Advertise static routes to an ECR to allow a data center to communicate with the cloud and the Internet - Virtual Private Cloud

If a virtual private cloud (VPC) cannot advertise static routes to an Express Connect Router (ECR), the VPC cannot advertise routes to a data center through Border Gateway Protocol (BGP) because an ECR supports only BGP. You can use a VPC to advertise static routes to an ECR and use BGP to implement dynamic route advertisement to reduce route complexity.

Feature description

A VPC can advertise static routes to an ECR. You can advertise a custom route of a VPC system route table to an ECR to implement dynamic route advertisement. If no route conflicts occur, the data center associated with the ECR can learn the route.

Note

Malaysia (Kuala Lumpur) now supports the advertisement of static routes to ECR.
After a VPC is associated with an ECR, system routes of the VPC are advertised to the ECR by default.
After static routes are advertised to an ECR, the routes are dynamically advertised to virtual border routers (VBRs) and data centers associated with the ECR. However, the routes are not advertised to other VPCs associated with the ECR.
If an advertised static route has conflicts, you can view the route on the Routes tab of the ECR. The status of the route is Conflicting and the route does not take effect.

Key features

Simplified route configuration: You can advertise static routes in the VPC console and do not need to go to the Express Connect console. This reduces configuration complexity.
Dynamic route advertisement: You can use the static route advertisement feature of VPC together with BGP to implement dynamic route advertisement.

Limits

You cannot advertise routes in VPC custom route tables to an ECR.
You cannot advertise routes that use prefix lists to an ECR.
You cannot advertise active/standby routes and load balancing routes created by a VPC to an ECR. After VPC routes are advertised to an ECR, you cannot configure the routes as load balancing routes or active/standby routes.
If you modify the route after VPC routes are advertised to an ECR, you can specify only a next hop that supports route advertisement.

The following table describes the default advertisement status of different VPC route types, and whether the route types support advertisement or withdrawal.

Route type	Source instance	Advertised by default	Advertisement	Withdrawal
VPC system routes	VPC	Yes	Supported	Unsupported
Routes that point to IPv4 gateways	VPC	No	Supported	Supported
Routes that point to IPv6 gateways	VPC	No	Supported	Supported
Routes that point to NAT gateways	VPC	No	Supported	Supported
Routes that point to VPC peering connections	VPC	No	Unsupported	Unsupported
Routes that point to transit routers	VPC	No	Unsupported	Unsupported
Routes that point to VPN gateways	VPC	No	Supported	Supported
Routes that point to Elastic Compute Service (ECS) instances	VPC	No	Supported	Supported
Routes that point to elastic network interfaces (ENIs)	VPC	No	Supported	Supported
Routes that point to high-availability virtual IP addresses (HAVIPs)	VPC	No	Supported	Supported
Routes that point to router interfaces (to VBR)	VPC	No	Unsupported	Unsupported
Routes that point to router interfaces (to VPC)	VPC	No	Unsupported	Unsupported
Route that point to ECRs	VPC	No	Unsupported	Unsupported

Sample scenario

You have a data center in China (Hangzhou) and have created a VPC. You want the data center to communicate with the VPC and the Internet.

You can associate the VPC and VBR with an ECR, create an Internet NAT gateway with an EIP, and advertise routes to the ECR. If no route conflicts occur, the data center associated with the ECR can learn routes that point to the NAT gateway. This way, the data center can access the Internet.

Prerequisites

A VPC is created in China (Hangzhou) and vSwitches are created in the VPC. For more information, see Create and manage a VPC.
An Internet NAT gateway associated with an EIP is created. For more information, see Purchase an Internet NAT gateway and an EIP.
An ECR is created. For more information, see Create and manage an ECR.
A Express Connect circuit and a VBR are created. For more information, see Create and manage a dedicated connection over an Express Connect circuit and Create and manage a VBR.
The VBR and the VPC are associated with the ECR. The data center can communicate with the VPC through private networks. For more information, see Associate a VRB and a VPC with an ECR.
BFD is enabled for the VBR and BGP is enabled for the data center and VBR. For more information, see Configure BGP and enable BFD for a VBR.

Procedure

Step 1: Advertise static routes to the ECR

Log on to the VPC console.
In the left-side navigation pane, click Route Tables.
In the top navigation bar, select the region of the VPC.
On the Route Tables page, click the ID of the route table.
On the details page of the route table, click the Route Entry List tab, and then click the Custom Route tab.
Find the route that you want to advertise and click Advertise in the VPC Route Status column.
Note
After a route is advertised, the ECR advertises the route to the associated data center and does not advertise the route to other VPCs associated with the ECR.

Step 2: Check the result

Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, click the ECR ID.
On the Routes tab, you can view the route whose next hop is VPC1 and destination CIDR block is 0.0.0.0/0.
Click the VBR tab and click the VBR that you want to manage. On the Virtual Border Routers (VBRs) page, click the Routes tab.
On the ECR Route Entry tab, you can view the route whose next hop is the ECR and destination CIDR block is 0.0.0.0/0.

What to do next

Withdraw routes

If routes to be advertised from the data center conflict with the routes advertised to the ECR from the VPC, you can withdraw the advertised routes.

Log on to the VPC console.
In the left-side navigation pane, click Route Tables.
In the top navigation bar, select the region of the VPC.
On the Route Tables page, click the ID of the route table.
On the details page of the route table, click the Route Entry List tab, and then click the Custom Route tab.
Find the route and click Withdraw in the VPC Route Status column.
Note
After the route is withdrawn, the data center associated with the ECR can no longer learn the route.

FAQ

What are the route advertising rules of a VPC that uses an ECR and a transit router for hybrid cloud networking?

If your VPC uses an ECR to communicate with a data center and your VPC is attached to a CEN instance to build a hybrid cloud, the rules for CEN to advertise routes and for the VPC to advertise static routes to the ECR remain unchanged. CEN can advertise custom routes to the transit router and network instances associated with the transit router can learn the routes if no route conflicts occur. The ECR can advertise routes to the associated VBR and data center through BGP, but does not advertise the routes to associated VPCs.

For more information about the route status and whether route advertisement is supported for different route types, see Advertise routes to a transit router.