You can use an Express Connect router (ECR) to advertise route prefixes to an on-premises network. After you specify the route prefixes to be advertised, the specific routes in the route table of a virtual private cloud (VPC) or a transit router that is associated with the ECR are not advertised to the on-premises network.
Scenarios
You can specify route prefixes in the following scenarios after you create an ECR:
Security matrix management
After an Express Connect circuit is connected to a data center, the firewall deployed in the data egress filters inbound traffic to ensure network security. If a large number of specific routes are advertised from Alibaba Cloud, the complexity and number of security rules increase. To simplify the firewall configuration, you need to advertise general routes instead of specific routes from Alibaba Cloud to the data center.
Multi-cloud environments
Alibaba Cloud connects its platform to a third-party cloud service provider based on an Express Connect circuit. The number of Border Gateway Protocol (BGP) routes that the cloud service provider can accept is limited. In this case, Alibaba Cloud can aggregate the specific routes and then advertise the aggregated routes to the cloud service provider. This ensures that the cloud service provider can accept BGP routes advertised from Alibaba Cloud without the need to increase the quota on BGP routes.
Hybrid cloud environments
A data center is connected to a VPC and the VPC is divided into a large number of subnets. For example, the VPC contains 24 vSwitches that reside in 192.168.1.0/24. BGP routing is configured between the VBR and data center. The VBR advertises routes destined for 24 CIDR blocks to the data center. This greatly increases the cost of route management and maintenance. To resolve this issue, you can use route prefixes to aggregate specific routes into general routes.
Prerequisites
An ECR is created and a VPC or a transit router is associated with the ECR. For more information, see Create and manage an ECR.
Billing for outbound data transfer is enabled. For more information, see Enable billing for outbound data transfer.
Limits
You can add at most 20 route prefixes for each ECR. To request a quota increase, see Manage Express Connect quotas.
Usage notes
You can add IPv4 and IPv6 route prefixes to an ECR.
You can select or switch the following modes when you configure route prefixes.
Matching mode: Express Connect withdraws specific routes that are advertised to a data center and advertises allowed route prefixes to the data center.
Incremental mode: Express Connect withdraws specific routes that are advertised to a data center and that fall within the configured route range. Routes that do not fall within the range are still advertised.
Switch the match mode to the incremental mode: Express Connect re-advertises routes that do not fall within the route range to a data center. Configured route prefixes are still advertised.
Switch the incremental mode to the matching mode: Express Connect withdraws the routes that are advertised to a data center and that do not fall within the route range. Configured route prefixes are still advertised.
If no prefix routes are configured or configured route prefixes are cleared, Express Connect automatically advertises specific routes to a data center.
If the ECR advertises only one route prefix and you modify the route prefix, Alibaba Cloud will temporarily resume the specific route to ensure your service continuity. After the modified route prefix is advertised, the configured route prefix is used. Pay attention to the impacts on your peer networks after the specific routes are advertised.
Add allowed route prefixes
When you associate a VPC or a transit router with an ECR, you can configure the Allowed Route Prefixes parameter to add route prefixes. For more information, see the Associate a VPC with an ECR and Associate a TR with an ECR sections of the "Create and manage an ECR" topic.
If you have not configured route prefixes when you associate a VPC or a transit router with an ECR or you want to update the route prefixes, perform the following steps:
Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click its ID. The details page of the ECR appears.
Update route prefixes for a VPC.
On the VPC tab, find the VPC for which you want to update route prefixes and click the
icon in the Dynamic CIDR Block Propagation column. In the Update Prefix List dialog box, select Matching Mode or Incremental Mode, enter the allowed route prefixes, select the protocol, and then click OK.
Update route prefixes for a transit router.
On the TR tab, find the transit router for which you want to update route prefixes and click the
icon in the Dynamic CIDR Block Propagation column. In the Update Prefix List dialog box, select Matching Mode or Incremental Mode, enter the allowed route prefixes, select the protocol, and then click OK.
Delete route prefixes
When you delete a route prefix, Express Connect automatically advertises all specific routes to the data center and withdraws route prefixes advertised to the data center.
You can delete route prefixes for a VPC or a transit router that is associated with an ECR.
Log on to the Express Connect console.
In the left-side navigation pane, click Express Connect Router (ECR). On the Express Connect Router (ECR) page, find the ECR that you want to manage and click its ID. The details page of the ECR appears.
Update route prefixes for a VPC.
On the VPC tab, find the VPC for which you want to update route prefixes and click the
icon in the Dynamic CIDR Block Propagation column. In the Update Prefix List dialog box, delete the allowed prefix route, select the agreement, and then click OK.
Update route prefixes for a transit router.
On the TR tab, find the transit router for which you want to update route prefixes and click the
icon in the Dynamic CIDR Block Propagation column. In the Update Prefix List dialog box, delete the allowed prefix route, select the agreement, and then click OK.