- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Permissions Management
- VPC and Subnet
- Route Table and Route
- Virtual IP Address
-
Elastic Network Interface and Supplementary Network Interface
-
Elastic Network Interface
- Elastic Network Interface Overview
- Creating a Network Interface
- Viewing the Basic Information About a Network Interface
- Attaching a Network Interface to a Cloud Server
- Binding an EIP to a Network Interface
- Binding a Network Interface to a Virtual IP Address
- Detaching a Network Interface from an Instance or Unbinding an EIP from a Network Interface
- Changing Security Groups That Are Associated with a Network Interface
- Deleting a Network Interface
-
Supplementary Network Interfaces
- Supplementary Network Interface Overview
- Creating a Supplementary Network Interface
- Viewing the Basic Information About a Supplementary Network Interface
- Binding or Unbinding an EIP to or from a Supplementary Network Interface
- Changing Security Groups That Are Associated with a Supplementary Network Interface
- Deleting a Supplementary Network Interface
-
Network Interface Configuration Examples
- Binding an EIP to the Extended Network Interface of an ECS to Enable Internet Access
-
Configuring Policy-based Routes for an ECS with Multiple Network Interfaces
- Overview
- Collecting ECS Network Information
- Configuring IPv4 and IPv6 Policy-based Routes for a Linux ECS with Multiple Network Interfaces (CentOS)
- Configuring IPv4 and IPv6 Policy-based Routes for a Linux ECS with Multiple Network Interfaces (Ubuntu)
- Configuring IPv4 and IPv6 Policy-based Routes for a Windows ECS with Multiple Network Interfaces
-
Elastic Network Interface
-
Access Control
- Access Control Overview
-
Security Group
- Security Group and Security Group Rule Overview
- Default Security Groups
- Security Group Examples
- Common ECS Ports
- Managing a Security Group
-
Managing Security Group Rules
- Adding a Security Group Rule
- Fast-Adding Security Group Rules
- Allowing Common Ports with a Few Clicks
- Modifying a Security Group Rule
- Replicating a Security Group Rule
- Enabling or Disabling One or More Security Group Rules
- Importing and Exporting Security Group Rules
- Deleting One or More Security Group Rules
- Querying Security Group Rule Changes
- Managing Instances Added to a Security Group
- Network ACL
- IP Address Group
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage
- Creating a VPC Peering Connection to Connect Two VPCs in the Same Account
- Creating a VPC Peering Connection to Connect Two VPCs in Different Accounts
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Sharing
-
Edge Gateway
- Edge Gateway Overview
- Buying an Edge Gateway
- Associating VPCs with or Disassociating VPCs from an Edge Gateway
- Managing Edge Gateways
- Managing the Tags of an Edge Gateway
- Creating an Edge Connection
- Binding or Unbinding a Global Connection Bandwidth to and from an Edge Connection
- Managing Edge Connections
- IPv4/IPv6 Dual-Stack Network
- VPC Flow Log
-
Traffic Mirroring
- Traffic Mirroring
- Mirror Filters
-
Mirror Sessions
- Creating a Mirror Session
- Enabling or Disabling a Mirror Session
- Associating Mirror Sources with a Mirror Session
- Disassociating Mirror Sources from a Mirror Session
- Changing the Mirror Filter for a Mirror Session
- Changing the Mirror Target of a Mirror Session
- Modifying the Basic Information About a Mirror Session
- Viewing the Details About a Mirror Session
- Deleting a Mirror Session
- Traffic Mirroring Example Scenarios
- Monitoring and Auditing
- Managing Quotas
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- APIs
-
API V3
- VPC
- Security Group
- Security Group Rule
- IP Address Group
-
Supplementary Network Interface
- Creating a Supplementary Network Interface
- Creating Supplementary Network Interfaces in Batches
- Querying Supplementary Network Interfaces
- Querying the Details of a Supplementary Network Interface
- Querying the Number of Supplementary Network Interfaces
- Updating a Supplementary Network Interface
- Deleting a Supplementary Network Interface
-
Traffic Mirror Sessions
- Querying Traffic Mirror Sessions
- Querying Details About a Traffic Mirror Session
- Creating a Traffic Mirror Session
- Updating a Traffic Mirror Session
- Deleting a Traffic Mirror Session
- Disassociating a Traffic Mirror Source from a Traffic Mirror Session
- Associating a Traffic Mirror Source with a Traffic Mirror Session
- Traffic Mirror Filters
- Traffic Mirror Filter Rules
- Network ACL
- Network ACL Tag Management
- Port
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
- Application Examples
-
Permissions and Supported Actions
- Introduction
- VPC
- Subnet
- Port
- VPC Peering Connection
- VPC Route
- Route Table
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- VPC Tag
- Subnet Tag
- VPC Flow Log
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- VPC (V3)
- Security Group (V3)
- Security Group Rule (V3)
- IP Address Group (V3)
- Supplementary Network Interface (V3)
- Mirror Session (V3)
- Mirror Filter (V3)
- Mirror Filter Rule (V3)
- Network ACL (V3)
- Network ACL Tag (V3)
- Port (V3)
- Precautions for API Permissions
- FAQs
- Out-of-Date APIs
- Appendix
- SDK Reference
-
FAQs
-
Billing and Payments
- Will I Be Billed for Using the VPC Service?
