All Products
Search
Document Center

Virtual Private Cloud:CreateRouteEntries

Last Updated:Jun 10, 2026

Adds custom routes in a batch to the route table of a VPC router.

Operation description

  • CreateRouteEntries is an asynchronous operation. After you send a request, the system returns a request ID, but the operation is still being performed in the background. You can call DescribeRouteEntryList to query the status of a route:
    • If a route is in the Creating state, the route is being created.

    • If a route is in the Created state, the route is created.

  • CreateRouteEntries does not support concurrent batch operations to add custom routes to the same VPC.

Note the following when you add custom routes to the route table of a VPC router:

  • A route table can contain a maximum of 200 custom routes.

  • The destination CIDR block (DstCidrBlock) of a custom route cannot be the same as, overlap with, or be a subset of the CIDR block of a vSwitch in the VPC.

  • The destination CIDR block (DstCidrBlock) of a custom route cannot be 100.64.0.0/10 or a subset of 100.64.0.0/10.

  • The destination CIDR blocks (DstCidrBlock) of routes in the same route table cannot be the same.

  • An IP address specified as the destination CIDR block (DstCidrBlock) is processed with a 32-bit subnet mask.

  • Multiple custom routes can point to the same next hop (NextHop).

  • The next hop (NextHop) of a custom route must be in the same VPC as the route table.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

vpc:CreateRouteEntries

create

*RouteEntry

acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}

None None

Request parameters

Parameter

Type

Required

Description

Example

RegionId

string

Yes

The ID of the region where the route table is located.

You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou

RegionId

string

Yes

The ID of the region where the route table is located.

You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou

RouteEntries

array<object>

Yes

The list of route information.

object

No

The list of route information.

DstCidrBlock

string

Yes

The destination CIDR block of the custom route. Both IPv4 and IPv6 CIDR blocks are supported. You can specify up to 50 destination CIDR blocks. The destination CIDR blocks must meet the following requirements:

  • The destination CIDR block cannot point to 100.64.0.0/10 or be a subset of 100.64.0.0/10.

  • The destination CIDR blocks of different routes in the same route table cannot be the same.

192.168.0.0/24

RouteTableId

string

Yes

The ID of the route table to which you want to add custom routes. You can specify up to 50 route table IDs.

vtb-bp145q7glnuzd****

IpVersion

integer

No

The IP protocol version. You can specify up to 50 IP protocol versions. Valid values:

  • 4: IPv4.

  • 6: IPv6.

4

NextHop

string

Yes

The ID of the next hop instance for the custom route. You can specify up to 50 instance IDs.

Note

If you set NextHopType to Ecr, call the DescribeExpressConnectRouterAssociation operation to obtain the AssociationId and use it as the next hop ID.

i-j6c2fp57q8rr4jlu****

NextHopType

string

Yes

The type of the next hop for the custom route. You can specify up to 50 next hop types. Valid values:

  • Instance (default): an ECS instance.

  • HaVip: a high-availability virtual IP address (HAVIP).

  • RouterInterface: a router interface.

  • NetworkInterface: an elastic network interface (ENI).

  • VpnGateway: a VPN Gateway.

  • IPv6Gateway: an IPv6 Gateway.

  • NatGateway: a NAT Gateway.

  • Attachment: a transit router.

  • VpcPeer: a VPC peering connection.

  • Ipv4Gateway: an IPv4 gateway.

  • GatewayEndpoint: a gateway endpoint.

  • CenBasic: CEN does not support transit routers.

  • Ecr: an Express Connect Router (ECR).

  • GatewayLoadBalancerEndpoint: a Gateway Load Balancer endpoint (GWLBe).

RouterInterface

Name

string

No

The name of the custom route that you want to add. You can specify up to 50 names.

The name must be 1 to 128 characters in length and cannot start with http:// or https://.

test

Description

string

No

The description of the custom route. You can specify up to 50 descriptions.

The description must be 1 to 256 characters in length and cannot start with http:// or https://.

test

DryRun

boolean

No

Specifies whether to perform a dry run. Valid values:

true: Sends a request to check whether the request is valid. The system checks whether your AccessKey is valid, whether the RAM user is authorized, and whether the required parameters are specified. If the request fails the check, an error message is returned. If the request passes the check, the DryRunOperation error code is returned.

false (default): Sends a normal request. After the request passes the check, a 2xx HTTP status code is returned and the routes are created.

Response elements

Element

Type

Description

Example

object

The number of successful tasks.

SuccessCount

integer

The number of custom routes that are successfully added.

2

FailedCount

integer

The number of custom routes that failed to be added.

2

RequestId

string

The request ID.

0ED8D006-F706-4D23-88ED-E11ED28DCAC0

FailedRouteEntries

array<object>

The details about the custom routes that failed to be added.

object

The details about the custom routes that failed to be added.

DstCidrBlock

string

The destination CIDR block of the custom route that failed to be added.

192.168.0.0/24

NextHop

string

The ID of the next hop of the custom route that failed to be added.

i-j6c2fp57q8rr4jlu****

FailedCode

string

The error code.

VPC_ROUTE_ENTRY_CIDR_BLOCK_DUPLICATE

FailedMessage

string

The error message.

Specified CIDR block is already exists, entry.cidrBlock=xxxx

RouteEntryIds

array

The information about the IDs of the custom routes that are successfully added.

string

The ID of the custom route that is successfully added.

rte-sn6vjkioxte1gz83z****

Examples

Success response

JSON format

{
  "SuccessCount": 2,
  "FailedCount": 2,
  "RequestId": "0ED8D006-F706-4D23-88ED-E11ED28DCAC0",
  "FailedRouteEntries": [
    {
      "DstCidrBlock": "192.168.0.0/24",
      "NextHop": "i-j6c2fp57q8rr4jlu****",
      "FailedCode": "VPC_ROUTE_ENTRY_CIDR_BLOCK_DUPLICATE",
      "FailedMessage": "Specified CIDR block is already exists, entry.cidrBlock=xxxx"
    }
  ],
  "RouteEntryIds": [
    "rte-sn6vjkioxte1gz83z****"
  ]
}

Error codes

HTTP status code

Error code

Error message

Description

400 DryRunOperation Request validation has been passed with DryRun flag set. The request passed the dry run.
400 InvalidCIDRBlock.Duplicate Specified CIDR block is already exists.
400 MissingParam.RouteTableId The parameter RouteTableId is missing.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.