After you create a virtual private cloud (VPC), the system creates a system route table for the VPC and adds system routes to the route table. The system routes are used to route traffic within the VPC. You cannot create or delete system routes. However, you can create custom routes to route traffic from specific CIDR blocks to the specified destination.
Route tables
After you create a VPC, the system creates a system route table to manage routes of the VPC. By default, vSwitches in the VPC use this route table. You cannot create or delete the system route table of a VPC. However, you can disassociate a vSwitch from the system route table and then associate the vSwitch with a custom route table to manage your network in a more flexible way. For more information, see Create a custom route table.
Each entry in a route table is a route entry. A route entry specifies the destination of traffic and consists of the destination CIDR block, next hop type, and next hop. Route entries include system route entries and custom route entries.
- Each VPC supports up to 10 route tables, which include the system route table.
- Each vSwitch can be associated with only one route table. The routing policies of a vSwitch are managed by the route table that is associated with the vSwitch.
- By default, a vSwitch is associated with the system route table after you create the vSwitch.
- If you want to associate the system route table with a vSwitch that is associated with a custom route table, you must disassociate the custom route table from the vSwitch. Before you can associate other route tables with the vSwitch, you must disassociate the current route table from the vSwitch.
- Custom route tables do not support active or standby routes, or load-balancing routes.
Regions that support custom route tables
The following table describes the regions that support custom route tables by default.| District | Region that support custom route tables |
|---|---|
| Asia Pacific | China (Qingdao), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shanghai), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Japan (Tokyo), Singapore (Singapore), Australia (Sydney), Malaysia (Kuala Lumpur), and Indonesia (Jakarta) |
| Europe & Americas | US (Silicon Valley), US (Virginia), Germany (Frankfurt), and UK (London) |
| Middle East & India | India (Mumbai) and UAE (Dubai) |
| District | Region that support custom route tables |
|---|---|
| Asia Pacific | China (Beijing), China (Shanghai), and China (Shenzhen) |
System routes
- A route entry of which destination CIDR block is 100.64.0.0/10. This route is used for communication among cloud resources within the VPC.
- Route entries that have the same destination CIDR blocks as the vSwitches in the VPC. The routes are used for communication among cloud resources within vSwitches.
| Destination CIDR block | Next hop | Route entry type |
|---|---|---|
| 100.64.0.0/10 | - | System route |
| 192.168.1.0/24 | - | System route |
| 192.168.0.0/24 | - | System route |
Custom routes
You can add custom routes to replace system routes or route traffic to a specified destination. You can specify the following types of next hops when you create a custom route:
- Elastic Compute Service (ECS) instance: Traffic that is destined for the destination
CIDR block is routed to a specified ECS instance in the VPC.
You can select this type if you want to access the Internet or other applications through the applications that are deployed in the ECS instance.
- Virtual Private Network (VPN) gateway: Traffic that is destined for the destination
CIDR block is routed to a specified VPN gateway.
You can select this type if you want to connect a VPC to another VPC or a network through the VPN gateway.
- Network Address Translation (NAT) gateway: Traffic that is destined for the destination
CIDR block is routed to a specified NAT gateway.
You can select this type if you want to connect a VPC to the Internet through the NAT gateway.
- Router interface (to VPC): Traffic that is destined for the destination CIDR block
is routed to a specified VPC.
You can select this type if you want to connect two VPCs through Express Connect.
- Router interface (to VBR): Traffic that is destined for the destination CIDR block
is routed to a specified virtual border router (VBR).
You can select this type if you want to connect a VPC to a network through Express Connect.
- Secondary ENI: Traffic that is destined for the destination CIDR block is routed to a specified secondary elastic network interface (ENI).
- IPv6 gateway: Traffic that is destined for the destination CIDR block is routed to
a specified IPv6 gateway.
You can select this type if you want to implement IPv6 communication through an IPv6 gateway.
IPv6 routes
- A custom route entry of which the destination CIDR block is ::/0 and of which the next hop is the IPv6 gateway. Cloud resources that are deployed in the VPC use this route to access the Internet through IPv6 addresses.
- A system route entry of which the destination CIDR block is the IPv6 CIDR block of
a vSwitch. This route is used for communication within the vSwitch.
Note If you create a custom route table and associate the custom route table with a vSwitch for which IPv6 CIDR block is enabled, you must add a custom route entry of which the destination CIDR block is ::/0 and the next hop is the IPv6 gateway instance. For more information, see Add a custom route entry.
Routing rules
If multiple route entries match the destination CIDR block, the route entry with the largest prefix prevails and determines the next hop. This ensures that the traffic is routed to the most precise destination.
| Destination CIDR block | Next hop type | Next hop | Route entry type |
|---|---|---|---|
| 100.64.0.0/10 | - | - | System route |
| 192.168.0.0/24 | - | - | System route |
| 0.0.0.0/0 | Instance | i-12345678 | Custom route |
| 10.0.0.0/24 | Instance | i-87654321 | Custom route |
The route entries that are destined for 100.64.0.0/10 and 192.168.0.0/24 are system route entries. The route entries that are destined for 0.0.0.0/0 and 10.0.0.0/24 are custom route entries. Traffic that is destined for 0.0.0.0/0 is routed to the ECS instance i-12345678, whereas traffic that is destined for 10.0.0.0/24 is routed to the ECS instance i-87654321. Based on the preceding rule, traffic that is destined for 10.0.0.1 is routed to the ECS instance i-87654321, whereas traffic that is destined for 10.0.1.1 is routed to the ECS instance i-12345678.
Limits
| Item | Limit | Adjustable |
|---|---|---|
| Number of vRouters that can be created in each VPC | 1 | N/A |
| Number of route tables that can be created in each VPC | 9 |
Go to the Quota Management page to increase the quota. For more information, see Manage service quotas. |
| Number of custom route entries that can be created in each route table | 48 | |
| VPCs that do not support custom route tables | VPCs that contain ECS instances of the following instance families:
ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. For more information, see VPC advanced features. |
Upgrade or release an Elastic Compute Service (ECS) instance that does not support
advanced network features.
|
| Number of tags that can be added to each route table | 20 |
Routing examples
You can add custom route entries to a route table to control inbound and outbound traffic that is transmitted over the VPC.
- Routes within a VPC
The following figure shows a NAT gateway that is deployed on an ECS instance (ECS 01) in a VPC. To enable the cloud resources in the VPC to access the Internet through the ECS instance, you must add the following route entry to the route table.
Destination CIDR block Next hop type Next hop 0.0.0.0/0 ECS instances ECS01 
- Connect two VPCs through Express Connect
The following figure shows that VPC 1 (172.16.0.0/12) is connected to VPC 2 (192.168.0.0/16) through Express Connect. After you create router interfaces, you must add the following route entries in the VPCs:
- Route entry added to VPC 1
Destination CIDR block Next hop type Next hop 192.168.0.0/16 Router interface (to VPC) VPC2 - Route entry added to VPC 2
Destination CIDR block Next hop type Next hop 172.16.0.0/12 Router interface (to VPC) VPC1 
- Route entry added to VPC 1
- Connect two VPCs through a VPN gateway
The following figure shows that VPC 1 (172.16.0.0/12) is connected to VPC 2 (10.0.0.0/8) through a VPN gateway. After you configure the VPN gateway, you must add the following route entries to the VPCs.
- Route entry added to VPC 1
Destination CIDR block Next hop type Next hop 10.0.0.0/8 VPN gateways VPN gateway 1 - Route entry added to VPC 2
Destination CIDR block Next hop type Next hop 172.16.0.0/12 VPN gateways VPN gateway 2 
- Route entry added to VPC 1
- Connect a VPC to a data center through Express Connect
The following figure shows that a VPC is connected to an on-premises network through Express Connect. After you configure a connection over Express Connect circuit and a virtual border router (VBR), you must add the following route entries:
- Route entry added to VPC
Destination CIDR block Next hop type Next hop 192.168.0.0/16 Router interfaces (general routing) Router interface RI 1 - Route entry added to VBR
Destination CIDR block Next hop type Next hop 192.168.0.0/16 To the Express Connect circuit Router interface RI 3 172.16.0.0/12 To VPC Router interface RI 2 - Route entry added to the network
Destination CIDR block Next hop type Next hop 172.16.0.0/12 - On-premises gateway device 
- Route entry added to VPC
- Connect a VPC to a data center through a VPN gateway
The following figure shows that a VPC (172.16.0.0/12) is connected to a data center (192.168.0.0/16) through a VPN gateway. After you configure the VPN gateway, you must add the following route entry to the VPC.
Destination CIDR block Next hop type Next hop 192.168.0.0/16 VPN gateways The VPN gateway that you created 