Transit routers provide multiple network communication and route management features. For example, you can use transit routers to connect network instances, create custom route tables, add routes, and add routing policies. This topic describes how Enterprise Edition and Basic Edition transit routers work.
How Enterprise Edition transit routers work
Connect network instances
You can connect network instances to an Enterprise Edition transit router to enable the network instances to communicate with each other. You can connect the following network instances to an Enterprise Edition transit router:
One or more virtual private clouds (VPCs)
Before you connect a VPC to an Enterprise Edition transit router, make sure that the VPC has at least one vSwitch deployed in the zone where the Enterprise Edition transit router is deployed. In addition, make sure that the vSwitch has at least one idle IP address. When you connect the Enterprise Edition transit router to the VPC, the transit router creates an elastic network interface (ENI) on the vSwitch of the VPC. The ENI occupies one IP address on the vSwitch and forwards network traffic between the VPC and the transit router.
One or more virtual border routers (VBRs)
One or more IPsec-VPN connections
One or more transit routers
Regions where Cloud Connect Network (CCN) instances are deployed support only Basic Edition transit routers.
Manage routes
Route tables
After network instances are connected to an Enterprise Edition transit router, routes of the network instances are stored in route tables. The Enterprise Edition transit router forwards traffic for the network instance based on the routes in the route table.
Each Enterprise Edition transit router has one default route table. You can also create custom route tables for Enterprise Edition transit routers. Default route tables are isolated from custom route tables. You can use them to implement access control.
Route learning
Route learning controls how a network instance advertises routes. The routes of a network instance can be advertised to an Enterprise Edition transit router only after you enable route learning between the network instance connection and the route tables of the transit router.
You can enable route learning between the network instance connection and the route tables of one or more Enterprise Edition transit routers. Then, routes can be advertised from the network instance to the route tables.
Associated forwarding
Associated forwarding controls how the traffic of a network instance is forwarded. An Enterprise Edition transit router can query routes and forward network traffic based on the routes for a network instance only after you enable associated forwarding between the network instance connection and the route tables of the transit router.
Each network instance connection can have an associated forwarding correlation with the route tables of only one Enterprise Edition transit router.
Custom routes
You can add custom routes to the route tables of an Enterprise Edition transit router. This way, you can control traffic forwarding for network instances.
Prefix lists
The route tables of Enterprise Edition transit routers can be associated with prefix lists. After the route table of an Enterprise Edition transit router is associated with the prefix list of a VPC, the system automatically adds the routes that point to the CIDR blocks in the prefix list to the route table of the transit router. This way, you do not need to add routes one by one.
Routing policies
You can configure routing policies to control route advertisement for the route tables of an Enterprise Edition transit router. You can add a routing policy to specify whether to advertise the routes in the route tables of an Enterprise Edition transit router to network instances or other Enterprise Edition transit routers. You can modify routing policies to adjust the attributes of routes.
When you add a routing policy, you must specify a route table of an Enterprise Edition transit router. The routing policy is associated with the specified route table and is used to filter and modify the routes in the route table.
If VBRs, CCN instances, and IPsec-VPN connections are connected to an Enterprise Edition transit router, the system automatically creates a routing policy. The routing policy has the following attributes: Routing Policy Priority is set to 5000, Routing Policy Action is set to Deny, and Direction is set to Export from Regional Gateway. The routing policy is used to forbid communication among the VBRs, CCN instances, and IPsec-connections connected to the Enterprise Edition transit router. For more information, see Default routing policy.
Default action
After a network instance is connected to an Enterprise Edition transit router, the Enterprise Edition transit router does not advertise routes to the network instance by default. You can use one of the following ways to add routes to the network instance to forward traffic from the network instance to the Enterprise Edition transit router.
Enable the advanced features of the network instance connection to enable automatic route advertisement. For more information, see the Advanced features section in this topic.
Configure associated forwarding, route learning, and custom routes to manage network connectivity based on business requirements.
Advanced features
In scenarios where a VPC, a VBR, an IPsec-VPN connection, or a transit router in a different region is connected to an Enterprise Edition transit router, you can use the following features provided by the Enterprise Edition transit router to enable automatic route learning and advertisement. When you connect a network instance to an Enterprise Edition transit router, the following features are enabled by default. You can also disable these advanced features. After a network instance is connected to an Enterprise Edition transit router, you can use route learning, associated forwarding, and routing policies to manage network connectivity based on your requirements.