- Why Is My VPC Still Being Billed After It Was Deleted?
- How Do I View My VPC Bills?
- How Is an EIP Charged?
- How Do I Change My EIP Billing Mode Between Pay-per-Use and Yearly/Monthly?
- How Do I Change the Billing Option of a Pay-per-Use EIP Between By Bandwidth and By Traffic?
-
VPCs and Subnets
- What Is Virtual Private Cloud?
- Which CIDR Blocks Are Available for the VPC Service?
- How Many VPCs Can I Create?
- Can Subnets Communicate with Each Other?
- What Subnet CIDR Blocks Are Available?
- Can I Change the CIDR Block of a Subnet?
- How Many Subnets Can I Create?
- How Do I Make the Changed DHCP Lease Time of a Subnet Take Effect Immediately?
- How Can I Make a Domain Name in a Subnet Take Effect Immediately After Being Changed?
- Why Can't I Delete My VPCs and Subnets?
- Can I Change the VPC of an ECS?
- Why Is the ECS IP Address Released After the System Time Is Changed?
- How Do I Change the DNS Server Address of an ECS?
-
EIPs
- How Do I Assign or Retrieve a Specific EIP?
- What Are the Differences Between EIPs, Private IP Addresses, and Virtual IP Addresses?
- Can I Change the Dedicated Bandwidth Used by an EIP to a Shared Bandwidth?
- How Many ECSs Can I Bind an EIP To?
- How Do I Access an ECS with an EIP Bound from the Internet?
- What Is the EIP Assignment Policy?
- Can I Bind an EIP of an ECS to Another ECS?
- Can I Buy a Specific EIP?
- How Do I Query the Region of My EIPs?
- How Can I Unbind an Existing EIP from an Instance and Bind Another EIP to the Instance?
- Can I Bind an EIP to a Cloud Resource in Another Region?
- Can I Change the Region of an EIP?
- VPC Peering Connections
- Virtual IP Addresses
-
Bandwidth
- What Are Inbound Bandwidth and Outbound Bandwidth?
- What Are the Differences Between Static BGP, Dynamic BGP, and Premium BGP?
- How Do I Know If My EIP Bandwidth Has Been Exceeded?
- What Are the Differences Between Public Bandwidth and Private Bandwidth?
- What Bandwidth Types Are Available?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around?
- How Many EIPs Can I Add to Each Shared Bandwidth?
- Can I Increase a Yearly/Monthly Bandwidth and Decrease It Later?
- What Is the Relationship Between Bandwidth and Upload/Download Rate?
-
Connectivity
- Does a VPN Allow Communication Between Two VPCs?
- Why Cannot I Access Public Websites Through Domain Names or Access Internal Domain Names on the Cloud When My ECS Has Multiple Network Interfaces?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Are There Intermittent Interruptions When a Local Host Accesses a Website Built on an ECS?
- Why Do ECSs Using Private IP Addresses in the Same Subnet Only Support One-Way Communication?
- Why Does Communication Fail Between Two ECSs in the Same VPC or Packet Loss Occur When They Communicate?
- Why Can't My ECS Use Cloud-init?
