All Products
Search
Document Center

Cloud Enterprise Network:CreateTransitRouterCidr

Last Updated:Oct 22, 2024

Creates a custom CIDR block for a transit router. Custom CIDR blocks of a transit router are similar to the CIDR blocks of the loopback interface of a router.

Operation description

You can specify a CIDR block for a transit router. The CIDR block works in a similar way as the CIDR block of the loopback interface on a router. IP addresses within the CIDR block can be assigned to IPsec-VPN connections. For more information, see Transit router CIDR blocks.

The CreateTransitRouterCidr operation can be used to create a CIDR block only after you create a transit router.

The CIDR block must meet the following requirements:

  • Only Enterprise Edition transit routers support custom CIDR blocks.

  • For more information, see Limits in transit router CIDR blocks.

  • Each transit router supports at most five CIDR blocks. The subnet mask of a CIDR block must be 16 bits to 24 bits in length.

  • The following CIDR blocks and their subnets are not supported: 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, and 169.254.0.0/16.

  • The CIDR block cannot overlap with the CIDR blocks of the network instances that communicate with each other by using the CEN instance.

  • On the same CEN instance, each transit router CIDR block must be unique.

  • When you create the first VPN connection after you add a CIDR block for a transit router, three CIDR blocks within the CIDR block are reserved. An IP address is allocated from the remaining CIDR blocks to the IPsec-VPN connection.

    You can call the ListTransitRouterCidrAllocation operation to query reserved CIDR blocks and IP addresses allocated to network connections.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
cen:CreateTransitRouterCidrcreate
  • TransitRouter
    acs:cen:*:{#accountId}:centransitrouter/{#centransitrouterId}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
ClientTokenstringNo

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.

Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
123e4567-e89b-12d3-a456-426****
TransitRouterIdstringYes

The ID of the transit router.

tr-p0w3x8c9em72a40nw****
RegionIdstringYes

The ID of the region to which the transfer router belongs.

You can call the DescribeChildInstanceRegions operation to query the most recent region list.

cn-hangzhou
NamestringNo

The name of the transit router CIDR block.

The name must be 1 to 128 characters in length, and cannot start with http:// or https://. You can also leave this parameter empty.

nametest
DescriptionstringNo

The description of the transit router CIDR block.

The description must be 1 to 256 characters in length, and cannot start with http:// or https://. You can also leave this parameter empty.

desctest
DryRunbooleanNo

Specifies whether to perform a dry run. Valid values:

  • true: performs a dry run. The system checks the required parameters, request syntax, and limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the DryRunOperation error code is returned.
  • false (default): performs a dry run and sends the request.
false
CidrstringYes

The CIDR block of the transit router.

192.168.10.0/24
PublishCidrRoutebooleanNo

Specifies whether to allow the system to automatically add a route that points to the CIDR block to the route table of the transit router.

  • true (default)

    If you set the value to true, after you create a VPN attachment on a private VPN gateway and enable route learning for the VPN attachment, the system automatically adds the following route to the route table of the transit router that is in route learning relationship with the VPN attachment:

    A blackhole route whose destination CIDR block is the transit router CIDR block, which refers to the CIDR block from which gateway IP addresses are allocated to the IPsec-VPN connection. The blackhole route is advertised only to the route tables of virtual border routers (VBRs) connected to the transit router.

  • false

true

Response parameters

ParameterTypeDescriptionExample
object

The response.

TransitRouterCidrIdstring

The ID of the CIDR block.

cidr-0zv0q9crqpntzz****
RequestIdstring

The ID of the request.

0876E54E-3E36-5C31-89F0-9EE8A9266F9A

Examples

Sample success responses

JSONformat

{
  "TransitRouterCidrId": "cidr-0zv0q9crqpntzz****",
  "RequestId": "0876E54E-3E36-5C31-89F0-9EE8A9266F9A"
}

Error codes

HTTP status codeError codeError messageDescription
400OverLappingExist.CidrThe cidr overlapping exist.The error message returned because CIDR overlapping is already enabled.
400OperationUnsupported.TransitRouterCidrTransit region does not support the operation.The error message returned because this operation is not supported in the specified region.
400IllegalParam.CidrThe specified cidr is invalid.The error message returned because the specified CIDR block is invalid.
400IllegalParam.RegionIdThe specified RegionId is illegal.The error message returned because the specified region is invalid.
400InstanceNotExistThe instance is not exist.The error message returned because the specified instance does not exist.
400InvalidParameterInvalid parameter.The error message returned because the parameter is set to an invalid value.
400UnauthorizedThe AccessKeyId is unauthorized.The error message returned because you do not have the permissions to perform this operation.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-07-26The Error code has changedView Change Details
2024-01-18The Error code has changedView Change Details
2023-03-09The Error code has changedView Change Details