Transit routers support routing policies. You can configure routing policies to filter and modify routes. This allows you to manage network communication in the cloud.
How routing policies work
A transit router in a specified region contains route tables and routing policies that are configured for that region. Routing policies filter routes based on the route tables associated with the transit router. Transit routers have two editions: Basic Edition and Enterprise Edition.
- A Basic Edition transit router has only a system route table. Routing polices that you create are automatically associated with the system route table.
- An Enterprise Edition transit router has a system route table and supports custom
route tables. When you add a routing policy, you can associate the routing policy
with the system route table or a custom route table. The routing policy affects only
how the associated route table advertises routes.
For more information about Basic Edition and Enterprise Edition transit routers, see How transit routers work.
You can configure routing policies in the inbound direction or outbound direction. Each routing policy is a collection of conditional statements and execution statements. Routing policies are sorted by priority. A smaller value indicates a higher priority. Routes are matched against match conditions specified in routing policies in descending order of policy priority. Routes that meet all match conditions are permitted or denied based on the specified policy action. You can modify the priority, autonomous system (AS) path, and community value of a route that is permitted. Routes that do not match all match conditions are permitted by default.

Components
Parameter | Description |
---|---|
Routing Policy Priority | Set a priority for the routing policy.
Valid values: 1 to 100. A smaller value indicates a higher priority. You cannot specify the same priority for routing policies that apply in the same region and direction. The system evaluates routes against the match conditions of routing policies in descending order of priority. A smaller value indicates a higher priority. Therefore, set appropriate values to sort the routing policies in the desired order. |
Description | Enter a description for the routing policy. |
Region | Select the region in which the routing policy applies.
Note You can set this parameter only for Basic Edition transit routers.
|
Associated Route Table | Select the ID of the route table to be associated with the routing policy.
Note You can set this parameter only for Enterprise Edition transit routers.
|
Direction | Select the direction in which the routing policy applies.
|
Routing Policy Action | Select the action to be performed on routes that meet all match conditions. The following
actions are supported:
|
Priority of Associated Routing Policy | Specify a priority for the routing policy to be associated.
|
Parameter | Description |
---|---|
Source Region | The system matches all routes that are advertised from the specified region.
The system only evaluates whether the source regions of the routes meet the specified condition. The destination regions of the routes are not evaluated. |
Source Instance IDs | The system matches all routes that are advertised from the specified network instances.
The following network instance types are supported:
You can select Exclude Specified IDs to specify network instance IDs that you want to exclude. If the routes are not advertised from the specified IDs, the routes meet the condition. Otherwise, the routes fail to meet the condition. |
Destination Instance IDs | The system matches all routes that are advertised to the specified network instances.
The following network instance types are supported:
You can select Exclude Specified IDs to specify network instance IDs that you want to exclude. If the routes are not advertised to the specified IDs, the routes meet the condition. Otherwise, the routes fail to meet the condition. Note The destination instance IDs take effect only when Direction is set to Export from Regional Gateway and the destination instances are deployed in the current region.
|
Destination Route Table | The system matches all routes that are advertised to the specified route tables.
Note The destination route table IDs take effect only when Direction is set to Export from Regional Gateway and the destination route tables belong to network instances deployed in the current
region.
|
Source Instance Type | The system matches all routes that are advertised from the specified network instance
types. The following network instance types are supported:
|
Destination Instance Type | The system matches all routes that are advertised to the specified network instance
types. The following network instance types are supported:
Note The destination instance types take effect only when Direction is set to Export from Regional Gateway and the destination instance types are supported in the current region.
|
Route Type | The system matches routes of the specified types. The following route types are supported:
|
Route Prefix | The system filters routes based on the specified route prefixes. The following match
methods are supported:
|
AS Path | The system filters routes based on the specified AS path. The following match methods
are supported:
Note AS path is a mandatory attribute, which describes the AS numbers that a BGP route
passes through when it is advertised.
|
Community | The system matches routes based on the community. The following match methods are
supported:
Note Community is an optional transitive attribute. You can specify a specific community
value for a specific route. Downstream routers can filter routes based on the specified
community value when routing policies are implemented.
|
Parameter | Description |
---|---|
Preference | Specify a priority for the routes that are permitted.
Valid values: 1 to 100. Default value: 50. A smaller value indicates a higher priority. |
Community | Specify a community value for routes. The following methods are supported:
|
Appended AS Path | Specify the AS path to be appended when the transit router receives or advertises
a route.
The requirements for appended AS paths vary based on the direction in which the routing
policy is applied:
|
Matching process
Routing policies evaluate routes in match-action mode. Actions are performed after conditions are matched. The system compares routes with match conditions in descending order of routing policy priority.
- If a route meets all the match conditions in a routing policy, the specified action
is performed on the route.
- If you set Routing Policy Action to Permit, the route is permitted. By default, the system does not compare a matched route with the next routing policy. However, if you set associated priority, the system compares the route with the routing policy that has the associated priority. If you do not set associated priority, the matching process ends.
- If you set Routing Policy Action to Deny, the system denies the route. By default, the system stops comparing the matched route with the next routing policy and the matching process ends.
- If a route does not meet a match condition specified in a routing policy, the current matching process ends and the system compares the route with the next routing policy.
- If the route meets all the match conditions specified in the next routing policy,
the action specified in the routing policy is performed on the route.
- If you set Routing Policy Action to Permit, the route is permitted. By default, the system does not compare a matched route with the next routing policy. However, if you set associated priority, the system compares the route with the routing policy that has the associated priority. If you do not set associated priority, the matching process ends.
- If you set Routing Policy Action to Deny, the system denies the route. By default, the system stops comparing the matched route with the next routing policy and the matching process ends.
- If a route does not meet a match condition specified in the next routing policy, the current matching process ends and the system compares the route with the next routing policy. The preceding processes are repeated until the system compares the route with the last routing policy.
- If the route does not meet a match condition specified in the last routing policy, the route is permitted.

Default routing policy
Each transit router contains a default routing policy that applies in the outbound direction. The priority of the default routing policy is 5000, and the policy action is Deny. The default routing policy prevents VBRs or CCN instances that are connected to the same transit router from communicating with each other. The following section describes whether VPCs, VBRs, and CCN instances that are connected to the same transit router can communicate with each other by default:
- A VPC that is connected to a transit router can communicate with VPCs, VBRs, or CCN
instances that are connected to the same transit router.
- A VBR that is connected to a transit router cannot communicate with VBRs or CCN instances
that are connected to the same transit router.
- A CCN instance that is connected to a transit router cannot communicate with VBRs
or CCN instances that are connected to the same transit router.
Tutorials
The routing policy feature allows you to flexibly manage network communication in the cloud. For more information, see the following topics:
- Use route maps to disable intercommunication among VPCs
- Use route maps to disable the communication between a VPC and a CIDR block
- Connect data centers by using CEN
- Connect branches to a data center by using CEN
- Configure active and standby static routes for VBRs in the same region by using route maps
- Use route maps to allow specified VPCs to communicate with each other