Cloud Enterprise Network (CEN) supports route maps. You can configure route maps to filter and modify routes. This allows you to manage network communication in the cloud.

Features

A CEN instance creates a transit router in each region. You can use a transit router to connect network instances to network instances deployed in the same region or other regions. This way, the network instances can communicate with each other. A transit router supports route tables and route maps within a region. You can filter routes by associating route maps with a route table of a transit router. Route maps are used to filter routes in the inbound and outbound directions. Filtered routes are advertised by transit routers in each region to network instances deployed in the same region or other regions.

Transit routers provide the Basic edition and Enterprise edition. A Basic Edition transit router has only a default route table. An Enterprise Edition transit router has a default route table and allows you to create custom route tables. After you create a route map, it is associated with the default route table of a Basic Edition or Enterprise Edition transit router. You cannot associate a route map with a custom route table of an Enterprise Edition transit router. For more information about Basic Edition and Enterprise Edition transit routers, see Transit routers.

Route maps

Each route map is a collection of conditional statements and action statements. You can configure route maps for a transit router in each region. Route maps can be applied in the outbound and inbound directions. Route maps are sorted by priority. A smaller value indicates a higher priority. The system filters routes based route maps in descending order of route map priority. If a route meets a condition in a route map, the system allows or denies the route based on the action policy that you set. You can modify the attributes of allowed routes.

Components of a route map

A route map consists of basic information, match conditions, and policy entries.
Note You can set a policy entry and associated priority only if you set Action Policy to Allow.
  • The following table describes the basic information about a route map.
    Parameter Description
    Route Map Priority The priority of the route map. A lower priority value indicates a higher priority. Valid values: 1 to 100.

    Each priority of the route maps applied in the same region and direction must be unique. The system filters routes based on route maps starting from the route map with the lowest priority value. Therefore, set appropriate priority values to sort the route maps in the desired order.

    Description The description of the route map.
    Region The region where the route map is applied.
    Transmit Direction The direction in which the route map is applied.
    • Import to Regional Gateway: Routes are advertised to transit routers deployed in the current region. For example, routes are advertised from network instances deployed in the current region or other regions to transit routers deployed in the current region.
    • Export from Regional Gateway: Routes are advertised from transit routers deployed in the current region. For example, routes are advertised from transit routers deployed in the current region to network instances deployed in the current region or transit routers deployed in other regions.
    Action Policy The action to be performed on a route that meets the match conditions. The following actions are supported:
    • Allow: allows the matched route.
    • Deny: denies the matched route.
    Associated Priority Optional. The priority value of the next route map that is associated with the current route map. Valid values: 1 to 100.
    • If Associated Priority is not set, the current route map is not associated with another route map.
    • If the value is set to 1, the current route map is associated with the next route map.
    • If the Associated Priority is set to a value other than 1, the value must be greater than the priority value that you set for the current route map. This means that the priority of the associated route map must be lower than that of the current route map.
    Note You can set Associated Priority only if you select Allow for Action Policy. The system further filters only the matched routes based on the route maps that are associated with priorities.
  • The following table describes the match conditions.
    Match condition Description
    Source Region The system matches all routes that are advertised from the specified region.

    The system only evaluates whether the source regions of the routes meet the specified condition. The destination regions of the routes are not evaluated.

    Source Instance IDs The system matches the routes that are advertised from specified network instance IDs. You can specify IDs of the following network instance types: Virtual Private Cloud (VPC), Cloud Connect Network (CCN), and Smart Access Gateway (SAG).

    You can select Exclude Specified IDs to specify network instance IDs that you want to exclude. If the routes are not advertised from the specified IDs, the routes meet the condition. Otherwise, the routes fail to meet the condition.

    Destination Instance IDs The system matches the routes that are advertised to specified network instance IDs. You can specify IDs of the following network instance types: VPC, CCN, and SAG.

    You can select Exclude Specified IDs to specify network instance IDs that you want to exclude. If the routes are not advertised to the specified IDs, the routes meet the condition. Otherwise, the routes fail to meet the condition.

    Note This match condition is valid only when you set Transmit Direction to Export from Regional Gateway and the destination network instance is deployed in the current region.
    Destination Route Table The system matches all routes that are advertised to the specified route table.
    Note This match condition is valid only when you set Transmit Direction to Export from Regional Gateway and the destination route table is deployed in the current region.
    Source Instance Type The system matches all routes that are advertised from the specified network instance type. You can specify VPC, VBR, or CCN.
    Destination Instance Type The system matches all routes that are advertised from the specified network instance type. You can specify VPC, VBR, or CCN.
    Note This match condition is valid only when you set Transmit Direction to Export from Regional Gateway and the destination network instance is deployed in the current region.
    Route Type The system matches routes of the specified type. The following route types are supported:
    • System: routes created by the system.
    • Custom: routes manually added by the user.
    • BGP: routes advertised to BGP.
    Route Prefix The system filters routes based on the route prefix. The following match methods are supported:
    • Fuzzy Match: If the route prefix of a route falls within the specified prefix, the route meets the match condition.

      For example, if you set the match condition to 1.1.0.0/16 and fuzzy match is applied, the route whose route prefix is 1.1.1.0/24 meets the match condition.

    • Exact Match: A route meets the match condition only when the route prefix of the route is the same as that specified in the match condition.

      For example, if you set the match condition to 1.1.0.0/16 and exact match is applied, only the route whose route prefix is 1.1.0.0/16 meets the match condition.

    AS Path The system filters routes based on the specified autonomous system (AS) path. The following match methods are supported:
    • Fuzzy Match: A route meets the match condition if the AS path of the route overlaps with that specified in the match condition.

      For example, if you set the match condition to [65001,65002] and fuzzy match is applied, the route whose AS path is [65501,65001] meets the match condition.

    • Exact Match: A route meets the match condition only if the AS path of the route is the same as that specified in the match condition.

      For example, if you set the match condition to [65501,65001,60011] and exact match is applied, only the route whose AS path is [65501,65001,60011] meets the match condition.

    Note AS path is a mandatory attribute, which describes the AS numbers that a BGP route passes through when it is advertised.
    Community The system filters routes based on the community. The following match methods are supported:
    • Fuzzy Match: A route meets the match condition if the community of the route overlaps with that specified in the match condition.

      For example, if you set the match condition to [65001:1000,65002:2000] and fuzzy match is applied, the route whose community is [65501:1000,65001:1000] meets the match condition.

    • Exact Match: A route meets the match condition only if the community of the route is the same as that specified in the match condition.

      For example, if you set the match condition to [65001:65001,65002:65005,65003:65001] and exact match is applied, only the route whose community is [65001:65001,65002:65005,65003:65001] meets the match condition.

    Note Community is an optional transitive attribute. You can specify a specific community value for a specific route. Downstream routers can filter routes based on the specified community value when route maps are implemented.
  • The following table describes the parameters of a policy entry.
    Parameter Description
    Preference The priority of the route to be allowed.

    Valid values: 1 to 100. Default value: 50. A smaller value indicates a higher priority.

    Community The community value. The following methods are supported:
    • Add.
    • Replace.
    Appended AS Path The AS path that is appended when the transit router receives or advertises a route.
    For route maps that are applied in different directions, the requirements for AS paths to be appended are different:
    • If Transmit Direction is set to Import to Regional Gateway, you must specify source instance IDs and the source region in the match condition. In addition, the source region must be the same as the region where the route map is applied.
    • If Transmit Direction is set to Export from Regional Gateway, you must specify destination instance IDs in the match condition.

Matching process

When a route map is implemented, the system first filters routes based on match conditions specified in route maps. Actions are performed after all match conditions are met. The system filters routes based on route maps in descending order of route map priority.

  • If a route meets all the match conditions in a route map, the specified action is performed on the route.
    • If Action Policy is set to Allow: The system allows the route. By default, the system does not compare a matched route with another route map. However, if associated priority is set to another route map, the system compares the route with the route map. If associated priority is not set, the matching process ends.
    • If Action Policy is set to Deny: The system denies the route. By default, the system stops comparing the matched route with another route map and the matching process ends.
  • If a route does not meet a match condition specified in a route map, the current matching process ends and the system compares the route with the next route map.
  • If the route meets all the match conditions specified in the next route map, the action specified in the route map is performed on the route.
    • If Action Policy is set to Allow: The system allows the route. By default, the system does not match a matched route with another route map. However, if associated priority is set to another route map, the system continues to compare the route with the route map. If associated priority is not set, the matching process ends.
    • If Action Policy is set to Deny: The system denies the route. By default, the system stops comparing a matched route with another route map and the matching process ends.
  • If a route does not meet a match condition specified in the next route map, the current matching process ends and the system compares the route with the next route map. The preceding processes are repeated until the system compares the route with the last route map.
  • If the route does not meet a match condition specified in the last route map, the system allows the route.
Matching process

Scenarios

You can use route maps in the following scenarios:
  • You want to manage the communication between a VPC and another VPC, VBR, and CCN instance.
    By default, a VPC attached to a CEN instance can communicate with another VPC, VBR, and CCN instance attached to the same CEN instance. However, you may want to disable the communication in some scenarios as shown in the following figure.Scenario 1

    You can use route maps to disable the communication between VPC 1 and VPC 2, while maintaining the communication between VPC 1 and CCN 1, VPC 1 and VBR 1, VPC 2 and CCN 1, and between VPC 2 and VBR 1.

  • You want to manage the communication between a VBR and another VPC, VBR, and CCN instance.
    By default, a VBR attached to a CEN instance cannot communicate with another VBR or CCN instance attached to the same CEN instance. However, you may want to establish the communication in certain scenarios as shown in the following figure.Scenario 2

    You can use route maps to establish the communication between VBR 1 and VBR 2. However, VBR 1 cannot communicate with CCN 1 and VBR 2 cannot communicate with CCN 1.

  • You want to manage the communication between a CCN instance and another VPC, VBR, and CCN instance.
    By default, a CCN instance attached to a CEN instance cannot communicate with another VBR or CCN instance attached to the same CEN instance. However, you may want to establish the communication in some scenarios, as shown in the following figure.Scenario 3

    You can use route maps to establish communication between CCN 1 and CCN 2. However, CCN 1 cannot communicate with VBR 1 and CCN 2 cannot communicate with VBR 1.

References

Add a route map

Modify a route map

Delete a route map

Route map API