ModifyCenRouteMap - Cloud Enterprise Network - Alibaba Cloud Documentation Center

Modifies a routing policy of a Cloud Enterprise Network (CEN) instance.

Operation description

ModifyCenRouteMap is an asynchronous operation. After you send a request, the system returns a request ID and runs the task in the background. You can call the DescribeCenRouteMaps operation to query the status of a routing policy.

Modifying: indicates that the system is modifying the routing policy. You can only query the routing policy, but cannot perform other operations.
Active: indicates that the routing policy is modified.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that support authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

cen:ModifyCenRouteMap

update

*CenInstance

acs:cen:*:{#accountId}:ceninstance/{#ceninstanceId}

None

Request parameters

Parameter	Type	Required	Description	Example
CenId	string	Yes	The ID of the CEN instance.	cen-7qthudw0ll6jmc****
CenRegionId	string	Yes	The ID of the region in which the routing policy is applied. You can call the DescribeChildInstanceRegions operation to query the most recent region list.	cn-hangzhou
RouteMapId	string	Yes	The ID of the routing policy.	cenrmap-abcdedfghij****
Description	string	No	The description of the routing policy. This parameter is optional. If you enter a description, it must be 1 to 256 characters in length and cannot start with http:// or https://.	desctest
MapResult	string	Yes	The action to be performed on a route that meets all the match conditions. Valid values: Permit: the route is permitted. Deny: the route is denied.	Permit
NextPriority	integer	No	The priority of the routing policy that you want to associate with the current one. This parameter takes effect only when the MapResult parameter is set to Permit. This way, the permitted route is matched against the next routing policy. The region and direction of the routing policy to be associated must be the same as those of the current routing policy. The priority of the routing policy to be associated must be lower than the priority of the current routing policy.	20
CidrMatchMode	string	No	The match method that is used to match routes against the prefix list. Valid values: Include: fuzzy match. A route is a match if the route prefix is included in the match conditions. For example, if you set the match condition to 10.10.0.0/16 and fuzzy match is applied, the route whose prefix is 10.10.1.0/24 meets the match condition. Complete: exact match. A route is a match only if the route prefix is the same as the prefix specified in the match condition. For example, if you set the match condition to 10.10.0.0/16 and exact match is applied, only the route whose prefix is 10.10.0.0/16 meets the match condition.	Include
AsPathMatchMode	string	No	The match method that is used to match routes based on the AS path. Valid values: Include: fuzzy match. A route is a match if the AS path of the route overlaps with the AS path in the match conditions. Complete: exact match. A route is a match only if the AS path of the route matches the AS path in the match conditions.	Include
CommunityMatchMode	string	No	The match method that is used to match routes based on the community. Valid values: Include: fuzzy match. A route is a match if the community of the route overlaps with the community in the match conditions. Complete: exact match. A route is a match only if the community of the route matches the community in the match conditions.	Include
CommunityOperateMode	string	No	The action to be performed on the community. Valid values: Additive: adds the community to the route. Replace: replaces the original community of the route. This parameter specifies the action to be performed when a route meets the match condition.	Additive
Preference	integer	No	The new priority of the route. Valid values: 1 to 100. The default priority is 50. A smaller value indicates a higher priority. This parameter specifies the action to be performed when a route meets the match condition.	22
Priority	integer	Yes	The priority of the routing policy. Valid values: 1 to 100. A smaller value indicates a higher priority. Note You cannot specify the same priority for routing policies that apply in the same region and direction. The system matches routes against the match conditions of routing policies in descending order of priority. A smaller value indicates a higher priority. You must set the priorities to proper values.	10
SourceInstanceIdsReverseMatch	boolean	No	Specifies whether to exclude source instance IDs. Valid values: false (default): A route is a match if the source instance ID is included in the list specified by SourceInstanceIds.N. true: A route is a match if the source network instance ID is not in the list specified by SourceInstanceIds.N.	false
DestinationInstanceIdsReverseMatch	boolean	No	Specifies whether to exclude destination instance IDs. Valid values: false (default): A route is a match if the destination instance ID is included in the list specified by SourceInstanceIds.N. true: A route is a match if the destination network instance ID is not in the list specified by SourceInstanceIds.N.	false