- Why Can't My ECS Access the Internet Even After an EIP Is Bound?
- Why Is My ECS Unable to Communicate at a Layer 2 or Layer 3 Network?
- How Do I Handle a BMS Network Failure?
- Why Does My ECS Fail to Obtain an IP Address?
- How Do I Handle a VPN or Direct Connect Connection Network Failure?
- Why Can My Server Be Accessed from the Internet But Cannot Access the Internet?
- Why Can't I Access Websites Using IPv6 Addresses After IPv4/IPv6 Dual Stack Is Configured?
- Why Does My ECS Fail to Communicate with Other After It Has Firewall Installed?
- Routing
-
Security
- Does a New Security Group Rule or a Network ACL Rule Take Effect Immediately for Existing Connections?
- Why Is Outbound Access on TCP Port 25 Blocked?
- How Do I Know the Instances Associated with a Security Group?
- Why Can't I Delete a Security Group?
- Can I Change the Security Group of an ECS?
- How Do I Configure a Security Group for Multi-Channel Protocols?
- Why Are Some Ports of ECSs Inaccessible?
- Why Is Access from a Specific IP Address Still Allowed After a Network ACL Rule That Denies the Access from the IP Address Has Been Added?
- Why Are My Security Group Rules Not Working?
-
Billing and Payments
- Videos
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- VPC and Subnet
- Route Tables
-
Virtual IP Address
- Virtual IP Address Overview
- Assigning a Virtual IP Address
- Binding a Virtual IP Address to an EIP or ECS
- Binding a Virtual IP Address to an EIP
- Unbinding a Virtual IP Address from an Instance
- Unbinding a Virtual IP Address from an EIP
- Releasing a Virtual IP Address
- Disabling IP Forwarding on the Standby ECS
- Disabling Source/Destination Check for an ECS NIC
-
Elastic Network Interface and Supplementary Network Interface
-
Elastic Network Interface
- Elastic Network Interface Overview
- Creating a Network Interface
- Viewing Basic Information About a Network Interface
- Attaching a Network Interface to an Instance
- Binding a Network Interface to an EIP
- Binding a Network Interface to a Virtual IP Address
- Detaching a Network Interface from an Instance or Unbinding an EIP from a Network Interface
- Changing Security Groups That Are Associated with a Network Interface
- Deleting a Network Interface
-
Supplementary Network Interfaces
- Supplementary Network Interface Overview
- Creating a Supplementary Network Interface
- Viewing Basic Information About a Supplementary Network Interface
- Binding or Unbinding a Supplementary Network Interface to or from an EIP
- Changing Security Groups That Are Associated with a Supplementary Network Interface
- Deleting a Supplementary Network Interface
-
Elastic Network Interface
-
Access Control
- What Is Access Control?
- Security Group
- Network ACL
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage Examples
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Flow Log
- Elastic IP
- Shared Bandwidth
- Monitoring
-
FAQ
- General Questions
- VPCs and Subnets
- EIPs
- VPC Peering Connections
- Bandwidth
-
Connectivity
- Does a VPN Allow Communication Between Two VPCs?
- Why Are Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When My ECS Has Multiple NICs?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Can't My ECS Access the Internet Even After an EIP Is Bound?
-
Routing
- Can a Route Table Span Multiple VPCs?
- How Many Routes Can a Route Table Contain?
- Are There Any Restrictions on Using a Route Table?
- Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC?
- Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC?
- Security
- Change History
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- VPC APIs (V1/V2)
-
VPC APIs (V3)
- VPC
- Security Group
- Security Group Rule
- IP Address Group
-
Supplementary Network Interface
- Creating a Supplementary Network Interface
- Creating Supplementary Network Interfaces in Batches
- Querying Supplementary Network Interfaces
- Querying the Details of a Supplementary Network Interface
- Querying the Number of Supplementary Network Interfaces
- Updating a Supplementary Network Interface
- Deleting a Supplementary Network Interface
- Network ACL
- Network ACL Tag Management
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
-
Permissions and Supported Actions
- Introduction
- VPC
- Subnet
- Port
- VPC Peering Connection
- VPC Route
- Route Table
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- VPC Tag
- Subnet Tag
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- VPC (V3)
- Security Group (V3)
- Security Group Rule (V3)
- IP Address Group (V3)
- Supplementary Network Interface (V3)
- Network ACL (V3)
- Network ACL Tag (V3)
- Precautions for API Permissions
- Out-of-Date APIs
- Appendix
- Change History
-
User Guide (Paris Regions)
- Service Overview
- Getting Started
- VPC and Subnet
-
Access Control
- Differences Between Security Groups and Network ACLs
- Security Group
- Network ACL
- Elastic IP
- Shared Bandwidth
- Route Tables
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage Examples
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Flow Log
-
Virtual IP Address
- Virtual IP Address Overview
- Assigning a Virtual IP Address
- Binding a Virtual IP Address to an EIP or ECS
- Binding a Virtual IP Address to an EIP
- Unbinding a Virtual IP Address from an Instance
- Unbinding a Virtual IP Address from an EIP
- Releasing a Virtual IP Address
- Disabling IP Forwarding on the Standby ECS
- Disabling Source/Destination Check for an ECS NIC
- Interconnecting with CTS
- Monitoring
-
FAQ
- General Questions
- Billing and Payments
- VPCs and Subnets
-
EIPs
- What Are the Differences Between EIP, Private IP Address, and Virtual IP Address?
- How Do I Access the Internet Using an EIP Bound to an Extension NIC?
- What Are the Differences Between the Primary and Extension NICs of ECSs?
- Can an EIP That Uses Dedicated Bandwidth Be Changed to Use Shared Bandwidth?
- Can I Bind an EIP to Multiple ECSs?
- How Do I Access an ECS with an EIP Bound from the Internet?
- Can I Bind an EIP of an ECS to Another ECS?
- How Do I Unbind an EIP from an Instance and Bind a New EIP to the Instance?
- Can I Bind an EIP to a Cloud Resource in Another Region?
- Can I Change the Region of My EIP?
- VPC Peering Connections
- Virtual IP Addresses
-
Bandwidth
- What Are Inbound Bandwidth and Outbound Bandwidth?
- How Do I Know If My EIP Bandwidth Limit Has Been Exceeded?
- What Are the Differences Between Public Bandwidth and Private Bandwidth?
- What Is the Bandwidth Size Range?
- What Bandwidth Types Are Available?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth?
- Is There a Limit to the Number of EIPs That Can Be Added to Each Shared Bandwidth?
- What Is the Relationship Between Bandwidth and Upload/Download Rate?
-
Connectivity
- Does a VPN Allow Communication Between Two VPCs?
- Why Are Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When My ECS Has Multiple NICs?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Are There Intermittent Interruptions When a Local Host Accesses a Website Built on an ECS?
- Why Do ECSs Using Private IP Addresses in the Same Subnet Only Support One-Way Communication?
- Why Does Communication Fail Between Two ECSs in the Same VPC or Packet Loss Occur When They Communicate?
- Why Can't My ECS Use Cloud-init?
- Why Can't My ECS Access the Internet Even After an EIP Is Bound?
- Why Does My ECS Fail to Obtain an IP Address?
- How Do I Handle a VPN or Direct Connect Connection Network Failure?
- Why Can My Server Be Accessed from the Internet But Cannot Access the Internet?
- Why Can't I Access Websites Using IPv6 Addresses After IPv4/IPv6 Dual Stack Is Configured?
- Why Does My ECS Fail to Communicate with Other After It Has Firewall Installed?
-
Routing
- How Do I Configure Policy-Based Routes for an ECS with Multiple NICs?
- Can a Route Table Span Multiple VPCs?
- How Many Routes Can a Route Table Contain?
- Are There Any Restrictions on Using a Route Table?
- Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC?
- Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC?
-
Security
- Are the Security Group Rules Considered the Same If All Parameters Except Their Description Are the Same?
- How Do I Know the Instances Associated with a Security Group?
- Why Can't I Delete a Security Group?
- Can I Change the Security Group of an ECS?
- How Do I Configure a Security Group for Multi-Channel Protocols?
- Does a Modified Security Group Rule or a Network ACL Rule Take Effect Immediately for Existing Connections?
- Which Security Group Rule Has a High Priority When Multiple Security Group Rules Conflict?
- Why Is Access from a Specific IP Address Still Allowed After a Network ACL Rule That Denies the Access from the IP Address Has Been Added?
