Build a routing instance

Routing Tables and Routing Entries

When you create a VPC, the system automatically creates a router and a routing table for the VPC.

Each entry in the routing table is a routing entry. The routing entry specifies the destination of network traffic and consists of three parts: the target network segment, the next hop type, and the next hop. Routing entries include system routes and custom routes.

You cannot directly delete the VPC's router or routing table, but you can add custom routing entries in the routing table to forward traffic. When a VPC is deleted, the associated routers and routing tables are also deleted.

System routing

You cannot create nor delete system routes. When creating a VPC, the system will automatically add a system route with a target network segment of 100.64.0.0/10 for cloud product communication within the VPC. In addition, Alibaba Cloud will automatically add a system route to the switch with the switch network segment as the target network segment.

For example, if you create a VPC with network segment 192.168.0.0/16, and create two switches with network segments 192.168.1.0/24 and 192.168.0.0/24 under the VPC, then the VPC There are three system routes in the routing table of the network:

target network segment	next hop type	Types of
100.64.0.0/10	-	system
192.168.1.0/24	-	system
192.168.0.0/24	-	system

custom routing

You can add custom routes as needed. For different functions, the VPC provides the following next-hop types of routes:

ECS instance: Forwards traffic directed to the target network segment to an ECS instance in the VPC.

This type of route is configured when the application deployed on the ECS instance needs to access the Internet or other applications.
VPN Gateway: Forwards traffic directed to the target network segment to a VPN gateway.

Configure this type of route when you need to connect to the local network or other private network through a VPN gateway.
VPC: In the future, the traffic directed to the target network segment will be forwarded to a VPC.

Configure this type of routing when you need to connect two private networks using Expressway.
Border router: Forwards traffic directed to the target network segment to a border router.

This type of routing needs to be configured only when high-speed channels are required to connect to the local network (physical dedicated line access).

routing rules

The routing table adopts the longest prefix matching principle as the routing rule for traffic. Longest prefix matching means that when there are multiple entries in the routing table that can match the destination IP, the route with the longest (most accurate) mask is used as the matching item and the next hop is determined.

The routing table of a VPC is shown in the following table.

target network segment	next hop type	Next hop	Routing entry type
100.64.0.0/10			system
192.168.0.0/24			system
0.0.0.0/0	Instance	i-12345678	customize
10.0.0.0/24	Instance	i-87654321	customize

The two routes whose destination network segment is 100.64.0.0/10and 192.168.0.0/24are system routing entries. The former is an address segment reserved by the system, and the latter is a system routing entry configured for the switch in the VPC.

The two routes with the destination network segment 0.0.0.0/0and 10.0.0.0/24are custom routes, which means that 0.0.0.0/0the traffic of the access address segment is forwarded to i-12345678the ECS instance with the ID, 10.0.0.0/24and the traffic of the access address segment is forwarded to the ECS instance of the ID i-87654321. 10.0.0.1In this private network, incoming traffic is forwarded to i-87654321and incoming traffic is forwarded to , 10.0.1.1according to the longest prefix match rule i-12345678.

Routing example

VPC intranet routing

As shown in the figure below, when you build a NAT gateway or bind an elastic public IP to an ECS instance (ECS01) in the VPC, and you need cloud resources in the VPC to access the public network through the ECS instance, You can add the following custom route:

target network segment next hop type Next hop

0.0.0.0/0 ECS instance ECS01
VPC interconnection

As shown in the figure below, when using Express Lane to connect two VPCs (VPC1 172.16.0.0/12 and VPC2 192.168.0.0/16), after creating the two interconnected router interfaces, you also need to separate Add the following route:
- Routing configuration for VPC1
  
  target network segment next hop type Next hop
  
  192.168.0.0/16 Router interface (VPC direction) VPC2
- Routing configuration for VPC2
  
  target network segment next hop type Next hop
  
  172.16.0.0/12 Router interface (VPC direction) VPC1
  
  As shown in the figure below, when using a VPN gateway to connect two VPCs (VPC1 172.16.0.0/12 and VPC2 10.0.0.0/8), after configuring the VPN gateway, you need to add the following routes to the VPC:
- Routing configuration for VPC1
  
  target network segment next hop type Next hop
  
  10.0.0.0/8 VPN gateway VPN Gateway 1
- Routing configuration for VPC2
  
  target network segment next hop type Next hop
  
  172.16.0.0/12 VPN gateway VPN Gateway 2

target network segment	next hop type	Next hop
0.0.0.0/0	ECS instance	ECS01

target network segment	next hop type	Next hop
192.168.0.0/16	Router interface (VPC direction)	VPC2

target network segment	next hop type	Next hop
172.16.0.0/12	Router interface (VPC direction)	VPC1

target network segment	next hop type	Next hop
10.0.0.0/8	VPN gateway	VPN Gateway 1

target network segment	next hop type	Next hop
172.16.0.0/12	VPN gateway	VPN Gateway 2

connect to local network

As shown in the figure below, when using a high-speed channel physical leased line to connect the VPC and the local network, after configuring the leased line and the border router, you need to configure the following routes:

Routing configuration on the VPC side

target network segment next hop type Next hop

192.168.0.0/16 Router interface (normal route) RI1

target network segment	next hop type	Next hop
192.168.0.0/16	Router interface (normal route)	RI1

Route configuration for border routers

target network segment	next hop type	Next hop
192.168.0.0/16	Point to the dedicated line	RI3
172.16.0.0/12	Point to VPC	RI2

Routing configuration for the local network

target network segment next hop type Next hop

172.16.0.0/12 — local gateway device

As shown in the figure below, when using the VPN gateway to connect the VPC (network segment: 172.16.0.0/12) and the local network (network segment: 192.168.0.0/16), after configuring the VPN gateway, you need to add the following route in the VPC :

target network segment next hop type Next hop

192.168.0.0/16 VPN gateway Created VPN Gateway

target network segment	next hop type	Next hop
172.16.0.0/12	—	local gateway device

target network segment	next hop type	Next hop
192.168.0.0/16	VPN gateway	Created VPN Gateway

Add custom route entry

Log in to the VPC management console .
In the left navigation bar, click Routing Table.
Select the region of the VPC to which the route table belongs, and click the ID link of the target route table.
Click Add Route Entry.

In the pop-up dialog box, configure the routing entry:

configure	illustrate
target network segment	Enter the target network segment.
next hop type	Select the next hop type: ECS instance: Route traffic with a destination address within the target network segment to the selected ECS instance. It is applicable to scenarios where specified network access is routed to ECS instances for unified traffic forwarding and management. For example, an ECS instance is configured as a public network gateway to manage other ECS instances accessing the public network. VPN Gateway: Route traffic with a destination address within the target network segment to the selected VPN gateway. Applicable to scenarios where a VPN gateway is used to connect to a VPC or an on-premises data center. Router interface (VPC direction): Route traffic with a destination address within the target network segment to the selected VPC. Applicable to scenarios where high-speed tunnels are used to connect to VPCs. Router interface (boundary router direction): Route traffic whose destination address is within the range of the destination network segment to the router interface associated with the border router. Applicable to scenarios where high-speed channels are used to connect local data centers. You also need to choose how to route: Normal Route: Select an associated router interface. Active and standby routes: The active and standby routes only support two instances as the next hop. The next hop weight of the main route is 100, and the next hop weight of the backup route is 0. When the health check of the primary route fails, the backup route takes effect. Load routing: For load balancing routing, 2-4 instances need to be selected as the next hop, and the peer router type of the router interface instance used as the next hop must be a border router. The valid range of the corresponding weight for each instance is an integer from 1 to 255. The default value is 100. The system will share the traffic proportionally according to the configured weight.

configure

illustrate

target network segment

Enter the target network segment.

next hop type

Select the next hop type:

ECS instance: Route traffic with a destination address within the target network segment to the selected ECS instance.

It is applicable to scenarios where specified network access is routed to ECS instances for unified traffic forwarding and management. For example, an ECS instance is configured as a public network gateway to manage other ECS instances accessing the public network.
VPN Gateway: Route traffic with a destination address within the target network segment to the selected VPN gateway.

Applicable to scenarios where a VPN gateway is used to connect to a VPC or an on-premises data center.
Router interface (VPC direction): Route traffic with a destination address within the target network segment to the selected VPC.

Applicable to scenarios where high-speed tunnels are used to connect to VPCs.
Router interface (boundary router direction): Route traffic whose destination address is within the range of the destination network segment to the router interface associated with the border router.
Applicable to scenarios where high-speed channels are used to connect local data centers.

You also need to choose how to route:
- Normal Route: Select an associated router interface.
- Active and standby routes: The active and standby routes only support two instances as the next hop. The next hop weight of the main route is 100, and the next hop weight of the backup route is 0. When the health check of the primary route fails, the backup route takes effect.
- Load routing: For load balancing routing, 2-4 instances need to be selected as the next hop, and the peer router type of the router interface instance used as the next hop must be a border router. The valid range of the corresponding weight for each instance is an integer from 1 to 255. The default value is 100. The system will share the traffic proportionally according to the configured weight.