On this page

Show all

Help Center/ Enterprise Router/ FAQs/ How Do I Route Traffic to 100.64.x.x Through an Enterprise Router?

How Do I Route Traffic to 100.64.x.x Through an Enterprise Router?

Updated on 2024-09-24 GMT+08:00

View PDF

Scenarios

A route with 100.64.x.x as the destination and an enterprise router as the next hop cannot be added to a VPC route table.

Solutions

If you want to route traffic to 100.64.x.x through an enterprise router, you need to create a transit VPC. Figure 1 shows the network diagram.

Figure 1 Transit VPC network diagram

The request traffic from the service VPC to the on-premises data center will be forwarded through the transit VPC, but the response traffic will not. For details, see Table 1.

**Table 1** Network traffic flows
Path	Description
Request traffic: service VPC → transit VPC → enterprise router → virtual gateway → on-premises data center	The service VPC route table has a route with the VPC peering connection as the next hop to forward traffic from the service VPC to the transit VPC. The transit VPC route table has a route with next hop set to the enterprise router to forward traffic from the transit VPC to the enterprise router. The enterprise router route table has a route with next hop set to virtual gateway attachment to forward traffic from the enterprise router to the virtual gateway. The virtual gateway is connected to the virtual interface. Traffic from the virtual gateway is forwarded to the physical connection through the remote gateway of the virtual interface Traffic is sent to the on-premises data center over the connection.
Response traffic: on-premises data center → virtual gateway → enterprise router → service VPC	Traffic is forwarded to the virtual interface through the connection. The virtual interface is connected to the virtual gateway. Traffic from the virtual interface is forwarded to the virtual gateway through the local gateway of the virtual interface. Traffic is forwarded from the virtual gateway to enterprise router. The enterprise router route table has a route with next hop set to the service VPC attachment to forward traffic from the enterprise router to the service VPC.

The required resources and routes are as follows:

Table 2: Required service VPC, transit VPC, enterprise router, and Direct Connect connection that connects the cloud and the on-premises data center
Table 3: Required routes of the service VPC, transit VPC, and enterprise router

**Table 2** Resource planning
Resource	Quantity	Description
VPC	2	Service VPC that your services are deployed and needs to be attached to the enterprise router VPC CIDR block: 10.1.0.0/16 Subnet CIDR block: 10.1.1.0/24
VPC	2	Transit VPC that is connected to the service VPC over a VPC peering connection and needs to be attached to the enterprise router VPC CIDR block: 192.168.0.0/16 Subnet CIDR block: 192.168.1.0/24
Enterprise router	1	Three attachments on the enterprise router: Service VPC attachment: service VPC Transit VPC attachment: transit VPC Virtual gateway attachment: virtual gateway of Direct Connect
Direct Connect	1	Connection Virtual gateway that needs to be attached to the enterprise router Virtual interface Local gateway: 10.0.0.1/30 Remote gateway: 10.0.0.2/30 Remote subnet: subnet of the on-premises data center (100.64.x.x)

**Table 3** Route planning
Route Table	Destination	Next Hop	Route Type
Service VPC	100.64.x.x	VPC peering connection	Static route (custom)
Transit VPC	2.2.2.2/32 NOTE: 2.2.2.2/32 is mandatory and must be added.	VPC peering connection	Static route (custom)
Transit VPC	0.0.0.0/0	Enterprise router	Static route (custom)
Enterprise router	10.1.0.0/16	Service VPC attachment	Propagated route
Enterprise router	100.64.x.x	Virtual gateway attachment	Propagated route

Submit a service ticket to request 100.64.x.x as the destination for 4.
Create a transit VPC, attach it to the enterprise router, and associate the transit VPC with the default route table of the enterprise router.
- The subnet of the transit VPC cannot overlap with that of the service VPC, or the VPC peering connection to be created in 3 cannot take effect.
- The transit VPC cannot have the following situations. Otherwise, the default route (0.0.0.0/0) to be configured in 4 cannot forward traffic.
  - An ECS in the VPC has an EIP bound.
  - The VPC is being used by ELB (either dedicated or shared load balancers), NAT Gateway, VPC Endpoint, and DCS.
Create a VPC peering connection between the service VPC and transit VPC.

Creating a VPC Peering Connection with Another VPC in Your Account

NOTICE:

You do not need to add routes for the VPC peering connection. For details about the routes to be added, see 4.
Add routes to the VPC route tables.
For details about required routes, see Table 3.
1. Add the route to the service VPC route table.
2. Add two routes to the transit VPC route table.

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel