CreateTransitRouterCidr - Cloud Enterprise Network - Alibaba Cloud Documentation Center

Creates a custom CIDR block for a transit router. Custom CIDR blocks of a transit router are similar to the CIDR blocks of the loopback interface of a router.

Operation description

You can specify a CIDR block for a transit router. The CIDR block works in a similar way as the CIDR block of the loopback interface on a router. IP addresses within the CIDR block can be assigned to IPsec-VPN connections. For more information, see Transit router CIDR blocks.

The CreateTransitRouterCidr operation can be used to create a CIDR block only after you create a transit router.

The CIDR block must meet the following requirements:

Only Enterprise Edition transit routers support custom CIDR blocks.
For more information, see Limits in transit router CIDR blocks.
Each transit router supports at most five CIDR blocks. The subnet mask of a CIDR block must be 16 bits to 24 bits in length.
The following CIDR blocks and their subnets are not supported: 100.64.0.0/10, 224.0.0.0/4, 127.0.0.0/8, and 169.254.0.0/16.
The CIDR block cannot overlap with the CIDR blocks of the network instances that communicate with each other by using the CEN instance.
On the same CEN instance, each transit router CIDR block must be unique.
When you create the first VPN connection after you add a CIDR block for a transit router, three CIDR blocks within the CIDR block are reserved. An IP address is allocated from the remaining CIDR blocks to the IPsec-VPN connection.

You can call the ListTransitRouterCidrAllocation operation to query reserved CIDR blocks and IP addresses allocated to network connections.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
cen:CreateTransitRouterCidr	Write	TransitRouter acs:cen:*:{#accountId}:centransitrouter/{#centransitrouterId}	none	none

Request parameters

Parameter	Type	Required	Description	Example
ClientToken	string	No	The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.	123e4567-e89b-12d3-a456-426****
TransitRouterId	string	Yes	The ID of the transit router.	tr-p0w3x8c9em72a40nw****
RegionId	string	Yes	The region ID of the transit router. You can call the DescribeChildInstanceRegions operation to query the most recent region list.	cn-hangzhou
Name	string	No	The name of the transit router CIDR block. The name must be 1 to 128 characters in length, and cannot start with http:// or https://. You can also leave this parameter empty.	nametest
Description	string	No	The description of the transit router CIDR block. The description must be 1 to 256 characters in length, and cannot start with http:// or https://. You can also leave this parameter empty.	desctest
DryRun	boolean	No	Specifies whether to perform a dry run. Valid values: true: performs a dry run. The system checks the required parameters, request syntax, and limits. If the request fails the dry run, an error message is returned. If the request passes the dry run, the `DryRunOperation` error code is returned. false (default): performs a dry run and sends the request.	false
Cidr	string	Yes	The CIDR block of the transit router.	192.168.10.0/24
PublishCidrRoute	boolean	No	Specifies whether to allow the system to automatically add a route that points to the CIDR block to the route table of the transit router. true (default) If you set the value to true, after you create a VPN attachment on a private VPN gateway and enable route learning for the VPN attachment, the system automatically adds the following route to the route table of the transit router that is in route learning relationship with the VPN attachment: A blackhole route whose destination CIDR block is the transit router CIDR block, which refers to the CIDR block from which gateway IP addresses are allocated to the IPsec-VPN connection. The blackhole route is advertised only to the route tables of virtual border routers (VBRs) connected to the transit router. false	true

Response parameters

Parameter	Type	Description	Example
	object	The response.
TransitRouterCidrId	string	The ID of the CIDR block.	cidr-0zv0q9crqpntzz****
RequestId	string	The ID of the request.	0876E54E-3E36-5C31-89F0-9EE8A9266F9A

Examples

Sample success responses

JSONformat

{
  "TransitRouterCidrId": "cidr-0zv0q9crqpntzz****",
  "RequestId": "0876E54E-3E36-5C31-89F0-9EE8A9266F9A"
}

Error codes

HTTP status code	Error code	Error message	Description
400	OverLappingExist.Cidr	The cidr overlapping exist.	The error message returned because CIDR overlapping is already enabled.
400	OperationUnsupported.TransitRouterCidr	Transit region does not support the operation.	The error message returned because this operation is not supported in the specified region.
400	IllegalParam.Cidr	The specified cidr is invalid.	The error message returned because the specified CIDR block is invalid.
400	IllegalParam.RegionId	The specified RegionId is illegal.	The error message returned because the specified region is invalid.
400	InstanceNotExist	The instance is not exist.	The error message returned because the specified instance does not exist.
400	InvalidParameter	Invalid parameter.	The error message returned because the parameter is set to an invalid value.
400	Unauthorized	The AccessKeyId is unauthorized.	The error message returned because you do not have the permissions to perform this operation.

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2024-01-18

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400

2023-03-09

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	Error Codes 400 change