All Products
Search
Document Center

Cloud Enterprise Network:ModifyCenRouteMap

Last Updated:Jan 19, 2024

Modifies a routing policy of a Cloud Enterprise Network (CEN) instance.

Operation description

ModifyCenRouteMap is an asynchronous operation. After you send a request, the system returns a request ID and runs the task in the background. You can call the DescribeCenRouteMaps operation to query the status of a routing policy.

  • Modifying: indicates that the system is modifying the routing policy. You can only query the routing policy, but cannot perform other operations.
  • Active: indicates that the routing policy is modified.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
cen:ModifyCenRouteMapWRITE
  • CenInstance
    acs:cen:*:{#accountId}:ceninstance/{#ceninstanceId}
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
CenIdstringYes

The ID of the CEN instance.

cen-7qthudw0ll6jmc****
CenRegionIdstringYes

The ID of the region in which the routing policy is applied.

You can call the DescribeChildInstanceRegions operation to query the most recent region list.

cn-hangzhou
RouteMapIdstringYes

The ID of the routing policy.

cenrmap-abcdedfghij****
DescriptionstringNo

The description of the routing policy.

The description cannot start with http:// or https://. It must start with a letter and can contain letters, digits, hyphens (-), periods (.), and underscores (_).

desctest
MapResultstringYes

The action to be performed on a route that meets all match conditions. Valid values:

  • Permit: the route is permitted.
  • Deny: the route is denied.
Permit
NextPriorityintegerNo

The priority of the routing policy that you want to associate with the current one.

  • This parameter takes effect only when the MapResult parameter is set to Permit. This way, the permitted route is matched against the next routing policy.
  • The region and direction of the routing policy to be associated must be the same as those of the current routing policy.
  • The priority of the routing policy to be associated must be lower than the priority of the current routing policy.
20
CidrMatchModestringNo

The match method that is used to match routes against the prefix list. Valid values:

  • Include: fuzzy match. A route is a match if the route prefix is included in the match conditions.

    For example, if you set the match condition to 10.10.0.0/16 and fuzzy match is enabled, the route whose prefix is 10.10.1.0/24 is a match.

  • Complete: exact match. A route is a match only if the route prefix is the same as the prefix specified in the match condition.

    For example, if you set the match condition to 10.10.0.0/16 and exact match is enabled, a route is a match only if the prefix is 10.10.0.0/16.

Include
AsPathMatchModestringNo

The match method that is used to match routes against the AS paths. Valid values:

  • Include: fuzzy match. A route meets the match condition if the AS path of the route overlaps with the AS paths specified in the match condition.
  • Complete: exact match. A route is a match only if the AS path of the route is the same as an AS path specified in the match condition.
Include
CommunityMatchModestringNo

The match method that is sed to match routes based on the community. Valid values:

  • Include: fuzzy match. A route meets the match condition if the community of the route overlaps with the community specified in the match condition.
  • Complete: exact match. A route meets the match condition only if the community of the route is the same as the community specified in the match condition.
Include
CommunityOperateModestringNo

The action that is performed on the community. Valid values:

  • Additive: adds the community to the route.
  • Replace: replaces the original community of the route.

This parameter specifies the action to be performed when a route meets the match condition.

Additive
PreferenceintegerNo

The new priority of the route.

Valid values: 1 to 100. The default priority is 50. A smaller value indicates a higher priority.

This parameter specifies the action to be performed when a route meets the match condition.

22
PriorityintegerYes

The priority of the routing policy. Valid values: 1 to 100. A smaller value indicates a higher priority.

Note You cannot specify the same priority for routing policies that apply in the same region and direction. The system matches routes against the match conditions of routing policies in descending order of priority. A smaller value indicates a higher priority. You must set the priorities to proper values.
10
SourceInstanceIdsReverseMatchbooleanNo

Specifies whether to exclude the source network instance IDs. Valid values:

  • false (default value): A route is a match if its source network instance ID is in the list specified by SourceInstanceIds.N.
  • true: A route is a match if its source network instance ID is not in the list specified by SourceInstanceIds.N.
false
DestinationInstanceIdsReverseMatchbooleanNo

Specifies whether to exclude the destination network instance IDs. Valid values:

  • false (default value): A route is a match if its destination network instance ID is in the list specified by DestinationInstanceIds.N.
  • true: A route meets the match condition if its destination network instance ID is not in the list specified by DestinationInstanceIds.N.
false
MatchAddressTypestringNo

The type of IP address in the match condition. Valid values:

  • IPv4: IPv4 address
  • IPv6: IPv6 address

This parameter can be empty. If no value is specified, all types of IP address are a match.

IPv4
SourceInstanceIdsarrayNo

The IDs of the source network instances to which the routes belong. The following network instance types are supported:

  • Virtual private cloud (VPC)
  • Virtual border router (VBR)
  • Cloud Connect Network (CCN) instance
  • Smart Access Gateway (SAG) instance
  • The ID of the IPsec-VPN connection.

You can enter at most 32 IDs.

stringNo

The IDs of the source network instances to which the routes belong. The following network instance types are supported:

  • VPC
  • VBR
  • CCN instance
  • SAG instance
  • The ID of the IPsec-VPN connection.

You can enter at most 32 IDs.

vpc-afsfdf5435vcvc****
DestinationInstanceIdsarrayNo

The IDs of the destination network instances to which the routes belong. The following network instance types are supported:

  • VPC
  • VBR
  • CCN instance
  • SAG instance
  • The ID of the IPsec-VPN connection.

You can enter at most 32 IDs.

Note The destination instance IDs take effect only when Direction is set to Export from Regional Gateway and the destination instances are deployed in the current region.
stringNo

The IDs of the destination network instances to which the routes belong. The following network instance types are supported:

  • VPC
  • VBR
  • CCN instance
  • SAG instance
  • The ID of the IPsec-VPN connection.

You can enter at most 32 IDs.

Note The destination instance IDs take effect only when Direction is set to Export from Regional Gateway and the destination instances are deployed in the current region.
vpc-avcdsg34ds****
SourceRouteTableIdsarrayNo

The IDs of the source route tables to which the routes belong. You can enter at most 32 route table IDs.

stringNo

The IDs of the source route tables to which the routes belong. You can enter at most 32 route table IDs.

vtb-acdbvtbr342cd****
DestinationRouteTableIdsarrayNo

The IDs of the destination route tables to which the routes belong. You can enter at most 32 route table IDs.

Note The destination route table IDs take effect only when Direction is set to Export from Regional Gateway and the destination route tables belong to network instances deployed in the current region.
stringNo

The IDs of the destination route tables to which the routes belong. You can enter at most 32 route table IDs.

Note The destination route table IDs take effect only when Direction is set to Export from Regional Gateway and the destination route tables belong to network instances deployed in the current region.
vtb-adfg53c322v****
SourceRegionIdsarrayNo

The IDs of the source regions to which the routes belong. You can enter at most 32 region IDs.

You can call the DescribeChildInstanceRegions operation to query the most recent region list.

stringNo

The IDs of the source regions to which the routes belong. You can enter at most 32 region IDs.

You can call the DescribeChildInstanceRegions operation to query the most recent region list.

cn-beijing
SourceChildInstanceTypesarrayNo

The types of source network instance to which the routes belong. The following types of network instances are supported:

  • VPC: VPC

  • VBR: VBR

  • CCN: CCN instance

  • VPN :VPN gateway or IPsec-VPN connection

    • If the IPsec-VPN connection or SSL client is associated with a VPN gateway, the VPC associated with the VPN gateway must be connected to a transit router, and the VPN gateway must use Border Gateway Protocol (BGP) dynamic routing. Otherwise, this parameter cannot take effect.
    • This parameter takes effect if the IPsec connection is directly connected to a transit router.
stringNo

The types of source network instance to which the routes belong. The following types of network instances are supported:

  • VPC: VPC

  • VBR: VBR

  • CCN: CCN instance

  • VPN :VPN gateway or IPsec-VPN connection

    • If the IPsec-VPN connection or SSL client is associated with a VPN gateway, the VPC associated with the VPN gateway must be connected to a transit router, and the VPN gateway must use BGP dynamic routing. Otherwise, this parameter cannot take effect.
    • This parameter takes effect if the IPsec connection is directly connected to a transit router.
VPC
DestinationChildInstanceTypesarrayNo

The types of destination network instance to which the routes belong. The following types of network instances are supported:

  • VPC: VPC

  • VBR: VBR

  • CCN: CCN instance

  • VPN: IPsec connection

    Note This parameter does not take effect if the IPsec-VPN connection or SSL client is associated with a transit router through a VPN gateway and a VPC. This parameter takes effect only if the IPsec connection is directly connected to the transit router.

The destination network instance types are valid only if the routing policy is applied to scenarios where routes are advertised from the gateway in the current region to network instances in the current region.

stringNo

The types of destination network instance to which the routes belong. The following types of network instance are supported:

  • VPC: VPC

  • VBR: VBR

  • CCN: CCN instance

  • VPN: IPsec connection

    Note This parameter does not take effect if the IPsec-VPN connection or SSL client is associated with a transit router through a VPN gateway and a VPC.** This parameter takes effect only if the IPsec connection is directly connected to the transit router.

The destination network instance types are valid only if the routing policy is applied to scenarios where routes are advertised from the gateway in the current region to network instances in the current region.

VPC
DestinationCidrBlocksarrayNo

The prefix list against which routes are matched.

