All Products
Search
Document Center

Cloud Enterprise Network:ResolveAndRouteServiceInCen

Last Updated:Mar 01, 2024

Connects an on-premises network to a cloud service.

Operation description

Cloud services refer to Alibaba Cloud services that use the 100.64.0.0/10 CIDR block to provide services. These cloud services include Object Storage Service (OSS), Simple Log Service, and Data Transmission Service (DTS). If your on-premises network needs to access a cloud service, you must attach the virtual border router (VBR) or Cloud Connect Network (CCN) instance that is connected to your on-premises network to a Cloud Enterprise Network (CEN) instance. In addition, you must attach a virtual private cloud (VPC) that is deployed in the same region as the cloud service to the CEN instance. This way, your on-premises network can connect to the VPC that is deployed in the same region as the cloud service and access the cloud service through the VPC.

  • You can call this operation only for a Basic Edition transit router. An on-premises network associated with a VBR can use CEN to access only a cloud service that is deployed in the same region.

    For example, if cloud services are deployed in the China (Beijing) region, only on-premises networks connected to VBRs in the China (Beijing) region can access the cloud services.

  • ResolveAndRouteServiceInCen is an asynchronous operation. After a request is sent, the system returns a request ID and runs the task in the background. You can call DescribeRouteServicesInCen to query the status of a cloud service.

    • If a cloud service is in the Creating state, the connection to the cloud service is being created. In this case, you can query the cloud service but cannot perform other operations.
    • If a cloud service is in the Active state, the connection to the cloud service is created.
    • If a cloud service is in the Failed state, the connection to the cloud service failed.

Prerequisites

Before you call this operation, make sure that the following conditions are met:

  • The VBR or CCN instance to which your on-premises network is connected is attached to a CEN instance.
  • A VPC that is deployed in the same region as the cloud service is attached to the CEN instance. For more information, see AttachCenChildInstance .

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
cen:ResolveAndRouteServiceInCenWrite
  • CenInstance
    acs:cen:*:{#accountId}:ceninstance/{#ceninstanceId}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
ClientTokenstringNo

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.

Note If you do not set this parameter, ClientToken is set to the value of RequestId. The value of RequestId for each API request may be different.
02fb3da4****
CenIdstringYes

The ID of the CEN instance.

cen-ckwa2hhmuislse****
HoststringYes

The IP addresses or CIDR blocks of the cloud service.

Note In most cases, multiple IP addresses or CIDR blocks are assigned to a cloud service. We recommend that you call this operation multiple times to add all IP addresses and CIDR blocks of the cloud service.
100.118.28.0/24
HostRegionIdstringYes

The ID of the region in which the cloud service is deployed.

cn-hangzhou
HostVpcIdstringYes

The ID of the VPC that is associated with the cloud service.

vpc-o6woh5s494zueq40v****
DescriptionstringNo

The description of the cloud service.

This parameter is optional. If you enter a description, it must be 1 to 256 characters in length and cannot start with http:// or https://.

descname
AccessRegionIdsarrayYes

The IDs of the regions where the cloud service is accessed.

stringYes

The ID of the region where the cloud service is accessed.

You can call the DescribeChildInstanceRegions operation to query the most recent region list.

cn-hangzhou

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The ID of the request.

C0245BEF-52AC-44A8-A776-EF96FD26A5CA

Examples

Sample success responses

JSONformat

{
  "RequestId": "C0245BEF-52AC-44A8-A776-EF96FD26A5CA"
}

Error codes

HTTP status codeError codeError messageDescription
400ParameterIllegal.Ipv6CloudRouteCidrNotAllowParameter Host not in valid ipv6 cidr.The error message returned because the specified cloud service routes do not support IPv6.
400ParameterIllegal.AccessRegionIdParameter Access RegionId illegal.The error message returned because the specified access region ID (AccessRegionId) is invalid.
400ParameterIllegal.CloudRouteHostParameter Host is not valid.The error message returned because the specified cloud route host (CloudRouteHost) is invalid.
400ParameterIllegal.ClouteRouteNotSupportIpv6Parameter Host not support IPv6The error message returned because the specified cloud service routes do not support IPv6.
400ParameterIllegal.ClouteRouteCidrNotAllowParameter Host not in 100.64.0.0/10The error message returned because the specified cloud service CIDR block is invalid.
400CloudRoute.ExistThe Specified Cloud Route already ExistsThe error message returned because the cloud service route already exists.
400ParameterIllegal.Host Parameter Host does not support domain.-
400CloudRoute.ConflictThe Specified Cloud Route Conflicts.The error message returned because the routes of the cloud services conflict with each other.
400CloudRoute.VpcNotAttachedThe Specified Vpc instance is not attached to CEN. The error message returned because the specified VPC is not associated with a CEN instance.
400OperationUnsupported.TransitRouterTypeThe specified TransitRouterType does not support the operation.The error message returned because this operation is not supported by the specified type of transit router.
400ParameterIllegal.AccessRegionIdNoCCNParameter Access RegionId illegal.The error message returned because the specified access region ID (AccessRegionId) is invalid.
400InvalidParameterInvalid parameter.The error message returned because the parameter is set to an invalid value.
400UnauthorizedThe AccessKeyId is unauthorized.The error message returned because you do not have the permissions to perform this operation.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2022-12-22The Error code has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    Error Codes 400 change