All Products
Search
Document Center

Cloud Enterprise Network:CreateCenRouteMap

Last Updated:Oct 22, 2024

Creates a routing policy. A routing policy filters routing information and facilitates network management.

Operation description

Routing policies are sorted by priority. A smaller value indicates a higher priority. Each routing policy is a collection of conditional statements and execution statements. Starting from the routing policy with the highest priority, the system matches routes against the match conditions specified by routing policies. If a route meets all the match conditions of a routing policy, the system permits or denies the route based on the action specified in the routing policy. You can also modify the attributes of permitted routes. By default, the system permits routes that meet none of the match conditions. For more information, see Routing policy overview.

CreateCenRouteMap is an asynchronous operation. After you send a request, the routing policy ID is returned but the operation is still being performed in the system background. You can call DescribeCenRouteMaps to query the status of a routing policy.

  • If a routing policy is in the Creating state, the routing policy is being created. In this case, you can query the routing policy but cannot perform other operations.
  • If a routing policy is in the Active state, the routing policy is created.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
cen:CreateCenRouteMapcreate
  • CenInstance
    acs:cen:*:{#accountId}:ceninstance/{#ceninstanceId}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
CenIdstringYes

The ID of the CEN instance.

cen-7qthudw0ll6jmc****
CenRegionIdstringYes

The ID of the region in which the routing policy is applied.

You can call the DescribeChildInstanceRegions operation to query the most recent region list.

cn-hangzhou
TransmitDirectionstringYes

The direction in which the routing policy is applied. Valid values:

  • RegionIn: Routes are advertised to the gateways in the regions that are connected by the CEN instance.

For example, routes are advertised from network instances deployed in the current region or other regions to the gateway deployed in the current region.

  • RegionOut: Routes are advertised from the gateways in the regions that are connected by the CEN instance.

For example, routes are advertised from the gateway deployed in the current region to network instances deployed in the same region, or to gateways deployed in other regions.

RegionIn
DescriptionstringNo

The description of the routing policy.

This parameter is optional. If you enter a description, it must be 1 to 256 characters in length and cannot start with http:// or https://.

desctest
PriorityintegerYes

The priority of the routing policy. Valid values: 1 to 100. A smaller value indicates a higher priority.

Note You cannot specify the same priority for routing policies that apply in the same region and direction. The system matches routes against the match conditions of routing policies in descending order of priority. A smaller value indicates a higher priority. You must set the priorities to proper values.
3
MapResultstringYes

The action to be performed on a route that meets all the match conditions. Valid values:

  • Permit: the route is permitted.
  • Deny: the route is denied.
Permit
NextPriorityintegerNo

The priority of the routing policy that you want to associate with the current one.

  • This parameter takes effect only when the MapResult parameter is set to Permit. This way, the permitted route is matched against the next routing policy.
  • The region and direction of the routing policy to be associated must be the same as those of the current routing policy.
  • The priority of the next routing policy must be lower than the priority of the current routing policy.
20
CidrMatchModestringNo

The match method that is used to match routes against the prefix list. Valid values:

  • Include: fuzzy match. A route is a match if the route prefix is included in the match conditions.

For example, if you set the match condition to 1.1.0.0/16 and fuzzy match is applied, the route whose prefix is 1.1.1.0/24 meets the match condition.

  • Complete: exact match. A route is a match only if the route prefix is the same as the prefix specified in the match condition.

For example, if you set the match condition to 1.1.0.0/16 and exact match is applied, only the route whose prefix is 1.1.0.0/16 meets the match condition.

Include
AsPathMatchModestringNo

The match method that is used to match routes based on the AS path. Valid values:

  • Include: fuzzy match. A route is a match if the AS path of the route overlaps with the AS path in the match conditions.
  • Complete: exact match. A route is a match only if the AS path of the route matches the AS path in the match conditions.
Include
CommunityMatchModestringNo

The match method that is used to match routes based on the community. Valid values:

  • Include: fuzzy match. A route is a match if the community of the route overlaps with the community in the match conditions.
  • Complete: exact match. A route is a match only if the community of the route matches the community in the match conditions.
Include
CommunityOperateModestringNo

The action to be performed on the community. Valid values:

  • Additive: adds the community to the route.
  • Replace: replaces the original community of the route.

This parameter specifies the action to be performed when a route meets the match condition.

Additive
PreferenceintegerNo

The new priority of the route.

Valid values: 1 to 100. The default priority is 50. A smaller value indicates a higher priority.

This parameter specifies the action to be performed when a route meets the match condition.

50
SourceInstanceIdsReverseMatchbooleanNo

Specifies whether to exclude source instance IDs. Valid values:

  • false (default): A route is a match if the source instance ID is included in the list specified by SourceInstanceIds.N.
  • true: A route is a match if the source network instance ID is not in the list specified by SourceInstanceIds.N.
false
DestinationInstanceIdsReverseMatchbooleanNo

Specifies whether to exclude destination instance IDs. Valid values:

  • false (default): A route is a match if the destination instance ID is included in the list specified by SourceInstanceIds.N.
  • true: A route is a match if the destination network instance ID is not in the list specified by SourceInstanceIds.N.
false
MatchAddressTypestringNo

The type of IP address in the match condition. Valid values:

  • IPv4: IPv4 address
  • IPv6: IPv6 address

This parameter can be empty. If no value is specified, all types of IP address are a match.

IPv4
TransitRouterRouteTableIdstringNo

The ID of the route table of the transit router.

If you do not specify a route table ID, the routing policy is automatically associated with the default route table of the transit router.

vtb-gw8nx3515m1mbd1z1****
SourceInstanceIdsarrayNo

The IDs of the source network instances to which the routes belong. The following network instance types are supported:

  • Virtual private cloud (VPC)
  • Virtual border router (VBR)
  • Cloud Connect Network (CCN) instance
  • Smart Access Gateway (SAG) instance
  • The ID of the IPsec-VPN connection.

You can enter at most 32 IDs.

stringNo

The IDs of the source network instances to which the routes belong. The following network instance types are supported:

  • VPC
  • VBR
  • CCN instance
  • SAG instance
  • The ID of the IPsec-VPN connection.

You can enter at most 32 IDs.

vpc-adeg3544fdf34vf****
DestinationInstanceIdsarrayNo

The IDs of the destination network instances to which the routes belong. The following network instance types are supported:

  • VPC
  • VBR
  • CCN instance
  • SAG instance
  • The ID of the IPsec-VPN connection.

You can enter at most 32 IDs.

Note The destination instance IDs take effect only when Direction is set to Export from Regional Gateway and the destination instances are deployed in the current region.
stringNo

The IDs of the destination network instances to which the routes belong. The following network instance types are supported:

  • VPC
  • VBR
  • CCN instance
  • SAG instance
  • The ID of the IPsec-VPN connection.

You can enter at most 32 IDs.

Note The destination instance IDs take effect only when Direction is set to Export from Regional Gateway and the destination instances are deployed in the current region.
vpc-afrfs434465fdf****
SourceRouteTableIdsarrayNo

The IDs of the source route tables from which routes are evaluated. You can enter at most 32 route table IDs.

stringNo

The IDs of the source route tables from which routes are evaluated. You can enter at most 32 route table IDs.

vtb-adfr233vf34rvd4****
DestinationRouteTableIdsarrayNo

The IDs of the destination route tables to which routes are evaluated. You can enter at most 32 route table IDs.

Note The destination route table IDs take effect only when Direction is set to Export from Regional Gateway and the destination route tables belong to network instances deployed in the current region.
stringNo

The IDs of the destination route tables to which routes are evaluated. You can enter at most 32 route table IDs.

Note The destination route table IDs take effect only when Direction is set to Export from Regional Gateway and the destination route tables belong to network instances deployed in the current region.
vtb-adefrgtr144vf****
SourceRegionIdsarrayNo

The IDs of the source regions from which routes are evaluated. You can enter at most 32 region IDs.

You can call the DescribeChildInstanceRegions operation to query the most recent region list.

stringNo

The IDs of the source regions from which routes are evaluated. You can enter at most 32 region IDs.

You can call the DescribeChildInstanceRegions operation to query the most recent region list.

cn-beijing
SourceChildInstanceTypesarrayNo

The types of source network instance to which the routes belong. The following types of network instances are supported:

  • VPC: VPC

  • VBR: VBR

  • CCN: CCN instance

  • VPN: VPN gateway or IPsec connection

    • If the IPsec-VPN connection or SSL client is associated with a VPN gateway, the VPC associated with the VPN gateway must be connected to a transit router, and the VPN gateway must use BGP dynamic routing. Otherwise, this parameter cannot take effect.
    • This parameter takes effect if the IPsec connection is directly connected to a transit router.

You can specify one or more network instance types.

stringNo

The types of source network instance to which the routes belong. The following types of network instances are supported:

  • VPC: VPC

  • VBR: VBR

  • CCN: CCN instance

  • VPN :VPN gateway or IPsec-VPN connection

    • If the IPsec-VPN connection or SSL client is associated with a VPN gateway, the VPC associated with the VPN gateway must be connected to a transit router, and the VPN gateway must use BGP dynamic routing. Otherwise, this parameter cannot take effect.
    • This parameter takes effect if the IPsec connection is directly connected to a transit router.

You can specify one or more network instance types.

VPC
DestinationChildInstanceTypesarrayNo

The types of destination network instance to which the routes belong. The following types of network instances are supported:

  • VPC: VPC

  • VBR: VBR

  • CCN: CCN instance

  • VPN: IPsec connection

    Note This parameter does not take effect if the IPsec-VPN connection or SSL client is associated with a transit router through a VPN gateway and a VPC. This parameter takes effect only if the IPsec connection is directly connected to the transit router.

You can specify one or more network instance types.

Note The destination network instance types are valid only if the routing policy is applied to scenarios where routes are advertised from the gateway in the current region to network instances in the current region.
stringNo

The types of destination network instance to which the routes belong. The following types of network instances are supported:

  • VPC: VPC

  • VBR: VBR

  • CCN: CCN instance

  • VPN: IPsec connection

    Note This parameter does not take effect if the IPsec-VPN connection or SSL client is associated with a transit router through a VPN gateway and a VPC. This parameter takes effect only if the IPsec connection is directly connected to the transit router.

You can specify one or more network instance types.

Note The destination network instance types are valid only if the routing policy is applied to scenarios where routes are advertised from the gateway in the current region to network instances in the current region.
VPC
DestinationCidrBlocksarrayNo

The prefix list against which routes are matched.

Specify IP addresses in CIDR notations. You can specify at most 32 CIDR blocks.

IPv4 and IPv4 addresses are supported.

stringNo

The prefix list against which routes are matched.

Specify IP addresses in CIDR notations. You can specify at most 32 CIDR blocks.

IPv4 and IPv4 addresses are supported.

10.10.10.0/24
RouteTypesarrayNo

The type of route to be compared. Valid values: The following route types are supported:

  • System: system routes that are automatically generated by the system.
  • Custom: custom routes that are manually added.
  • BGP: routes that are advertised over BGP.

You can specify multiple route types.

stringNo

The type of route to be compared. Valid values: The following route types are supported:

  • System: system routes that are automatically generated by the system.
  • Custom: custom routes that are manually added.
  • BGP: routes that are advertised over BGP.

You can specify multiple route types.

System
MatchAsnsarrayNo

The AS paths based on which routes are compared.

You can specify at most 32 AS numbers.

Note Only the AS-SEQUENCE parameter is supported. The AS-SET, AS-CONFED-SEQUENCE, and AS-CONFED-SET parameters are not supported. In other words, only the AS number list is supported. Sets and sub-lists are not supported.
longNo

The AS paths based on which routes are compared.

You can specify at most 32 AS numbers.

Note Only the AS-SEQUENCE parameter is supported. The AS-SET, AS-CONFED-SEQUENCE, and AS-CONFED-SET parameters are not supported. In other words, only the AS number list is supported. Sets and sub-lists are not supported.
65501
MatchCommunitySetarrayNo

The community set based on which routes are compared.

Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with the RFC 1997 standard. The RFC 8092 standard that defines Border Gateway Protocol (BGP) large communities is not supported.

You can specify at most 32 communities.

Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.
stringNo

The community set based on which routes are compared.

Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with the RFC 1997 standard. The RFC 8092 standard that defines Border Gateway Protocol (BGP) large communities is not supported.

You can specify at most 32 communities.

Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.
65501:1
OperateCommunitySetarrayNo

The community set on which actions are performed.

Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with RFC 1997. The RFC 8092 standard that defines BGP large communities is not supported.

You can specify at most 32 communities.

Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.
stringNo

The community set on which actions are performed.

Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with RFC 1997. The RFC 8092 standard that defines BGP large communities is not supported.

You can specify at most 32 communities.

Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.
65501:1
PrependAsPatharrayNo

The AS paths that are prepended by using an action statement when regional gateways receive or advertise routes.

The AS paths vary based on the direction in which the routing policy is applied:

  • If AS paths are prepended to a routing policy that is applied in the inbound direction, you must specify source network instance IDs and the source region in the match condition. In addition, the source region must be the same as the region where the routing policy is applied.
  • If AS paths are prepended to a routing policy that is applied in the outbound direction, you must specify destination network instance IDs in the match condition.

This parameter specifies the action to be performed when a route meets the match condition. You can specify at most 32 AS numbers.

longNo

The AS paths that are prepended by using an action statement when regional gateways receive or advertise routes.

The AS paths vary based on the direction in which the routing policy is applied:

  • If AS paths are prepended to a routing policy that is applied in the inbound direction, you must specify source network instance IDs and the source region in the match condition. In addition, the source region must be the same as the region where the routing policy is applied.
  • If AS paths are prepended to a routing policy that is applied in the outbound direction, you must specify destination network instance IDs in the match condition.

This parameter specifies the action to be performed when a route meets the match condition. You can specify at most 32 AS numbers.

65501
DestinationRegionIdsarrayNo

The destination region IDs of the route. You can specify at most 32 region IDs.

stringNo

The destination region IDs of the route. You can specify at most 32 region IDs.

cn-beijing

Response parameters

ParameterTypeDescriptionExample
object

The returned result.

RouteMapIdstring

The ID of the routing policy.

cenrmap-w4yf7toozfol3q****
RequestIdstring

The ID of the request.

62172DD5-6BAC-45DF-8D44-56SDF467BAC

Examples

Sample success responses

JSONformat

{
  "RouteMapId": "cenrmap-w4yf7toozfol3q****",
  "RequestId": "62172DD5-6BAC-45DF-8D44-56SDF467BAC"
}

Error codes

HTTP status codeError codeError messageDescription
400Forbidden.CenRouteMapExistThe specified CEN route map ID already exists.The specified CEN route map ID already exists.
400Invid.ParameterWhen using PrependAsPath in the RegionIn, SourceRegionId must be local region Id.-
400InvalidOperation.NoEffictiveActionNo effective action be configured.The error message returned because the specified action is invalid.
400Invid.ParameterWhen using GatewayRegionId, SourceRegionId must not be nullThe error message returned because the GatewayRegionId and SourceRegionId parameters must be set.
400Invid.ParameterWhen using GatewayRegionId, GatewayZoneId must not be nullThe error message returned because the GatewayRegionId and GatewayZoneId parameters must be set.
400Invid.ParameterWhen using GatewayRegionId, SourceRegionId must not be the same with tr region idThe error message returned because the specified gateway region ID (GatewayRegionId) and source region ID (SourceRegionId) cannot be the same.
400Invid.ParameterGatewayRegionId is invalidThe error message returned because the gateway region ID (GatewayRegionId) is invalid.
400Invid.ParameterTransitRouter not exist.The error message returned because the specified transit router does not exist.
400Invid.ParameterSourceInstanceId is invalid.The error message returned because the specified source instance ID (SourceInstanceId) is invalid.
400Invid.ParameterDestinationInstanceId is invalid.The error message returned because the specified destination instance ID (DestinationInstanceId) is invalid.
400IncorrectStatus.TransitRouterInstanceThe status of TransitRouter is incorrect.The error message returned because the transit router is in an invalid state.
400InvalidDescriptionDescription is invalid.The error message returned because the description is invalid.
400IllegalParam.ZoneIdThe specified ZoneId is illegal.The error message returned because the specified zone is invalid.
400InvalidParameterInvalid parameter.The error message returned because the parameter is set to an invalid value.
400UnauthorizedThe AccessKeyId is unauthorized.The error message returned because you do not have the permissions to perform this operation.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-09-18The Error code has changed. The request parameters of the API has changedView Change Details
2024-09-10The Error code has changed. The request parameters of the API has changedView Change Details
2024-09-10The Error code has changed. The request parameters of the API has changedView Change Details
2023-12-13The Error code has changedView Change Details
2022-07-19The Error code has changed. The request parameters of the API has changedView Change Details