You must specify the IP addresses in CIDR notation. You can enter at most 32 CIDR blocks.

stringNo

The prefix list against which routes are matched.

You must specify the IP addresses in CIDR notation. You can enter at most 32 CIDR blocks.

10.10.10.0/24
RouteTypesarrayNo

The type of route to be matched against the match condition. The following route types are supported:

  • System: system routes that are automatically generated by the system.
  • Custom: custom routes that are manually added.
  • BGP: routes that are advertised over BGP.
stringNo

The type of route to be matched against the match condition. The following route types are supported:

  • System: system routes that are automatically generated by the system.
  • Custom: custom routes that are manually added.
  • BGP: routes that are advertised over BGP.
System
MatchAsnsarrayNo

The AS paths against which routes are matched.

Note Only the AS-SEQUENCE parameter is supported. The AS-SET, AS-CONFED-SEQUENCE, and AS-CONFED-SET parameters are not supported. In other words, only the AS number list is supported. Sets and sub-lists are not supported.
integerNo

The AS paths against which routes are matched.

Note Only the AS-SEQUENCE parameter is supported. The AS-SET, AS-CONFED-SEQUENCE, and AS-CONFED-SET parameters are not supported. In other words, only the AS number list is supported. Sets and sub-lists are not supported.
65501
MatchCommunitySetarrayNo

The community against which routes are matched.

Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with the RFC 1997 standard. The RFC 8092 standard that defines BGP large communities is not supported.

You can specify at most 32 communities.

Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.
stringNo

The community against which routes are matched.

Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with the RFC 1997 standard. The RFC 8092 standard that defines BGP large communities is not supported.

You can specify at most 32 communities.

Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.
65501:1
OperateCommunitySetarrayNo

The community set on which actions are performed.

Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with RFC 1997. The RFC 8092 standard that defines BGP large communities is not supported.

You can specify at most 32 communities.

Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.
stringNo

The community set on which actions are performed.

Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with RFC 1997. The RFC 8092 standard that defines BGP large communities is not supported.

You can specify at most 32 communities.

Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.
65501:1
PrependAsPatharrayNo

The AS paths that are prepended by using an action statement when regional gateways receive or advertise routes.

The AS paths vary based on the direction in which the routing policy is applied:

  • If AS paths are prepended to a routing policy that is applied in the inbound direction, you must specify source network instance IDs and the source region in the match condition. In addition, the source region must be the same as the region where the routing policy is applied.
  • If AS paths are prepended to a routing policy that is applied in the outbound direction, you must specify destination network instance IDs in the match condition.

This parameter specifies the action to be performed when a route meets the match condition.

longNo

The AS paths that are prepended by using an action statement when regional gateways receive or advertise routes.

The AS paths vary based on the direction in which the routing policy is applied:

  • If AS paths are prepended to a routing policy that is applied in the inbound direction, you must specify source network instance IDs and the source region in the match condition. In addition, the source region must be the same as the region where the routing policy is applied.
  • If AS paths are prepended to a routing policy that is applied in the outbound direction, you must specify destination network instance IDs in the match condition.

This parameter specifies the action to be performed when a route meets the match condition.

65501

Response parameters

ParameterTypeDescriptionExample
object

The response.

RequestIdstring

The ID of the request.

54B48E3D-DF70-471B-AA93-08E683A1B457

Examples

Sample success responses

JSONformat

{
  "RequestId": "54B48E3D-DF70-471B-AA93-08E683A1B457\t"
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidOperation.NoEffictiveActionNo effective action be configured.The error message returned because the specified action is invalid.
400InvalidOperation.CenRouteMapExistOperation is invalid because an route map config exist.The error message returned because this operation is not supported when a routing policy exists.
400Invid.ParameterWhen using GatewayRegionId, SourceRegionId must not be nullThe error message returned because the GatewayRegionId and SourceRegionId parameters must be set.
400Invid.ParameterWhen using GatewayRegionId, GatewayZoneId must not be nullThe error message returned because the GatewayRegionId and GatewayZoneId parameters must be set.
400Invid.ParameterWhen using GatewayRegionId, SourceRegionId must not be the same with tr region idThe error message returned because the specified gateway region ID (GatewayRegionId) and source region ID (SourceRegionId) cannot be the same.
400Invid.ParameterGatewayRegionId is invalidThe error message returned because the gateway region ID (GatewayRegionId) is invalid.
400InvalidNameName is invalid.The error message returned because the specified name is invalid.
400InvalidDescriptionDescription is invalid.The error message returned because the description is invalid.
400InvalidParameterInvalid parameter.The error message returned because the parameter is set to an invalid value.
400UnauthorizedThe AccessKeyId is unauthorized.The error message returned because you do not have the permissions to perform this operation.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-12-13The Error code has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    Error Codes 400 change
2022-07-19The Error code has changed. The request parameters of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: MatchAddressType