VPC connections
Associate with Default Route Table of Transit Router
After this feature is enabled, the VPC connection is automatically associated with the default route table of the Enterprise Edition transit router. The Enterprise Edition transit router forwards the traffic of the VPC based on the default route table.
Propagate System Routes to Default Route Table of Transit Router
After this feature is enabled, the system routes of the VPC are advertised to the default route table of the Enterprise Edition transit router. This way, the VPC can communicate with other network instances that are also connected to the CEN instance.
Automatically Creates Route That Points to Transit Router and Adds to All Route Tables of Current VPC
After this feature is enabled, the system automatically adds the following three routes to all route tables of the VPC: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. The next hops of the routes point to the VPC. The routes are used to forward traffic from the VPC to the Enterprise Edition transit router.
VBR connections
Associate with Default Route Table of Transit Router
After this feature is enabled, the VBR connection is automatically associated with the default route table of the Enterprise Edition transit router. The Enterprise Edition transit router forwards the traffic of the VBR based on the default route table.
Propagate System Routes to Default Route Table of Transit Router
After this feature is enabled, the system routes of the VBR are automatically advertised to the default route table of the Enterprise Edition transit router.
Propagate Routes to VBR
After this feature is enabled, the system automatically advertises the routes in the route tables of the Enterprise Edition transit router to the VBR. The routes are used to forward traffic from the VBR to the Enterprise Edition transit router.
VPN-to-transit router connections
Associate with Default Route Table of Transit Router
After this feature is enabled, the VPN-to-transit router connection is automatically associated with the default route table of the Enterprise Edition transit router. The transit router forwards traffic from the IPsec-VPN connection based on the default route table.
Propagate System Routes to Default Route Table of Transit Router
After this feature is enabled, routes in the destination route table of the IPsec-VPN connection and BGP route table are advertised to the default route table of the Enterprise Edition transit router.
Automatically Advertise Routes to VPN
After this feature is enabled, routes in the route tables of the Enterprise Edition transit router are automatically advertised to the BGP route table of the IPsec-VPN connection.
NoteThis feature takes effect only if BGP dynamic routing is enabled for the IPsec-VPN connection and data center.
Inter-region connections
Associate with Default Route Table of Transit Router
After this feature is enabled, the inter-region connection is automatically associated with the default route table of the Enterprise Edition transit router. The transit router forwards inter-region traffic based on the default route table.
Propagate System Routes to Default Route Table of Transit Router
After this feature is enabled, the inter-region connection advertises system routes to the default route table of the Enterprise Edition transit router.
Automatically Advertise Routes to Peer Region
After this feature is enabled, the inter-region connection advertises the routes of the Enterprise Edition transit router deployed in the local region to the route tables of the transit router deployed in the peer region. The routes are used for inter-region communication between network instances.
How Basic Edition transit routers work
Connect network instances
One or more VPCs
One or more VBRs
One or more CCN instances
One or more transit routers
Manage routes
Route tables
After network instances are connected to a Basic Edition transit router, routes of the network instances are stored in route tables. The Basic Edition transit router forwards traffic of the network instance based on the routes of the route table.
Each Basic Edition transit router has one default route table. You cannot create custom route tables for Basic Edition transit routers.
Route advertisement
After network instances are connected to a Basic Edition transit router, all routes of the network instances are advertised to the default route table of the Basic Edition transit router. Then, the Basic Edition transit router advertises the routes to all connected network instances to enable communication among the network instances.
Routing policies
You can configure routing policies to control route advertisement for the route tables of a Basic Edition transit router. You can configure routing policies to specify whether to advertise the routes in the route tables of a Basic Edition transit router to the connected network instances. You can also configure routing policies to modify the attributes of the routes in the route tables of a Basic Edition transit router.
If both VBRs and CCN instances are connected to a Basic Edition transit router, the system automatically creates a routing policy. The routing policy has the following attributes: Routing Policy Priority is set to 5000, Routing Policy Action is set to Deny, and Direction is set to Export from Regional Gateway. The routing policy is used to forbid communication among the VBRs and CCN instances connected to the Basic Edition transit router. For more information, see Default routing policy.
References
For more information about how to connect network instances and the advanced features, see the following topics:
The advanced features supported by each type of connection are described in the relevant topics.