This topic provides an overview of the route map function of Cloud Enterprise Networks (CENs). You can use the route map function to filter routes and modify route attributes. By doing so, you can manage the communication between networks attached to a CEN.

Background information

A CEN instance has a regional CEN gateway in each region. The regional CEN gateways allow network instances such as Virtual Private Cloud (VPC) instances, Virtual Border Router (VBR) instances, and Cloud Connect Network (CCN) instances that are attached to the CEN instance to communicate with each other. Routes can be transmitted to network instances in the same region or different regions in the directions of RegionIn (import to regional gateway) and RegionOut (export from regional gateway).Route map

A route map is a set of conditional statements and executable statements. You can configure route maps for different regional gateways in a CEN instance. Each regional gateway can be configured with one or more route maps in the inbound and the outbound directions. The sequence of route maps of each gateway is ordered based on their priorities. When route maps are executed to evaluate a route, the system first checks whether the route matches the conditional statements of the route map with the highest priority. The route map permits or denies routes based on the configured match conditions. If a route is permitted, you can modify its attributes.

Elements of a route map

A route map consists of basic information, match conditions, and policy entries.
Note Policy entries are only supported when the Action Policy is set to Permit.
  • The following table describes the basic information of a route map.
    Element Description
    Route Map Priority The priority of the route map. A lower value indicates a higher priority.

    After configuring a route map with a specific priority value, you cannot set the same priority value for another route map that is applied in the same region and in the same direction. When route maps are executed to evaluate a route, the system first checks whether the route matches the conditional statements of the route map with the highest priority. Therefore, we recommend that you specify an appropriate priority for each route map.

    Description The description of the route map.
    Region The region where the route map is applied.
    Transmit Direction The direction in which the route map is applied.
    • Import to Regional Gateway: The direction in which routes are imported to the regional gateway of the CEN. For example, routes are imported to the regional gateway from an instance in the current region or another region.
    • Export from Regional Gateway: The direction in which routes are exported from the regional gateway of the CEN. For example, routes are exported from the regional gateway of the current region to an instance in the same region, or to the regional gateway in another region.
    Action Policy The action that is performed to a route if the route meets all the match conditions. The following actions are supported:
    • Permit: Permit the route.
    • Deny: Deny the route.
    Associated Priority Optional. The priority of the next route map that is associated with the current route map. Value range: 1 to 100.
    • If Associated Priority is not set, the current route map is not associated with any route map that is ordered next to the current route map.
    • If the value is set to 1, the current route map is associated with the next route map.
    • If the value is set to a number other than 1, the priority of the associated route map must be lower than the priority of the current route map, that is, the value of Associated Priority must be greater than the value of Route Map Priority.

    Only when the Action Policy is set to Permit for the current route map, the routes which match all the match conditions will be evaluated by the associated route map that is configured with a specific priority value.

  • The following table describes the elements of a match condition.
    Element Description
    Source Region Evaluates all routes originated from the specified region.

    Only the source region is supported as a match condition. The destination region cannot be specified as a match condition.

    Source Instance IDs Evaluates all routes originated from the specified instances. You can enter IDs of VPC instances, VBR instances, mainland China CCN instances, and Smart Access Gateway (SAG) instances.

    You can select Exclude Specified IDs when using a list of source instance IDs as a match condition. By doing so, the routes that do not match this condition are permitted, and the ones that match this condition are denied.

    Destination Instance IDs Evaluates all routes advertised to the specified instances. You can enter IDs of VPC instances, VBR instances, CCN instances, and SAG instances.

    You can select Exclude Specified IDs when using a list of destination instance IDs as a match condition. By doing so, the routes that do not match this condition are permitted, and the ones that match this condition are denied.

    Note This match condition is valid only when the Transmit Direction is set to Export from Regional Gateway and the IDs are of the instances in the application region of the route map.
    Source Route Table Evaluates all routes originated from the specified route tables.
    Destination Route Table Evaluates all routes advertised to the specified route tables.
    Note This match condition is valid only when the Transmit Direction is set to Export from Regional Gateway and the IDs are of the route tables in the application region of the route map.
    Source Instance Type Evaluates all routes originated from the specified type of instances. VPC, VBR, and CCN are supported.
    Destination Instance Type Evaluates all routes advertised to the specified type of instances.
    Note This match condition is valid only when the Transmit Direction is set to Export from Regional Gateway and the instance type is the same as the instance type in the application region of the route map.
    Route Type Evaluates the specified types of routes. The following route types are supported:
    • System: The routes generated by the system.
    • Custom: The custom routes that are manually added.
    • BGP: The routes advertised to BGP.
    Route Prefix Evaluates routes by prefix. The following match methods are supported:
    • Fuzzy Match: If the prefix of a route is within the prefix scope set in the match condition, the route matches the condition.

      For example, if the match value is set to 1.1.0.0/16 and the match method is set to Fuzzy Match, the route with the prefix of 1.1.1.0/24 matches the condition.

    • Exact Match: A route matches the condition only when the prefix of the route is the same as the prefix set in the match condition.

      For example, if the match value is set to 1.1.0.0/16 and the match method is set to Exact Match, only the route with the prefix of 1.1.1.0/16 matches the condition.

    AS Path Evaluates routes by AS path. The following match methods are supported:
    • Fuzzy Match: A route matches the condition if the AS path of the route overlaps the AS path set in the match condition.

      For example, if the AS path in the match condition is set to [65001, 65002] and the match method is set to Fuzzy Match, the route with the AS path of [65501, 65001] matches the condition.

    • Exact Match: A route matches the condition only when the AS path of the route is the same as the AS path in the match condition.

      For example, if the AS path in the match condition is set to [65501, 65001, 60011] and the match method is set to Exact Match, only the route with the AS path of [65501, 65001, 60011] matches the condition.

    Note The AS path is a well-known mandatory attribute, which is a list of numbers of the ASs that a BGP route passes through to reach the local router.
    Community Evaluates routes based on their community attribute values. The following match methods are supported:
    • Fuzzy Match: A route matches the condition if the community of the route overlaps the community in the match condition.

      For example, if the community in the match condition is set to [65001:1000, 65002:2000] and the match method is set to Fuzzy Match, the route with the community of [65501:1000, 65001:1000] matches the condition.

    • Exact Match: A route matches the condition only when the community of the route is the same as the community in the match condition.

      For example, if the community in the match condition is set to [65001:65001, 65002:65005, 65003:65001] and the match method is set to Exact Match, only the route with the community of [65001:65001, 65002:65005, 65003:65001] matches the condition.

    Note Community is an optional transitive attribute. You can set different community values for different routes. Downstream routers can use community values to match the target routes.
  • The following table describes the elements of a policy entry.
    Element Description
    Route Preference Set the preference for the permitted routes.
    Community Set the community value. The following settings are supported:
    • Add
    • Replace
    Prepended AS Path An AS path is prepended when the regional gateway receives or advertises a route.
    The requirements for configuring this policy entry vary depending on the application direction of the route map. The requirements are described as follows:
    • If the Transmit Direction of a route map is set to Import to Regional Gateway and you want to configure the AS Path prepending, the match conditions must include the Source Instance IDs and the Source Region. Furthermore, you must specify the same value for Source Region and Region.
    • If the Transmit Direction of a route map is set to Export from Regional Gateway and you want to configure the AS Path prepending, the match conditions must include the Destination Instance IDs.

Evaluation process of route maps

Route maps evaluate routes in the match-action mode. Specifically, actions are performed only after conditions are matched. When route maps evaluate a route, the system first checks whether the route matches the conditional statements of the route map with the highest priority.

  • If the route matches all the match conditions in the route map, the evaluation process is subject to the Action Policy setting of the route map.
    • If the Action Policy is set to Permit, the executable statements in the route map are executed and the route is permitted. By default, the route will not be evaluated by the next route map unless the current route map is configured with an Associated Priority value.
    • If the Action Policy is set to Deny, the route is denied. By default, the route will not be evaluated by the next route map, and the evaluation process ends.
  • If the route fails to match any match condition in the current route map, the route will be evaluated by the next route map.
  • If the route matches all the match conditions in the next route map, the following evaluation process is subject to the Action Policy setting of the route map.
    • If the Action Policy is set to Permit, the executable statements in the route map are executed and the route is permitted. By default, the route will not be evaluated by the next route map unless the current route map is configured with an Associated Priority value.
    • If the Action Policy is set to Deny, the route is denied. By default, the route will not be evaluated by the next route map, and the evaluation process ends.
  • If the route fails to match any match condition in the current route map, the route will be evaluated by the next route map. And the evaluation process resumes.
  • If as the evaluation continues, the route still fails to match any match condition in the last route map, the route is permitted.
Evaluation process of route maps

Limits

The following table describes the limits that apply to route maps:
Item Limit Quota increase supported?
Number of route maps that can be created in the Import to Regional Gateway direction for a regional gateway 100 No.
Number of route maps that can be created in the Export from Regional Gateway direction for a regional gateway 100 No.

Scenarios

Route maps can be used in the following scenarios:
  • Control the communication between two VPCs, or between a VPC and a VBR or a CCN
    By default, a VPC can communicate with Virtual Border Routers (VBRs), Cloud Connect Networks (CCNs) and other VPCs that are attached to the same CEN instance. However, you may need to block the communication between two VPCs, or between a VPC and a VBR or a CCN in some cases, as shown in the following figure.Control the communication between two VPCs, or between a VPC and a VBR or a CCN

    You can use the route map function to block the communication between VPC1 and VPC2 while maintaining the communication between VPC1 and CCN1 or VBR1, or between VPC2 and CCN1 or VBR1.

  • Control the communication between two VBRs, or between a VBR and a VPC or a CCN
    By default, a VBR cannot communicate with CCNs or other VBRs that are attached to the same CEN instance. However, you may need to enable the communication between two VBRs or between a VBR and a CCN in some cases, as shown in the following figure.Control the communication between two VBRs, or between a VBR and a VPC or a CCN

    You can use the route map function to enable the communication between VBR1 and VBR2 while blocking the communication between VBR1 and CCN1 and between VBR2 and CCN1.

  • Control the communication between two CCNs, or between a CCN and a VPC or a VBR
    By default, a CCN cannot communicate with VBRs or other CCNs that are attached to the same CEN instance. However, you may need to enable the communication between two CCNs or between a VBR and a CCN in some cases, as shown in the following figure.Control the communication between two CCNs, or between a CCN and a VPC or a VBR

    You can use the route map function to enable the communication between CCN1 and CCN2 while blocking the communication between VBR1 and CCN1 and between VBR1 and CCN2.

References

Add a route map

Modify a route map

Delete a route map

Route map API actions