This topic provides an overview of route tables and all associated system routes. After a VPC is created, the system automatically creates a default route table and adds system routes to the route table for traffic management. You cannot create or delete system routes. However, you can create custom routes to direct traffic to the destination CIDR block.
Route tables
After a VPC is created, the system creates a default route table to control routes of the VPC. All VSwitches in the VPC use the route table by default. You cannot create or delete the default route table. However, you can create a custom route table and associate it with a VSwitch to control the routes of the corresponding subnet. For more information, see Create a custom route table.
Each item in a route table is a route entry. A route entry specifies the destination of traffic and consists of the destination CIDR block, the next hop type, and the next hop. Route entries include system route entries and custom route entries.
- Each VPC can contain up to 10 route tables, which include the system route table.
- Each VSwitch can be associated with only one route table. The routes of a VSwitch (subnet) are managed by the associated route table.
- After a VSwitch is created, it is associated with the system route table by default.
- To change a custom route table associated with a VSwitch to a system route table, you only need to disassociate the custom route table from the VSwitch. To associate the VSwitch with another route table, you need to disassociate the current route table from the VSwitch and then associate the VSwitch with the target custom route table.
- All regions except China (Beijing), China (Shenzhen), and China (Hangzhou) support custom route tables.
- Custom route tables do not support active/standby routes and load balancing routes.
System routes
- The route entry whose destination CIDR block is 100.64.0.0/10. This route is used for communication among cloud resources in the VPC.
- The route entry whose destination CIDR block is the CIDR block of the VSwitch. This route is used for communication among cloud resources in the VSwitch.
| Destination CIDR block | Next hop | Type |
|---|---|---|
| 100.64.0.0/10 | - | System route |
| 192.168.1.0/24 | - | System route |
| 192.168.0.0/24 | - | System route |
Custom routes
You can add custom routes to replace system routes or route traffic to a specified destination. You can specify the following next hop types when you create a custom route entry:
- ECS instance: Traffic pointing to the destination CIDR block is forwarded to an ECS
instance in the VPC.
You need to select this type if you want to access the Internet or other applications through the applications deployed on the ECS instance.
- VPN Gateway: Traffic pointing to the destination CIDR block is forwarded to a VPN
Gateway.
You need to select this type if you want to connect to another VPC or an on-premises data center through VPN Gateway.
- NAT Gateway: Traffic pointing to the destination CIDR block is forwarded to a NAT
Gateway.
You need to select this type if you want to connect to the Internet through the NAT gateway.
- Router Interface (To VPC): Traffic pointing to the destination CIDR block is forwarded
to a VPC.
You need to select this type if you want to connect two VPCs through Express Connect.
- Router Interface (To VBR): Traffic pointing to the destination CIDR block is forwarded
to a VBR.
You need to select this type if you want to connect a VPC to an on-premises data center through Express Connect (physical connection access).
- Secondary ENI: Traffic pointing to the destination CIDR block is forwarded to a secondary ENI.
- IPv6 Gateway: Traffic pointing to the destination CIDR block is forwarded to an IPv6
Gateway.
You need to select this type if you want to implement IPv6 communication through an IPv6 Gateway.
IPv6 routes
- The custom route entry whose destination CIDR block is ::/0 and whose next hop is the IPv6 Gateway. This route is used by the cloud resources in a VPC to communicate with the Internet through IPv6 addresses.
- The system route entry whose destination CIDR block is the IPv6 CIDR block of the
VSwitch. This route is used for communication within a VSwitch.
Note If you have created a custom route table and associated it with a VSwitch whose IPv6 CIDR block is enabled, you must add a custom route entry whose destination CIDR block is ::/0 and the next hop is the IPv6 Gateway instance. For more information, see Add a custom route entry.
Routing rules
The longest prefix match is used to route traffic if more than one route entries match the destination CIDR block. The route entry with the longest subnet mask (the most specific route) is used.
| Destination CIDR block | Next hop type | Next hop | Route entry type |
|---|---|---|---|
| 100.64.0.0/10 | - | - | System route |
| 192.168.0.0/24 | - | - | System route |
| 0.0.0.0/0 | Instance | i-12345678 | Custom route |
| 10.0.0.0/24 | Instance | i-87654321 | Custom route |
The route entries destined for the 100.64.0.0/10 and 192.168.0.0/24 CIDR blocks are system route entries. The route entries destined for the 0.0.0.0/0 and 10.0.0.0/24 CIDR blocks are custom route entries. Traffic destined for 0.0.0.0/0 is forwarded to the ECS instance i-12345678, and traffic destined for 10.0.0.0/24 is forwarded to the ECS instance i-87654321. According to the longest prefix match algorithm, traffic destined for 10.0.0.1 is forwarded to the ECS instance i-87654321, and traffic destined for 10.0.1.1 is forwarded to the ECS instance i-12345678.
Routing examples
You can add custom route entries to the route table to control traffic.
- Routing within a VPC
As shown in the following figure, a NAT Gateway is deployed on an ECS instance (ECS01) in a VPC. To enable cloud resources in the VPC to access the Internet through this ECS instance, you can add the following route entry to the route table.
Destination CIDR block Next hop type Next hop 0.0.0.0/0 Ecs instance ECS01 
- Connect two VPCs through Express Connect
As shown in the following figure, when you use Express Connect to connect VPC1 (172.16.0.0/12) and VPC2 (192.168.0.0/16), you must add a route entry in both VPCs after you create route interfaces.
- Route entry added to VPC1
Destination CIDR block Next hop type Next hop 192.168.0.0/16 Router interface (To VPC) VPC2 - Route entry added to VPC2
Destination CIDR block Next hop type Next hop 172.16.0.0/12 Router interface (To VPC) VPC1 
- Route entry added to VPC1
- Connect two VPCs through a VPN Gateway
As shown in the following figure, when you use a VPN Gateway to connect VPC1 (172.16.0.0/12) and VPC2 (10.0.0.0/8), you must add a route entry in both VPCs after you configure the VPN Gateway.
- Route entry added to VPC1
Destination CIDR block Next hop type Next hop 10.0.0.0/8 VPN Gateway VPN Gateway 1 - Route entry added to VPC 2
Destination CIDR block Next hop type Next hop 172.16.0.0/12 VPN Gateway VPN Gateway 2 
- Route entry added to VPC1
- Connect a VPC to an on-premises data center through Express Connect
As shown in the following figure, when you use Express Connect to connect a VPC to an on-premises data center, you must add the following route entries after you configure the leased line and the VBR.
- Route entry added to VPC
Destination CIDR block Next hop type Next hop 192.168.0.0/16 Router interface (general routing) Router interface (RI1) - Route entry added to VBR
Destination CIDR block Next hop type Next hop 192.168.0.0/16 To leased line Router interface (RI3) 172.16.0.0/12 To VPC Router interface (RI2) - Route entry added to the on-premises data center
Destination CIDR block Next hop type Next hop 172.16.0.0/12 - Local gateway device 
- Route entry added to VPC
- Connect a VPC to an on-premises data center through a VPN Gateway
As shown in the following figure, when you use a VPN Gateway to connect a VPC (172.16.0.0/12) to an on-premises data center (192.168.0.0/16), you must add the following route entry to the VPC.
Destination CIDR block Next hop type Next hop 192.168.0.0/16 VPN Gateway The created VPN Gateway 