custom route table is associated with a vSwitch with a CIDR block of 172.16.0.0/24, the next hop of the route entry with a Destination CIDR Block of 172.16.0.0/24 cannot be modified.

  • After the next hop type and associated resource of a system route entry are modified, the route entry is converted to a custom route entry under the Custom Route Entries tab.

  1. On the Route Table page, select the desired route table instance by clicking its ID.

  2. Under the Route Entry List > System Route Entries tab, locate the system route entry to modify, and click Edit in the Operation column.

  3. In the Edit Route Table Entry dialog box, adjust the parameters as necessary.

    Configuration

    Description

    Destination CIDR Block

    Shows the destination CIDR block for traffic. The Destination CIDR Block is not modifiable.

    Next Hop Type

    The next hop types include Local, ECS Instance, or Elastic Network Interface or Gateway Load Balancer Endpoint.

    After you select a Next Hop Type, you must choose a specific instance from the corresponding list or create one through the product page.

Modify custom route entries

You can modify the next hop of custom route entries to manage network traffic and direct the traffic toward specific cloud resources.

Note
  • Modification of the next hop for custom route entries is currently supported only in Malaysia (Kuala Lumpur).

  • The next hop type of custom route entries with a Destination CIDR Block matching the CIDR block of a vSwitch in the VPC can only be changed to ECS Instance or Elastic Network Interface (ENI). For example, if a vSwitch has a CIDR block of 172.16.0.0/24, the next hop of the route entry with a Destination CIDR Block of 172.16.0.0/24 can be changed to an ECS Instance or Elastic Network Interface (ENI). Deleting the route entry reverts the route entry to a System Route Entry in the Local route tab.

  1. Navigate to the Route Table page and click the ID of the route table you want to modify.

  2. Click the Route Entry List > Custom Route tab, find the custom route entry that you want to manage, and click Edit in the Actions column.

  3. In the Modify Route Table dialog box, update the following parameters:

    Parameter

    Description

    Destination CIDR Block

    The destination CIDR block is displayed and cannot be modified.

    Next Hop Type

    Select the next hop type from the available options.

    After you select a Next Hop Type, you must then select a specific instance from the drop-down list or create a new instance on the corresponding product page.

Delete custom route entries

You can delete custom route entries in the following two ways:

  • Individually: Find the custom route entry that you want to delete and click Delete in the Actions column.

  • In batch: Select all the custom route entries that you want to delete and click Delete at the bottom of the page.

Enable and disable route advertisement

You can manage whether to receive dynamic routes by enabling the route advertisement feature.

Note

Accept Advertised Routes is enabled by default and the route table accepts routes advertised from dynamic sources. You can view Dynamic Route Source and route details under the Dynamic Route tab.

  1. On the Route Tables page, find the route table that you want to manage and click its ID.

  2. In the Route Table Details section, enable or disable the Accept Advertised Routes feature as needed.

    Note
    1. Whether Accept Advertised Routes can be disabled

      • If there are no dynamic routes synchronized to the VPC, you can disable this feature. In this case, you will not find any entries under the Dynamic Route tab in Route Entry List.

      • If the Dynamic Route Source is Route Advertisement Type - ECR, you can disable this feature. The route table will stop learning dynamic routes from the ECR.

      • You cannot disable it if the VPC is connected to a Cloud Enterprise Network (CEN) Basic Edition instance, or if an associated transit router or VPN gateway has route advertisement enabled.

    2. Impact of disabling the feature

      • The route table stops accepting routes advertised from dynamic sources and deletes all the existing dynamic routes in the table. Proceed with caution.

      • You cannot attach VPCs to CEN Basic Edition or enable route advertisement for the associated transit routers and VPN gateway.

    3. Impact of enabling the feature

      • A VPC can be associated with only one ECR instance at a time. After disabling and re-enabling the Accept Advertised Routes feature, the route table reconfigures and adds dynamic routes based on the dynamic routes it receives from the ECR.

      • For example, there are four dynamic route entries from the ECR. When the route advertisement is turned off, these entries are cleared. Later, if two new dynamic routes are added and the feature is turned back on, the VPC will have six dynamic routes.

Delete the custom route table

Note

Custom route tables can be deleted, whereas system route tables cannot. If a custom route table is associated with a vSwitch, you need to disassociate it before deletion.

On the Route Table page, locate the custom route table to delete and click Delete in the Actions column.

References

You can also manage route tables by using SDK, Terraform, or ROS. For more information, see the following documents: