Route table overview - Route tables| Alibaba Cloud Documentation Center

Route tables

After you create a VPC network, the system creates a system route table to manage routes of the VPC. By default, VSwitches in the VPC use this route table. You cannot create or delete the system route table. However, you can unbind the system route table from VSwitches, create a custom route table in your VPC network, and then bind the custom route table to VSwitches to manage the routes of the subnets. For more information, see Create a custom route table.

Each item in a route table is a route entry. A route entry specifies the destination of traffic and consists of the destination CIDR block, next hop type, and next hop. Route entries include system route entries and custom route entries.

You must be aware of the following notes when you manage route tables

Each VPC network supports up to 10 route tables, including system route tables.
Each VSwitch can be bound to only one route table. The routing policies of the subnets attached to a VSwitch are managed by the route table that is bound to the VSwitch.
After you create a VSwitch, it is bound to the system route table.
For a VSwitch that is already bound to a custom route table, it is automatically bound to the system route table after you unbind the custom route table. To bind a VSwitch to another custom route table, unbind the current route table and then bind the required custom route table to the VSwitch.
All regions support custom route tables, except China (Beijing), China (Shenzhen), and China (Hangzhou).
Custom route tables do not support active or standby routes, or load balancing routes.

System routes

After you create a VPC, the system automatically adds the following system routes to the route table:

The route entry whose destination CIDR block is 100.64.0.0/10. This route is used for communication among cloud resources over the VPC network.
The route entry whose destination CIDR block is the CIDR block of the VSwitch. This route is used for communication among cloud resources in the VSwitch.

For example, if you create a VPC whose CIDR block is 192.168.0.0/16 and two VSwitches whose CIDR blocks are 192.168.1.0/24 and 192.168.0.0/24, three system routes are automatically added to the route table of the VPC. The following table describes these system routes.


Destination CIDR block	Next hop	Type
100.64.0.0/10	-	System routes
192.168.1.0/24	-	System routes
192.168.0.0/24	-	System routes

Custom routes

You can add custom routes to replace system routes or route traffic to a specified destination. You can specify the following next hop types when you create a custom route entry:

Elastic Compute Service (ECS) instance: Traffic destined for the destination CIDR block is forwarded to an ECS instance in the VPC.
You can select this type if you want to access the Internet or other applications through the applications deployed on the ECS instance.
VPN gateway: Traffic destined for the destination CIDR block is forwarded to a VPN gateway.
You can select this type if you want to connect to another VPC or a data center through a VPN gateway.
NAT gateway: Traffic destined for the destination CIDR block is forwarded to a NAT gateway.
You can select this type if you want to connect to the Internet through the NAT gateway.
Router interface (To VPC): Traffic destined for the destination CIDR block is forwarded to a VPC.
You can select this type if you want to connect two VPCs through Express Connect.
Router interface (To VBR): Traffic destined for the destination CIDR block is forwarded to a Virtual Border Router (VBR).
You can select this type if you want to connect a VPC to a data center through Express Connect.
Secondary ENI: Traffic destined for the destination CIDR block is forwarded to a specified secondary Elastic Network Interface (ENI).
IPv6 gateway: Traffic destined for the destination CIDR block is forwarded to an IPv6 gateway.
You can select this type if you want to implement IPv6 communication through an IPv6 gateway.

IPv6 routes

If IPv6 is enabled for your VPC, the following route entries are automatically added to the system route table of the VPC:

A custom route entry whose destination CIDR block is ::/0 and whose next hop is the IPv6 gateway. Cloud resources deployed in the VPC network use this route to access the Internet through IPv6 addresses.
A system route entry whose destination CIDR block is the IPv6 CIDR block of a VSwitch. This route is used for communication within the VSwitch.

Note If you create a custom route table and bind the custom route table to a VSwitch whose IPv6 CIDR block is enabled, you must add a custom route entry whose destination CIDR block is ::/0 and the next hop is the IPv6 gateway instance. For more information, see Add a custom route entry.

Routing rules

Longest prefix match is used to route traffic if more than one route entry matches the destination CIDR block. If a destination address matches more than one entry in the route table, the VSwitch uses the algorithm to select the entry with the longest subnet mask and determine the next hop. The longest subnet mask indicates the most precise route.

The following table describes a route table of a VPC.


Destination CIDR block	Next hop type	Next hop	Route entry type
100.64.0.0/10	-	-	System route
192.168.0.0/24	-	-	System route
0.0.0.0/0	Instance	i-12345678	Custom route
10.0.0.0/24	Instance	i-87654321	Custom route

The route entries destined for the 100.64.0.0/10 and 192.168.0.0/24 CIDR blocks are system route entries. The route entries destined for the 0.0.0.0/0 and 10.0.0.0/24 CIDR blocks are custom route entries. Traffic destined for 0.0.0.0/0 is forwarded to the ECS instance i-12345678, and traffic destined for 10.0.0.0/24 is forwarded to the ECS instance i-87654321. Based on longest prefix match, traffic destined for 10.0.0.1 is forwarded to the ECS instance i-87654321, and traffic destined for 10.0.1.1 is forwarded to the ECS instance i-12345678.

Limits


Item	Limit	Quota increase supported
The maximum number of VRouters that can be created in a VPC	1	No.
The maximum number of route tables that can be created in a VPC	10	Submit a ticket.
The maximum number of custom route entries that can be created in a route table	48	Submit a ticket.
Regions that support custom route tables	Custom route tables are applicable in all regions except China (Beijing), China (Shenzhen), and China (Hangzhou).	No.
VPCs that do not support custom route tables	VPCs that are associated with ECS instances of the following instance families: ecs.c1, ecs.c2, ecs.c4, ecs.ce4, ecs.cm4, ecs.d1, ecs.e3, ecs.e4, ecs.ga1, ecs.gn4, ecs.gn5, ecs.i1, ecs.m1, ecs.m2, ecs.mn4, ecs.n1, ecs.n2, ecs.n4, ecs.s1, ecs.s2, ecs.s3, ecs.se1, ecs.sn1, ecs.sn2, ecs.t1, and ecs.xn4. For more information, see VPC advanced features overview.	Upgrade or release an Elastic Compute Service (ECS) instance that does not support advanced network features. For more information, see Upgrade configurations of subscription instances and Change the instance type of a pay-as-you-go instance. For more information, see Release an instance. Note If your VPC network is associated with instances of the specified instance families and uses a custom route table, you must upgrade or release the instance. Otherwise, the custom route table cannot work as expected.

Routing examples

You can add custom route entries to the route table to control inbound and outbound traffic in a VPC.

Routing within a VPC

As shown in the following figure, a NAT gateway is deployed on an ECS instance (ECS01) in a VPC. To enable cloud resources in the VPC to access the Internet through this ECS instance, you can add the following route entry to the route table.


Destination CIDR block	Next hop type	Next hop
0.0.0.0/0	ECS instance	ECS01

Connect two VPCs through Express Connect

As shown in the following figure, VPC1 (172.16.0.0/12) is connected to VPC2 (192.168.0.0/16) through Express Connect. You must add a route entry in both VPC networks after you create router interfaces.

Route entry added to VPC1


Destination CIDR block	Next hop type	Next hop
192.168.0.0/16	Router interface (to VPC)	VPC2

Route entry added to VPC2


Destination CIDR block	Next hop type	Next hop
172.16.0.0/12	Router interface (to VPC)	VPC1

Connect two VPCs through Express Connect

Connect two VPCs through a VPN gateway

As shown in the following figure, VPC1 (172.16.0.0/12) is connected to VPC2 (10.0.0.0/8) through a VPN gateway. You must add a route entry in both VPC networks after you configure the VPN gateway.

Route entry added to VPC1


Destination CIDR block	Next hop type	Next hop
10.0.0.0/8	VPN gateway	VPN gateway 1

Route entry added to VPC2


Destination CIDR block	Next hop type	Next hop
172.16.0.0/12	VPN gateway	VPN gateway 2

Connect a VPC to a data center through Express Connect

As shown in the following figure, a VPC network is connected to a data center through Express Connect. You must add the following route entries after you configure a physical connection and a VBR:

Route entry added to VPC


Destination CIDR block	Next hop type	Next hop
192.168.0.0/16	Router interface (general routing)	Router interface RI1

Route entry added to VBR


Destination CIDR block	Next hop type	Next hop
192.168.0.0/16	To the physical connection	Router interface RI3
172.16.0.0/12	To VPC	Router interface RI2

Route entry added to the data center


Destination CIDR block	Next hop type	Next hop
172.16.0.0/12	-	A specified local gateway device

Connect a VPC to a data center through Express Connect

Connect a VPC to a data center through a VPN gateway

As shown in the following figure, when you use a VPN gateway to connect a VPC (172.16.0.0/12) to a data center (192.168.0.0/16), you must add the following route entry to the VPC.


Destination CIDR block	Next hop type	Next hop
192.168.0.0/16	VPN gateway	A specified VPN gateway

Connect a VPC to a data center through a VPN gateway