- Why Do My Security Group Rules Not Take Effect?
- Change History
-
API Reference (Paris Regions)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
APIs
- Virtual Private Cloud
- Subnet
- EIP
- Bandwidth
- Bandwidth (V2.0)
- Quota
- Private IP Address
- Security Group
- VPC Peering Connection
- VPC Route
- Route Table
- VPC Tag Management
- Subnet Tag Management
- EIP Tag Management
- VPC Flow Log
-
Virtual IP Address
- Virtual IP Address Overview
- Binding an ECS to a Virtual IP Address
- Accessing a Virtual IP Address Using an EIP
- Using a VPN to Access the Virtual IP Address
- Using a Direct Connect Connection to Access the Virtual IP Address
- Using a VPC Peering Connection to Access the Virtual IP Address
- Disabling Source and Destination Check (HA Load Balancing Cluster Scenario)
- API V3
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
- Floating IP Address
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
- Application Examples
-
Permissions Policies and Supported Actions
- VPC
- Subnet
- EIP
- Bandwidth
- Bandwidth (V2.0)
- EIP V3
- VPC Peering Connection
- VPC Route
- Route Table
- Quota
- Private IP Address
- Security Group
- VPC Flow Log
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Floating IP Address (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- Precautions for API Permissions
- Appendix
- Change History
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
- VPC and Subnet
- Route Tables
- Virtual IP Address
-
Access Control
- What Is Access Control?
- Security Group
- Network ACL
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage Examples
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Flow Log
- Elastic IP
- Shared Bandwidth
- Interconnecting with CTS
- Monitoring
-
FAQ
- General Questions
- VPCs and Subnets
- EIPs
- VPC Peering Connections
- Bandwidth
- Connectivity
-
Routing
- Can a Route Table Span Multiple VPCs?
- How Many Routes Can a Route Table Contain?
- Are There Any Restrictions on Using a Route Table?
- Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC?
- Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC?
- Security
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- APIs
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
-
Permissions Policies and Supported Actions
- VPC
- Subnet
- Port
- VPC Peering Connection
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- VPC Tags
- Subnet Tags
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- Precautions for API Permissions
- Out-of-Date APIs
- Appendix
- Change History
-
User Guide (Ankara Region)
- Service Overview
- Getting Started
- VPC and Subnet
- Route Tables
-
Virtual IP Address
- Virtual IP Address Overview
- Assigning a Virtual IP Address
- Binding a Virtual IP Address to an EIP or ECS
- Binding a Virtual IP Address to an EIP
- Unbinding a Virtual IP Address from an Instance
- Unbinding a Virtual IP Address from an EIP
- Releasing a Virtual IP Address
- Disabling IP Forwarding on the Standby ECS
- Disabling Source/Destination Check for an ECS NIC
-
Elastic Network Interface and Supplementary Network Interface
-
Elastic Network Interface
- Elastic Network Interface Overview
- Creating a Network Interface
- Viewing Basic Information About a Network Interface
- Attaching a Network Interface to an Instance
- Binding a Network Interface to an EIP
- Binding a Network Interface to a Virtual IP Address
- Detaching a Network Interface from an Instance or Unbinding an EIP from a Network Interface
- Changing Security Groups That Are Associated with a Network Interface
- Deleting a Network Interface
-
Supplementary Network Interfaces
- Supplementary Network Interface Overview
- Creating a Supplementary Network Interface
- Viewing Basic Information About a Supplementary Network Interface
- Binding or Unbinding a Supplementary Network Interface to or from an EIP
- Changing Security Groups That Are Associated with a Supplementary Network Interface
- Deleting a Supplementary Network Interface
-
Elastic Network Interface
-
Access Control
- What Is Access Control?
- Security Group
- Network ACL
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Usage Examples
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Obtaining the Peer Project ID of a VPC Peering Connection
- Modifying a VPC Peering Connection
- Viewing VPC Peering Connections
- Deleting a VPC Peering Connection
- Modifying Routes Configured for a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting Routes Configured for a VPC Peering Connection
- VPC Flow Log
- Elastic IP
- Shared Bandwidth
- Monitoring
- Permissions Management
-
FAQ
- General Questions
- VPCs and Subnets
- EIPs
- VPC Peering Connections
- Bandwidth
- Connectivity
- Routing
-
Security
- Does a Modified Security Group Rule or a Network ACL Rule Take Effect Immediately for Existing Connections?
- Why Can't I Delete a Security Group?
- Can I Change the Security Group of an ECS?
- How Do I Configure a Security Group for Multi-Channel Protocols?
- Which Security Group Rule Has a High Priority When Multiple Security Group Rules Conflict?
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- APIs
- API V3
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
- Floating IP Address
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
-
Permissions Policies and Supported Actions
- Introduction
- VPC
- Subnet
- EIP
- Bandwidth
- Bandwidth (V2.0)
- EIP V3
- Port
- VPC Peering Connection
- VPC Route
- Route Table
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Floating IP Address (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- Precautions for API Permissions
- Appendix
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Route Table and Route Overview
What Is a Route Table?
A route table contains a set of routes that are used to control the traffic in and out of your subnets in a VPC. Each subnet must be associated with a route table. A subnet can only be associated with one route table, but a route table can be associated with multiple subnets.
Both IPv4 and IPv6 routes are supported.
![](https://support.huaweicloud.com/intl/en-us/usermanual-vpc/en-us_image_0000001650535960.png)
- Default route table: Each VPC comes with a default route table. If you create a subnet in a VPC, the subnet associates with the default route table. The default route table ensures that subnets in a VPC can communicate with each other.
- You can add routes to, delete routes from, and modify routes in the default route table, but cannot delete the table.
- When you create a VPN, Cloud Connect, or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified.
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
The custom route table associated with a subnet only controls the outbound traffic. The default route table of a subnet controls the inbound traffic.
By default, the quota for custom route tables is 0. To create custom route tables, apply for a quota increase first.
Route
You can add routes to both default and custom route tables and configure the destination, next hop type, and next hop for the routes to determine where network traffic is directed. Routes are classified into system routes and custom routes.
- System route: A system route is automatically added by the VPC service or other services (such as VPN and Direct Connect) and cannot be deleted or modified.
Each route table comes with routes whose next hops are Local. Generally, a route table contains the following local routes:
- Routes whose destination is 100.64.0.0/10, which is used to deploy public services, for example, the DNS servers. The route directs instances in a subnet to access these services.
- Routes whose destination is 198.19.128.0/20 (IP address range used by internal services, such as VPC Endpoint).
- Routes whose destination is 127.0.0.0/8 (local loopback addresses)
- Routes whose destination is a subnet CIDR block that enables instances in a VPC to communicate with each other.
- Custom route: After a route table is created, you can add custom routes and configure information such as the destination and next hop in the route to determine where network traffic is directed. In addition to manually added custom routes, there are custom routes added by other cloud services, such as Cloud Container Engine (CCE) or NAT Gateway.
Route tables include default route tables and custom route tables. They support the next hop types described in Table 1 and Table 2. The default route table supports fewer next hop types than a custom route table. This is because some basic services like VPN, Direct Connect, and Cloud Connect automatically add routes to the default table.
Table 1 Next hop types supported by the default route table Next Hop Type
Description
Server
Traffic intended for the destination is forwarded to an ECS in the VPC.
Extension NIC
Traffic intended for the destination is forwarded to the extended network interface of an ECS in the VPC.
Supplementary network interface
Traffic intended for the destination is forwarded to the supplementary network interface of an ECS in the VPC.
NAT gateway
Traffic intended for the destination is forwarded to a NAT gateway.
VPC peering connection
Traffic intended for the destination is forwarded to a VPC peering connection.
Virtual IP address
Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound.
VPC endpoint
Traffic intended for the destination is forwarded to a VPC endpoint.
Cloud container
Traffic intended for the destination is forwarded to a cloud container.
Enterprise router
Traffic intended for the destination is forwarded to an enterprise router.
Cloud firewall
Traffic intended for the destination is forwarded to a cloud firewall.
Global internet gateway
Traffic intended for the destination is forwarded to a global internet gateway.
Table 2 Next hop types supported by a custom route table Next Hop Type
Description
Server
Traffic intended for the destination is forwarded to an ECS in the VPC.
Extension NIC
Traffic intended for the destination is forwarded to the extended network interface of an ECS in the VPC.
