Use route maps to disable the communication between a VPC and a CIDR block - Cloud Enterprise Network

This topic describes how to use route maps to disable the communication between a virtual private cloud (VPC) and a CIDR block.

Prerequisites

Before you configure route maps, make sure that the following requirements are met:

The data center is connected to Alibaba Cloud by using Express Connect circuits. For more information, see Connect to an ECS instance from an on-premises data center by using a physical connection.
A CEN instance is created. Network instances that you want to connect are attached to the CEN instance. For more information, see Create a CEN instance and Attach network instances to a CEN instance.

Background information

By default, a VPC that is attached to a CEN instance can communicate with another VPC, VBR, and CCN instance that is attached to the same CEN instance. However, you may want to disable the communication in some scenarios. Use route maps to disable the communication between a VPC and a CIDR block

Use route maps to disable the communication between a VPC and a CIDR block

As shown in the preceding figure, the VPC and VBR are attached to the CEN instance.The VBR learns two routes that point to CIDR block 1 and CIDR block 2 from the data center through BGP. By default, the VPC can communicate with CIDR block 1 and CIDR block 2. If you do not want the VPC to communicate with CIDR block 1, you can configure a route map to disable the communication between them. The VPC can still communicate with CIDR block 2.

Step 1: Configure a route map that sets the VPC to block the VBR route that points to CIDR block 1

Perform the following operations to configure a route map that sets the VPC to block the VBR route that points to CIDR block 1.

Log on to the CEN console.
On the Instances page, find the CEN instance that you want to manage and click the ID of the instance.
On the instance details page, find the region where you want to add a route map and click the ID of the transit router that is deployed in the region.
On the details page of the transit router, click the Route Table tab and click Route Maps.
On the Route Maps page, click Add Route Map. Set the following parameters and click OK:
- Route Map Priority: Enter a priority value for the route map. A lower value indicates a higher priority. In this example, 20 is entered.
- Region: Select the region to which the route map is applied. In this example, China (Hangzhou) is entered.
- Transmit Direction: Select the direction of the route map. In this example, Import to Regional Gateway is selected.
- Match Conditions: Set the match conditions of the route. The following conditions are set in this example:
  - Source Instance IDs: Select the ID of VBR.
  - Route Prefix: Enter 192.168.0.0/24. Condition Type: Select Exact Match.
- Action Policy: Select the action that you want to perform on a route if the route meets all match conditions. In this example, Deny is selected.
After the route map is added, you can view that the route to 192.168.0.0/24 is deleted in the VPC on the Routing Information tab.

Step 2: Test the connectivity

Perform the following operations to test the connectivity between the VPC and CIDR block 1.

Log on to an ECS instance in the connected VPC.
Run the ping command to ping the IP address of CIDR block 1 to test the connectivity.
The result indicates that the ECS instance cannot access the IP address of CIDR block 1.

Perform the following operations to test the connectivity between the VPC and CIDR block 2.

Log on to an ECS instance in the connected VPC.
Run the ping command to ping the IP address of CIDR block 2 to test the connectivity.
The result indicates that the ECS instance can access the IP address of CIDR block 2.