Help Center/ Virtual Private Cloud/ Help Panel/ Route Tables/ Route Table Usage Guidelines
Updated on 2025-08-06 GMT+08:00

Route Table Usage Guidelines

Route Table Overview

A route table contains a set of routes that are used to control the traffic in and out of your subnets in a VPC. Each subnet must be associated with a route table. A subnet can only be associated with one route table, but you can associate multiple subnets with the same route table. Learn More
Figure 1 Route tables
  • Default route table: When you create a VPC, the system automatically generates a default route table for the VPC. If you create a subnet in the VPC, the subnet is automatically associated with the default route table. The default route table ensures that subnets in a VPC can communicate with each other.
  • Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.

    A custom route table associated with a subnet only affects the outbound traffic. The default route table controls the inbound traffic.

Route Overview

You can add routes to default and custom route tables and configure the destination, next hop type, and next hop in the routes to determine where network traffic is directed. Routes are classified into system routes and custom routes.

  • System routes: Routes that are automatically added by the system. They cannot be modified or deleted. System routes allow instances in a VPC to communicate with each other.
  • Custom routes: Routes that can be modified and deleted. The destination of a custom route cannot overlap with that of a system route.

    You cannot add two routes with the same destination to a VPC route table even if their next hop types are different, because the destination determines the route priority. If this happens, the destination with the closest match is preferentially selected based on the longest prefix match rule.

How Route Tables Work

Each subnet in a VPC must have a route table associated. A subnet can be associated with the default route table or a custom route table.

Figure 2 shows two subnets in VPC-A. They are associated with different route tables to meet different network access requirements.
  • Subnet 1 is associated with the default route table that contains a route pointing to the VPN gateway. This route allows ECSs in subnet 1 to access the on-premises data center through VPN.
  • Subnet 2 is associated with a custom route table that contains a route pointing to the NAT gateway. This route allows ECSs in subnet 2 to access the Internet through the NAT gateway and EIP.
Figure 2 Default and custom route tables of subnets

Route Priority

In a VPC route table, routes are matched in descending order of priority: local route > specific route > EIP route > default route. For details about each type of route, see Table 1.
Table 1 VPC route priorities

No.

Route Type

Description

1

Local route

Local routes are system routes used for communications within a VPC and have the highest priority.

2

Specific route

Excepting local routes, if there are multiple routes that match the request destination, the longest prefix match is used. This means that the route with the longest subnet mask is preferentially used to determine the next hop.

For example, if the destination of traffic entering a VPC is 192.168.1.12/32, the VPC route table has the following routes:

  • Route A with 192.168.0.0/16 as the destination and ECS-A as the next hop
  • Route B with 192.168.1.0/24 as the destination and VPC peering connection as the next hop
  • Route C with 0.0.0.0/0 as the destination and NAT gateway as the next hop

According to the longest prefix match, the request preferentially matches route B and will be forwarded to the VPC peering connection.

3

EIP route

If an ECS in a subnet has an EIP bound, the EIP route takes precedence over the default route (destination: 0.0.0.0/0) in the route table. In this case, the EIP is used to access the Internet.

Example:
  • There is route A with 0.0.0.0/0 as the destination and NAT gateway as the next hop.
  • ECS-A in a VPC subnet has an EIP bound.

In this case, ECS-A will use the EIP to access the Internet instead of the NAT gateway.

4

Default route

The route with the destination 0.0.0.0/0 is the default route, which can match any traffic. According to the longest prefix match, 0.0.0.0/0 has the lowest priority.

Huawei Cloud provides various services to connect VPCs in different scales and scenarios.

Enabling Communications Between VPCs Using a VPC Peering Connection and Routes

As shown in Figure 3, VPC-A and VPC-B in region A are connected by VPC peering connection peering-AB and the routes that point to the peer VPC in the route tables of the two VPCs.
Figure 3 Connecting VPCs in the same region over a VPC peering connection

Enabling Communications Between VPCs Using an Enterprise Router and Routes

As shown in Figure 4, there is an enterprise router in region A with VPCs attached. The system automatically adds routes to point to the enterprise router to each VPC route table, and adds routes to point to each VPC to the enterprise router route table. In this way, the enterprise router can forward traffic across the four VPCs.
Figure 4 Connecting VPCs in the same region using an enterprise router

Enabling ECSs in a VPC to Access the Internet Using a NAT Gateway and Routes

In Figure 5, ECSs in Subnet-A01 of VPC-A in region A need to access the Internet. You need to create a public NAT gateway in Subnet-NAT and configure an SNAT rule for Subnet-A01. The system automatically adds a route pointing to the NAT gateway to the route table of VPC-A. This route forwards ECS traffic to the NAT gateway and then the ECSs can access the Internet using the EIP.
Figure 5 Enabling ECSs in a VPC to access the Internet using a NAT gateway