BMS user-defined network
Traffic intended for the destination is forwarded to a BMS user-defined network.
VPN gateway
Traffic intended for the destination is forwarded to a VPN gateway.
Direct Connect gateway
Traffic intended for the destination is forwarded to a Direct Connect gateway.
Cloud connection
Traffic intended for the destination is forwarded to a cloud connection.
Supplementary network interface
Traffic intended for the destination is forwarded to the supplementary network interface of an ECS in the VPC.
NAT gateway
Traffic intended for the destination is forwarded to a NAT gateway.
VPC peering connection
Traffic intended for the destination is forwarded to a VPC peering connection.
Virtual IP address
Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound.
VPC endpoint
Traffic intended for the destination is forwarded to a VPC endpoint.
Cloud container
Traffic intended for the destination is forwarded to a cloud container.
Enterprise router
Traffic intended for the destination is forwarded to an enterprise router.
Cloud firewall
Traffic intended for the destination is forwarded to a cloud firewall.
Global internet gateway
Traffic intended for the destination is forwarded to a global internet gateway.
NOTE:
If you specify the destination when creating a resource, a system route is delivered. If you do not specify a destination when creating a resource, a custom route that can be modified or deleted is delivered.
For example, when you create a NAT gateway, the system automatically delivers a custom route without a specific destination (0.0.0.0/0 is used by default). In this case, you can change the destination. However, when you create a VPN gateway, you need to specify the remote subnet as the destination of a route. In this case, this route will be delivered as a system route. Do not modify the route destination on the Route Tables page. If you do, the destination will be inconsistent with the configured remote subnet. To modify the route destination, go to the specific resource page and modify the remote subnet, then the route destination will be changed accordingly.
You cannot add a route whose next hop type is VPC endpoint or Cloud container to a route table. These routes are automatically added by the VPC Endpoint or CCE service.
Notes and Constraints
- A VPC can be associated with a maximum of five route tables, including the default route table and four custom route tables.
- All route tables in a VPC can have a maximum of 1,000 routes, excluding system routes.
- Generally, the destination of a custom route cannot overlap with that of a local route. The destination of a local route can be a subnet CIDR block and CIDR blocks that are used for internal communications.
- You cannot add two routes with the same destination to a VPC route table even if their next hop types are different.
- When adding routes to a VPC route table, remember the route priority described in Table 3.
Table 3 Route priorities Route Priority
Description
Local routes preferentially matched
A local route is the default route for communications within a VPC. They have the highest priority.
Most accurate route (longest prefix match)
If there are multiple routes that match the request destination, the longest prefix match routing is used. This means the route that has the longest subnet mask is preferentially used to determine the next hop.
Example:- A request is destined for 192.168.1.12/32.
- The destination of route A is 192.168.0.0/16, with an ECS (ECS-A) as the next hop.
- The destination of route B is 192.168.1.0/24, with a VPC peering connection as the next hop.
According to the longest prefix match routing rule, the request preferentially matches route B and will be forwarded to the VPC peering connection.
EIP
If a custom route in the route table points to 0.0.0.0/0 and an ECS in the subnet has an EIP bound, the EIP has a higher priority. In this case, the EIP is used to access the Internet by default.
Example:- The destination of route A is 0.0.0.0/0, with an NAT gateway as the next hop.
- An ECS in a VPC subnet has an EIP bound.
In this case, the ECS will use the EIP to access the Internet instead of the NAT gateway.
Figure 2 Viewing VPC route tables
Custom Route Table Configuration Process
![](https://support.huaweicloud.com/intl/en-us/usermanual-vpc/en-us_image_0000001908228884.png)
No. |
Step |
Description |
Reference |
---|---|---|---|
1 |
Create a custom route table. |
If your default route table cannot meet your service requirements, you can create a custom route table. The custom route table associated with a subnet only controls the outbound traffic. The default route table of a subnet controls the inbound traffic. |
|
2 |
Add a route. |
You can add a custom route and configure information such as the destination and next hop in the route to determine where network traffic is directed. |
|
3 |
Associate the route table with a subnet. |
After a route table is associated with a subnet, the routes in the route table control the routing for the subnet and apply to all cloud resources in the subnet. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot