Problem
A virtual private cloud (VPC) route table or Cloud Enterprise Network (CEN) instance displays a route conflict error:
-
A VPC route table displays Conflict on the System Route tab.
-
A CEN instance displays Route Conflict on the Network Routes tab.
Causes
This error occurs for one of the following reasons:
-
The CIDR blocks of two or more VPCs overlap.
-
A VPC is attached to a CEN instance while also using a VPC peering connection, and the peer route overlaps with a CEN route.
-
The route quota of the CEN instance is exhausted.
Solution 1: Resolve overlapping VPC CIDR blocks
Example scenario
VPC1 and VPC2 in the China (Hangzhou) region are attached to the same CEN instance. Their CIDR blocks overlap as shown in the following table. The VPC route tables display Conflict on the System Route tab, and the CEN instance displays Route Conflict on the Network Routes tab.
|
Network instance |
CIDR block |
|
VPC1 |
Primary CIDR block: 172.16.0.0/16 CIDR block of vSwitch1: 172.16.0.0/24 CIDR block of vSwitch2: 172.16.1.0/29 CIDR block of vSwitch3: 172.16.102.40/29 CIDR block of vSwitch4: 172.16.100.0/24 |
|
VPC2 |
Primary CIDR block: 172.16.0.0/16 CIDR block of vSwitch1: 172.16.0.0/24 CIDR block of vSwitch2: 172.16.1.0/29 CIDR block of vSwitch3: 172.16.10.0/24 CIDR block of vSwitch4: 172.16.2.0/24 |
Step 1: Identify the overlapping CIDR blocks
View overlapping CIDR blocks in the VPC console or the CEN console:
-
VPC console: Log on to the VPC console, click the ID of the VPC, and then check the System Route tab.
-
CEN console: Log on to the CEN console, find the CEN instance, and then navigate to the Basic Information > Transit Router tab. Click the ID of the transit router to which the VPC is connected, and then check the Network Routes tab.
Step 2: Fix the overlapping CIDR blocks
Use one of the following approaches:
-
Delete the overlapping vSwitch. For more information, see What do I do if the CIDR blocks of vSwitches overlap with each other?
-
Remove the VPC with the overlapping CIDR block from CEN. In the CEN console, delete the network instance connection. For more information, see Delete a network instance connection.
Overlapping CIDR blocks cannot communicate with other VPCs. CEN preferentially selects the CIDR blocks of other VPCs that are attached to the CEN instance.
-
Use a NAT gateway. For more information, see Allow VPCs with overlapping CIDR blocks to access each other by using VPC NAT gateways.
Solution 2: Resolve conflicts between VPC peering connection routes and CEN routes
This issue affects only VPCs connected to Basic Edition transit routers. VPCs connected to Enterprise Edition transit routers are not affected.
Example scenario
VPC1, VPC2, and VPC3 are deployed in the same region. VPC1 and VPC2 are connected through a VPC peering connection. VPC1 and VPC3 are connected through CEN. The VPC1-to-VPC2 connection is configured first. After the VPC1-to-VPC3 CEN connection is configured, VPC3 displays the Route Conflict error.
Step 1: Identify the overlapping CIDR blocks
View overlapping CIDR blocks in the VPC console or the CEN console:
-
VPC console: Log on to the VPC console and navigate to the System Route tab of VPC3 to view the overlapping CIDR block.
-
CEN console: Log on to the CEN console and click the ID of the CEN instance. On the Basic Information > Transit Router tab, click the ID of the transit router to which VPC3 is connected. On the Network Routes tab, view the overlapping CIDR block.
Step 2: Fix the overlapping CIDR blocks
Set the destination CIDR block for the peering connection route to a smaller CIDR block, such as 172.16.0.0/25 or 172.16.0.0/20. Make sure that the destination CIDR block differs from the CIDR block of VPC3.
Peering connection routes learned by VPCs are classified as custom routes, which have a higher priority than routes learned by the CEN instance.
Solution 3: Resolve CEN route quota exhaustion
Step 1: Check for quota exhaustion events
-
Log on to the CloudMonitor console.
-
In the left-side navigation pane, choose Event Center > System Event.
-
On the System Event page, view the system events for CEN and check whether the
QuotaExceeded:Routeevent exists.
Step 2: Set up proactive monitoring
Create a threshold-triggered alert rule for the route quota to receive notifications promptly. For more information, see Monitor route usage.
Applicable scope
-
VPC
-
CEN