Route Table and Route Overview
What Is a Route Table?
A route table contains a set of routes that are used to control the traffic in and out of your subnets in a VPC. Each subnet must be associated with a route table. A subnet can only be associated with one route table, but a route table can be associated with multiple subnets.
Both IPv4 and IPv6 routes are supported.
- Default route table: Each VPC comes with a default route table. If you create a subnet in a VPC, the subnet associates with the default route table. The default route table ensures that subnets in a VPC can communicate with each other.
- You can add routes to, delete routes from, and modify routes in the default route table, but cannot delete the table.
- When you create a VPN, Cloud Connect, or Direct Connect connection, the default route table automatically delivers a route that cannot be deleted or modified.
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
The custom route table associated with a subnet only controls the outbound traffic. The default route table of a subnet controls the inbound traffic.
By default, the quota for custom route tables is 0. To create custom route tables, apply for a quota increase first.
Route
You can add routes to both default and custom route tables and configure the destination, next hop type, and next hop for the routes to determine where network traffic is directed. Routes are classified into system routes and custom routes.
- System route: A system route is automatically added by the VPC service or other services (such as VPN and Direct Connect) and cannot be deleted or modified.
Each route table comes with routes whose next hops are Local. Generally, a route table contains the following local routes:
- Routes whose destination is 100.64.0.0/10, which is used to deploy public services, for example, the DNS servers. The route directs instances in a subnet to access these services.
- Routes whose destination is 198.19.128.0/20 (IP address range used by internal services, such as VPC Endpoint).
- Routes whose destination is 127.0.0.0/8 (local loopback addresses)
- Routes whose destination is a subnet CIDR block that enables instances in a VPC to communicate with each other.
- Custom route: After a route table is created, you can add custom routes and configure information such as the destination and next hop in the route to determine where network traffic is directed. In addition to manually added custom routes, there are custom routes added by other cloud services, such as Cloud Container Engine (CCE) or NAT Gateway.
Route tables include default route tables and custom route tables. They support the next hop types described in Table 1 and Table 2. The default route table supports fewer next hop types than a custom route table. This is because services like VPN, Direct Connect, and Cloud Connect automatically add routes to the default table.
Table 1 Next hop types supported by the default route table Next Hop Type
Description
Server
Traffic intended for the destination is forwarded to an ECS in the VPC.
Extension NIC
Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC.
Supplementary network interface
Traffic intended for the destination is forwarded to the supplementary network interface of an ECS in the VPC.
NAT gateway
Traffic intended for the destination is forwarded to a NAT gateway.
VPC peering connection
Traffic intended for the destination is forwarded to a VPC peering connection.
Virtual IP address
Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound.
VPC endpoint
Traffic intended for the destination is forwarded to a VPC endpoint.
Cloud container
Traffic intended for the destination is forwarded to a cloud container.
Enterprise router
Traffic intended for the destination is forwarded to an enterprise router.
Cloud firewall
Traffic intended for the destination is forwarded to a cloud firewall.
Global internet gateway
Traffic intended for the destination is forwarded to a global internet gateway.
Table 2 Next hop types supported by a custom route table Next Hop Type
Description
Server
Traffic intended for the destination is forwarded to an ECS in the VPC.
Extension NIC
Traffic intended for the destination is forwarded to the extension NIC of an ECS in the VPC.
BMS user-defined network
Traffic intended for the destination is forwarded to a BMS user-defined network.
VPN gateway
Traffic intended for the destination is forwarded to a VPN gateway.
Direct Connect gateway
Traffic intended for the destination is forwarded to a Direct Connect gateway.
Cloud connection
Traffic intended for the destination is forwarded to a cloud connection.
Supplementary network interface
Traffic intended for the destination is forwarded to the supplementary network interface of an ECS in the VPC.
NAT gateway
Traffic intended for the destination is forwarded to a NAT gateway.
VPC peering connection
Traffic intended for the destination is forwarded to a VPC peering connection.
Virtual IP address
Traffic intended for the destination is forwarded to a virtual IP address and then sent to active and standby ECSs to which the virtual IP address is bound.
VPC endpoint
Traffic intended for the destination is forwarded to a VPC endpoint.
Cloud container
Traffic intended for the destination is forwarded to a cloud container.
Enterprise router
Traffic intended for the destination is forwarded to an enterprise router.
Cloud firewall
Traffic intended for the destination is forwarded to a cloud firewall.
Global internet gateway
Traffic intended for the destination is forwarded to a global internet gateway.
If you specify the destination when creating a resource, a system route is delivered. If you do not specify a destination when creating a resource, a custom route that can be modified or deleted is delivered.
For example, when you create a NAT gateway, the system automatically delivers a custom route without a specific destination (0.0.0.0/0 is used by default). In this case, you can change the destination. However, when you create a VPN gateway, you need to specify the remote subnet as the destination of a route. In this case, this route will be delivered as a system route. Do not modify the route destination on the Route Tables page. If you do, the destination will be inconsistent with the configured remote subnet. To modify the route destination, go to the specific resource page and modify the remote subnet, then the route destination will be changed accordingly.
You cannot add a route whose next hop type is VPC endpoint or Cloud container to a route table. These routes are automatically added by the VPC Endpoint or CCE service.
Notes and Constraints
- A VPC can be associated with a maximum of five route tables, including the default route table and four custom route tables.
- All route tables in a VPC can have a maximum of 1,000 routes, excluding system routes.
- Generally, the destination of a custom route cannot overlap with that of a local route. The destination of a local route can be a subnet CIDR block and CIDR blocks that are used for internal communications.
- You cannot add two routes with the same destination to a VPC route table even if their next hop types are different.
- When adding routes to a VPC route table, remember the route priority described in Table 3.
Table 3 Route priorities Route Priority
Description
Local routes preferentially matched
A local route is the default route for communications within a VPC. They have the highest priority.
Most accurate route (longest prefix match)
If there are multiple routes that match the request destination, the longest prefix match routing is used. This means the route that has the longest subnet mask is preferentially used to determine the next hop.
Example:- A request is destined for 192.168.1.12/32.
- The destination of route A is 192.168.0.0/16, with an ECS (ECS-A) as the next hop.
- The destination of route B is 192.168.1.0/24, with a VPC peering connection as the next hop.
According to the longest prefix match routing rule, the request preferentially matches route B and will be forwarded to the VPC peering connection.
EIP
If a custom route in the route table points to 0.0.0.0/0 and an ECS in the subnet has an EIP bound, the EIP has a higher priority. In this case, the EIP is used to access the Internet by default.
Example:- The destination of route A is 0.0.0.0/0, with an NAT gateway as the next hop.
- An ECS in a VPC subnet has an EIP bound.
In this case, the ECS will use the EIP to access the Internet instead of the NAT gateway.
Figure 2 Viewing VPC route tables
Custom Route Table Configuration Process
|
No. |
Step |
Description |
Reference |
|---|---|---|---|
|
1 |
Create a custom route table. |
If your default route table cannot meet your service requirements, you can create a custom route table. The custom route table associated with a subnet only controls the outbound traffic. The default route table of a subnet controls the inbound traffic. |
|
|
2 |
Add a route. |
You can add a custom route and configure information such as the destination and next hop in the route to determine where network traffic is directed. |
|
|
3 |
Associate the route table with a subnet. |
After a route table is associated with a subnet, the routes in the route table control the routing for the subnet and apply to all cloud resources in the subnet. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