MatchAddressType	string	No	The type of IP address in the match condition. Valid values: IPv4: IPv4 address IPv6: IPv6 address This parameter can be empty. If no value is specified, all types of IP address are a match.	IPv4
SourceInstanceIds	array	No	The IDs of the source network instances to which the routes belong. The following network instance types are supported: Virtual private cloud (VPC) Virtual border router (VBR) Cloud Connect Network (CCN) instance Smart Access Gateway (SAG) instance The ID of the IPsec-VPN connection. You can enter at most 32 IDs.	vpc-afsfdf5435vcvc****
	string	No	The IDs of the source network instances to which the routes belong. The following network instance types are supported: VPC VBR CCN instance SAG instance The ID of the IPsec-VPN connection. You can enter at most 32 IDs.	vpc-afsfdf5435vcvc****
DestinationInstanceIds	array	No	The IDs of the destination network instances to which the routes belong. The following network instance types are supported: VPC VBR CCN instance SAG instance The ID of the IPsec-VPN connection. You can enter at most 32 IDs. Note The destination instance IDs take effect only when Direction is set to Export from Regional Gateway and the destination instances are deployed in the current region.	vpc-avcdsg34ds****
	string	No	The IDs of the destination network instances to which the routes belong. The following network instance types are supported: VPC VBR CCN instance SAG instance The ID of the IPsec-VPN connection. You can enter at most 32 IDs. Note The destination instance IDs take effect only when Direction is set to Export from Regional Gateway and the destination instances are deployed in the current region.	vpc-avcdsg34ds****
SourceRouteTableIds	array	No	The IDs of the source route tables to which the routes belong. You can enter at most 32 route table IDs.	vtb-acdbvtbr342cd****
	string	No	The IDs of the source route tables to which the routes belong. You can enter at most 32 route table IDs.	vtb-acdbvtbr342cd****
DestinationRouteTableIds	array	No	The IDs of the destination route tables to which the routes belong. You can enter at most 32 route table IDs. Note The destination route table IDs take effect only when Direction is set to Export from Regional Gateway and the destination route tables belong to network instances deployed in the current region.	vtb-adfg53c322v****
	string	No	The IDs of the destination route tables to which the routes belong. You can enter at most 32 route table IDs. Note The destination route table IDs take effect only when Direction is set to Export from Regional Gateway and the destination route tables belong to network instances deployed in the current region.	vtb-adfg53c322v****
SourceRegionIds	array	No	The IDs of the source regions to which the routes belong. You can enter at most 32 region IDs. You can call the DescribeChildInstanceRegions operation to query the most recent region list.	cn-beijing
	string	No	The IDs of the source regions to which the routes belong. You can enter at most 32 region IDs. You can call the DescribeChildInstanceRegions operation to query the most recent region list.	cn-beijing
SourceChildInstanceTypes	array	No	The types of source network instance to which the routes belong. The following types of network instances are supported: VPC: VPC VBR: VBR CCN: CCN instance VPN :VPN gateway or IPsec-VPN connection If the IPsec-VPN connection or SSL client is associated with a VPN gateway, the VPC associated with the VPN gateway must be connected to a transit router, and the VPN gateway must use Border Gateway Protocol (BGP) dynamic routing. Otherwise, this parameter cannot take effect. This parameter takes effect if the IPsec connection is directly connected to a transit router.	VPC
	string	No	The types of source network instance to which the routes belong. The following types of network instances are supported: VPC: VPC VBR: VBR CCN: CCN instance VPN :VPN gateway or IPsec-VPN connection If the IPsec-VPN connection or SSL client is associated with a VPN gateway, the VPC associated with the VPN gateway must be connected to a transit router, and the VPN gateway must use BGP dynamic routing. Otherwise, this parameter cannot take effect. This parameter takes effect if the IPsec connection is directly connected to a transit router.	VPC
DestinationChildInstanceTypes	array	No	The types of destination network instance to which the routes belong. The following types of network instances are supported: VPC: VPC VBR: VBR CCN: CCN instance VPN: IPsec connection Note This parameter does not take effect if the IPsec-VPN connection or SSL client is associated with a transit router through a VPN gateway and a VPC. This parameter takes effect only if the IPsec connection is directly connected to the transit router. The destination network instance types are valid only if the routing policy is applied to scenarios where routes are advertised from the gateway in the current region to network instances in the current region.	VPC
	string	No	The types of destination network instance to which the routes belong. The following types of network instance are supported: VPC: VPC VBR: VBR CCN: CCN instance VPN: IPsec connection Note This parameter does not take effect if the IPsec-VPN connection or SSL client is associated with a transit router through a VPN gateway and a VPC.** This parameter takes effect only if the IPsec connection is directly connected to the transit router. The destination network instance types are valid only if the routing policy is applied to scenarios where routes are advertised from the gateway in the current region to network instances in the current region.	VPC
DestinationCidrBlocks	array	No	The prefix list against which routes are matched. You must specify the IP addresses in CIDR notation. You can enter at most 32 CIDR blocks.	10.10.10.0/24
	string	No	The prefix list against which routes are matched. You must specify the IP addresses in CIDR notation. You can enter at most 32 CIDR blocks.	10.10.10.0/24
RouteTypes	array	No	The type of route to be matched against the match condition. The following route types are supported: System: system routes that are automatically generated by the system. Custom: custom routes that are manually added. BGP: routes that are advertised over BGP.	System
	string	No	The type of route to be matched against the match condition. The following route types are supported: System: system routes that are automatically generated by the system. Custom: custom routes that are manually added. BGP: routes that are advertised over BGP.	System
MatchAsns	array	No	The AS paths against which routes are matched. Note Only the AS-SEQUENCE parameter is supported. The AS-SET, AS-CONFED-SEQUENCE, and AS-CONFED-SET parameters are not supported. In other words, only the AS number list is supported. Sets and sub-lists are not supported.	65501
	integer	No	The AS paths against which routes are matched. Note Only the AS-SEQUENCE parameter is supported. The AS-SET, AS-CONFED-SEQUENCE, and AS-CONFED-SET parameters are not supported. In other words, only the AS number list is supported. Sets and sub-lists are not supported.	65501
MatchCommunitySet	array	No	The community against which routes are matched. Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with the RFC 1997 standard. The RFC 8092 standard that defines BGP large communities is not supported. You can specify at most 32 communities. Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.	65501:1
	string	No	The community against which routes are matched. Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with the RFC 1997 standard. The RFC 8092 standard that defines BGP large communities is not supported. You can specify at most 32 communities. Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.	65501:1
OperateCommunitySet	array	No	The community set on which actions are performed. Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with RFC 1997. The RFC 8092 standard that defines BGP large communities is not supported. You can specify at most 32 communities. Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.	65501:1
	string	No	The community set on which actions are performed. Specify the community in the format of n:m. Valid values of n and m: 1 to 65535. Each community must comply with RFC 1997. The RFC 8092 standard that defines BGP large communities is not supported. You can specify at most 32 communities. Note If the configurations of the communities are incorrect, routes may fail to be advertised to your data center.	65501:1
PrependAsPath	array	No	The AS paths that are prepended by using an action statement when regional gateways receive or advertise routes. The AS paths vary based on the direction in which the routing policy is applied: If AS paths are prepended to a routing policy that is applied in the inbound direction, you must specify source network instance IDs and the source region in the match condition. In addition, the source region must be the same as the region where the routing policy is applied. If AS paths are prepended to a routing policy that is applied in the outbound direction, you must specify destination network instance IDs in the match condition. This parameter specifies the action to be performed when a route meets the match condition.	65501
	integer	No	The AS paths that are prepended by using an action statement when regional gateways receive or advertise routes. The AS paths vary based on the direction in which the routing policy is applied: If AS paths are prepended to a routing policy that is applied in the inbound direction, you must specify source network instance IDs and the source region in the match condition. In addition, the source region must be the same as the region where the routing policy is applied. If AS paths are prepended to a routing policy that is applied in the outbound direction, you must specify destination network instance IDs in the match condition. This parameter specifies the action to be performed when a route meets the match condition.	65501
DestinationRegionIds	array	No	The destination region IDs of the route. You can specify at most 32 region IDs.
	string	No	The destination region IDs of the route. You can specify at most 32 region IDs.	cn-beijing

