Creates a destination route for a VPN gateway instance. After the destination route is created, the VPN gateway instance matches the destination IP address of traffic against destination routes and forwards the traffic based on the matched destination route.
Operation description
Before you begin
Before you create a destination route, make sure that you have created an IPsec-VPN connection. For more information, see CreateVpnConnection.
Before you create a destination route, we recommend that you understand the matching rules of destination routes. For more information, see Configure destination routes.
Limits
Destination routes with a destination CIDR block of 0.0.0.0/0 are not supported.
Do not add destination routes with a destination CIDR block of 100.64.0.0/10, a subnet of 100.64.0.0/10, or a CIDR block that contains 100.64.0.0/10. Such routing entries may cause the console to fail to display the status of IPsec-VPN connections or cause IPsec-VPN connection negotiation to be failed.
- The CreateVpnRouteEntry operation is asynchronous. After you invoke this operation, the system returns the destination route configuration, but the destination route has not been created yet. The background creation node is still in progress. You can invoke DescribeVpnGateway to query the creation status of the destination route:
If the VPN gateway instance is in the updating state, the destination route is being created.
If the VPN gateway instance is in the active state, the destination route has been created.
The CreateVpnRouteEntry operation does not support concurrent creation of destination routes for the same VPN gateway.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
vpc:CreateVpnRouteEntry |
create |
*VpnGateway
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| RegionId |
string |
Yes |
The region ID of the VPN gateway instance. You can call the DescribeRegions operation to query the region ID. |
cn-hangzhou |
| ClientToken |
string |
No |
The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The client token can contain only ASCII characters. Note
If you do not specify this parameter, the system automatically uses the RequestId of the API request as the ClientToken. The RequestId may be different for each API request. |
d7d24a21-f4ba-4454-9173-b3828dae**** |
| VpnGatewayId |
string |
Yes |
The instance ID of the VPN gateway. |
vpn-bp1a3kqjiiq9legfx**** |
| RouteDest |
string |
Yes |
The destination CIDR block of the destination route. |
10.0.0.0/24 |
| NextHop |
string |
Yes |
The next hop of the destination route. |
vco-bp15oes1py4i66rmd**** |
| Weight |
integer |
Yes |
The weight of the destination routing entry. When you use the same VPN gateway instance to establish active/standby IPsec-VPN connections, you can specify the active and standby links by configuring the weight of the destination routing entry. A destination routing entry with a weight of 100 is the active link by default, and a destination routing entry with a weight of 0 is the standby link by default. You can configure health checks for the IPsec-VPN connection to automatically detect the connectivity of the link. If the active link is unavailable, the system automatically switches traffic to the standby link, ensuring high availability of the cloud connection. For more information, see CreateVpnConnection.
Note
|
0 |
| PublishVpc |
boolean |
Yes |
Specifies whether to publish the destination route to the VPC. Valid values:
|
true |
| Description |
string |
No |
The description of the destination route. The description must be 1 to 100 characters in length and cannot start with |
mytest |
| OverlayMode |
string |
No |
The tunneling protocol. Set the value to Ipsec (IPsec tunneling protocol). |
Ipsec |
| DryRun |
boolean |
No |
Specifies whether to perform a dry run, without performing the actual request. Valid values:
|
false |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
The response parameters. |
||
| NextHop |
string |
The next hop of the destination route. |
vco-bp15oes1py4i66rmd**** |
| Weight |
integer |
The weight of the destination route. Valid values:
|
0 |
| RouteDest |
string |
The destination CIDR block of the destination route. |
10.0.0.0/24 |
| RequestId |
string |
The request ID. |
5BE01CD7-5A50-472D-AC14-CA181C5C03BE |
| Description |
string |
The description of the destination route. |
mytest |
| State |
string |
The publish status of the destination route.
|
published |
| CreateTime |
integer |
The timestamp when the destination route was created. Unit: milliseconds. The timestamp follows the UNIX timestamp format, which represents the total number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC. |
1492747187000 |
| OverlayMode |
string |
The tunneling protocol. Set the value to Ipsec (IPsec tunneling protocol). |
Ipsec |
| VpnInstanceId |
string |
The instance ID of the VPN gateway. |
vpn-bp1a3kqjiiq9legfx**** |
Examples
Success response
JSON format
{
"NextHop": "vco-bp15oes1py4i66rmd****",
"Weight": 0,
"RouteDest": "10.0.0.0/24",
"RequestId": "5BE01CD7-5A50-472D-AC14-CA181C5C03BE",
"Description": "mytest",
"State": "published",
"CreateTime": 1492747187000,
"OverlayMode": "Ipsec",
"VpnInstanceId": "vpn-bp1a3kqjiiq9legfx****"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | Resource.QuotaFull | The quota of resource is full | |
| 400 | VpnGateway.Configuring | The specified service is configuring. | |
| 400 | VpnGateway.FinancialLocked | The specified service is financial locked. | |
| 400 | VpnRouteEntry.AlreadyExists | The specified route entry is already exist. | The route already exists. |
| 400 | VpnRouteEntry.Conflict | The specified route entry has conflict. | Route conflicts exist. |
| 400 | VpnRouteEntry.ConflictSSL | The specified route entry has conflict with SSL client. | The route conflicts with the SSL client. |
| 400 | VpnRouteEntry.BackupRoute | Validate backup route entry failed. | Active/standby routes failed authentication. |
| 400 | VpnRouteEntry.InvalidWeight | Invalid route entry weight value. | The weight specified for the route is invalid. |
| 400 | InvalidNextHop.NotFound | The specified NextHop does not exist. | The specified next hop does not exist. |
| 400 | IllegalParam.RouteDest | The specified RouteDest is invalid | The destination address is invalid. |
| 400 | OperationFailed.RouteConflict | Operation failed because there is already a route in VPC route table to another VPN on the same network block. | Operation failed because there is already a route in VPC route table to another VPN on the same network block. |
| 400 | OperationFailed.InvalidCidrBlock | Operation failed because the specified network block is invalid. | The CIDR block is invalid. |
| 400 | QuotaExceeded.VpnRouteEntry | The number of route entries to the VPN gateway in the VPC routing table has reached the quota limit. | The number of route entries to the VPN gateway in the VPC routing table has reached the quota limit. |
| 400 | TaskConflict | The operation is too frequent, please wait a moment and try again. | Your requests are too frequent. Try again later. |
| 400 | VpnTask.CONFLICT | Vpn task has conflict. | The VPN operation conflicts. Try again later. |
| 400 | IncorrectVpcStatus | Current VPC status does not support this operation. | |
| 400 | InternalError | The request processing has failed due to some unknown error, exception or failure. | |
| 400 | InvalidCidrBlock.Malformed | Specified CIDR block is not valid. | |
| 400 | DryRunOperation | Request validation has been passed with DryRun flag set. | The request passed the dry run. |
| 403 | Forbbiden.SubUser | User not authorized to operate on the specified resource as your account is created by another user. | |
| 403 | Forbidden | User not authorized to operate on the specified resource. | You do not have the permissions to manage the specified resource. Apply for the permissions and try again. |
| 404 | InvalidVpnGatewayInstanceId.NotFound | The specified vpn gateway instance id does not exist. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.