The topic describes how to use route maps to stop the communication between a VPC and a CIDR block in Cloud Enterprise Network (CEN).

Prerequisites

Before you add a route map, make sure that the following conditions are met:

Background information

VPCs can communicate with the CIDR blocks of VPCs, Virtual Border Routers (VBRs), and Cloud Connect Networks (CCNs) that are attached to the same CEN instance by default. However, you may need to stop a VPC from communicating with a certain CIDR block of a VPC, VBR, or CCN. Stop the communication between a VPC and a CIDR block in CEN

As shown in the preceding figure, a VPC and a VBR are attached to CEN. The VBR learns the routes pointing to CIDR block 1 and CIDR block 2 of the on-premises data center through BGP. By default, the VPC can communicate with CIDR block 1 and CIDR block 2 of the on-premises data center, too. If you want to stop the VPC from communicating with CIDR block 1, you can use route maps. By using route maps, you can stop the VPC from communicating with CIDR block 1 while the VPC can still communicate with CIDR block 2.

Step 1: Set a route map to deny the route of CIDR block 1

To set a route map to deny the route of CIDR block 1, follow these steps:

  1. Log on to the CEN console.
  2. In the left-side navigation pane, click Instances.
  3. On the Instances page, find the target CEN instance and click Manage in the Actions column.
  4. On the CEN page, click the Route Maps tab and then click Add Route Map.
  5. On the Add Route Map page, configure the route map according to the following information and then click OK.
    • Route Map Priority: Enter the priority of the route map. A smaller number represents a higher priority. In this example, enter 20.
    • Region: Select the region to which the route map is applied. In this example, select China (Hangzhou).
    • Transmit Direction: Select the direction in which the route map is applied. In this example, select Import to Regional Gateway.
    • Match Conditions: Set the match conditions of the route map. In this example, add two match conditions:
      • Source Instance IDs: Enter the instance ID of the VBR.
      • Route Prefix: Enter 192.168.0.0/24. Select Exact Match as the matching method.
    • Action Policy: Select the action that is performed to a route if the route matches all the matching conditions. In this example, select Deny.
    After you add the route map, you can see that the route pointing to CIDR block 1, 192.168.0.0/24, is deleted from the VPC on the Routes tab.

Step 2: Test the network connectivity

To test the network connectivity between the VPC and CIDR block 1 of the on-premises data center, follow these steps:

  1. Log on to an ECS instance in the VPC.
  2. Use the ping command to ping the IP address of CIDR block 1.
    The output shows that the ECS instance in the VPC cannot access the IP address of CIDR block 1. ECS1 to ECS2

To test the network connectivity between the VPC and CIDR block 2 of the on-premises data center, follow these steps:

  1. Log on to the ECS instance in the VPC.
  2. Use the ping command to ping the IP address of CIDR block 2.
    The output shows that the ECS instance in the VPC can access the IP address of CIDR block 2. ECS2 to ECS3