Help Center/ Enterprise Router/ Service Overview/ Functions
Updated on 2025-10-30 GMT+08:00
View PDF
Share

Functions

This section describes main functions of Enterprise Router. You can check if a certain function is available in a region on the management console.

Enterprise Routers

An enterprise router is a high-performance centralized router that supports route learning. When creating an enterprise router, you can set parameters such as its region, AZ, and name.

After an enterprise router is created, you can still change its parameters based on service requirements.

For more information, see Creating an Enterprise Router.

Attachments

You can attach network instances to the enterprise router.

Network instances are attached to the enterprise router in different ways.
  • VPCs are attached to the enterprise router on the Enterprise Router console.
  • Virtual gateways are attached through the Direct Connect console.
  • VPN gateways are attached through the VPN console.
  • Enterprise routers in other regions are added to a central network on the Cloud Connect console.
  • Global DC gateways are attached through the Direct Connect console.
  • CFW instances are created on the Cloud Firewall console.

For more information, see Attachment Overview.

Route Tables

Route tables are used by enterprise routers to forward packets. Route tables contain associations, propagations, and routes.

An enterprise router can have multiple route tables. You can associate attachments with different route tables to enable communications or isolation between network instances.

For more information, see Route Table Overview.

Associations

Associations are created manually or automatically to associate attachments with enterprise router route tables.
  • Manually: You need to select a route table and create an association in the route table for an attachment.
  • Automatically: You just need to enable Default Route Table Association and specify the default route table. The system automatically creates an association for an attachment in the default route table.

For more information, see Association Overview.

Propagations

A propagation is created manually or automatically to enable an enterprise router to learn the routes to an associated attachment.
  • Manually: You need to select a route table and create a propagation for an attachment in the route table.
  • Automatically: You just need to enable Default Route Table Propagation and specify the default route table. The system automatically creates a propagation in the default route table for an attachment.

For more information, see Propagation Overview.

Routes

A route consists of information such as the destination address, next hop, and route type. There are two types of routes:
  • Propagated routes
  • Static routes

For more information, see Route Overview.

Route Policies

Route policies allow you to filter routes and change route policy values, which changes the paths that network traffic passes through.

A route policy can be applied to the following types of attachments:
  • Virtual gateway attachments
  • Peering connection attachments
  • VPN gateway attachments
  • Global DC gateway attachments

For more information, see Route Policy Overview.

Sharing

Integration with Resource Access Manager (RAM) allows you to share enterprise routers in your accounts with other accounts so that these other users can attach their network instances to your enterprise routers for network connectivity.

After you share your enterprise router with other accounts, these principals can attach their network instances to your enterprise router, so that their network instances can access your enterprise router.

For more information, see Sharing Overview.

Flow Logs

A flow log records traffic of attachments on enterprise routers in real time. These logs allow you to monitor the network traffic of attachments and analyze network attacks, improving the O&M efficiency.

Flow logs can capture traffic of the following types of attachments:
  • A VPC attachment indicates that a VPC is attached to an enterprise router. Flow logs can collect the traffic between the VPC and other attachments of the enterprise router.
  • A virtual gateway attachment indicates that a Direct Connect virtual gateway is attached to an enterprise router. Flow logs can collect the traffic between the on-premises data center and the cloud connected by Direct Connect.
  • A VPN gateway attachment indicates that a VPN gateway is attached to an enterprise router. Flow logs can collect the traffic between the on-premises data center and the cloud connected by VPN.
  • A peering connection attachment indicates that enterprise routers from different regions are connected through a Cloud Connect central network. Flow logs can collect the traffic between different enterprise routers.
  • A global DC gateway attachment indicates that a Direct Connect global DC gateway is attached to an enterprise router. Flow logs can collect the traffic between the on-premises data center and the cloud connected by Direct Connect.

For more information, see Flow Log Overview.