Response parameters

Parameter	Type	Description	Example
	object	The response.
RequestId	string	The ID of the request.	54B48E3D-DF70-471B-AA93-08E683A1B457

Examples

Success response

JSON format

{
  "RequestId": "54B48E3D-DF70-471B-AA93-08E683A1B457\t"
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidOperation.NoEffictiveAction	No effective action be configured.	The error message returned because the specified action is invalid.
400	InvalidOperation.CenRouteMapExist	Operation is invalid because an route map config exist.	The error message returned because this operation is not supported when a routing policy exists.
400	Invid.Parameter	When using GatewayRegionId, SourceRegionId must not be null	The error message returned because the GatewayRegionId and SourceRegionId parameters must be set.
400	InvalidName	Name is invalid.	The error message returned because the specified name is invalid.
400	InvalidDescription	Description is invalid.	The error message returned because the description is invalid.
400	InvalidParam.DestinationInstanceIds	When using "PrependAsPath" in the "RegionOut", "DestinationInstanceIds" must be local region instances.	When using the PrependAsPath option in a RegionOut configuration, the DestinationInstanceIds target instance should be within the local domain.
400	Forbidden.NoMedAuthorized	Med operation is unauthorized.	Unable to operate on the specified Med routing policy.
400	InvalidOperation.MedRouteMapExist	Operation is invalid because the default med route map already exist.	The operation is invalid because there is already a med routeMap with the next hop destination for this Ecr instance.
400	InvalidOperation.MedRouteMapNotAllowedOtherAction	Operation is invalid because the default med not allowed other action.	the med policy does not allow to configure other policies.
400	InvalidOperation.MedRouteMapActionMustPermit	Operation is invalid because the default med map result must be permit.	Operation is invalid because the default med map result must be permit.
400	InvalidParameter.MedRouteMapDestInstanceIds	Param DestInstanceIds must be ecr instance id.	The destination instance list of med routeMap must be ECR instance.
400	InvalidParameter.MedRouteMapDestInstanceType	Param DestChildInstanceTypes must be ecr.	The destination instance type of the med routeMap must be ECR.
400	InvalidOperation.PrependAsPathWithInvalidSourceRegionId	When using PrependAsPath in the RegionIn direction, SourceRegionId must be local region ID.	When using PrependAsPath in the RegionIn direction, SourceRegionId must be local region ID.
400	InvalidOperation.PrependAsPathWithInvalidSourceInstanceIds	When using PrependAsPath in the RegionIn direction, SourceInstanceIds must be local instance ids.	When using PrependAsPath in the RegionIn direction, SourceInstanceIds must be local instance ids.
400	InvalidOperation.TransitRouterNotExist	Operation is invalid because the transit router not exist.	The error message returned because the specified transit router does not exist.
400	InvalidParameter	Invalid parameter.	The error message returned because the parameter is set to an invalid value.
400	Unauthorized	The AccessKeyId is unauthorized.	The error message returned because you do not have the permissions to perform this operation.
400	InvalidParameter.RouteMapId	The specified parameter RouteMapId is invalid.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.