A route map is a mechanism for controlling Border Gateway Protocol (BGP) routes in an Alibaba Cloud network. Use a route map to filter routes, modify their attributes, and manipulate paths. By associating a route map with an Express Connect Router (ECR), you control route propagation among attached network instances to optimize traffic, implement security isolation, and configure multi-link disaster recovery.
Use cases
Scenario 1: Primary/backup connection failover
Requirement: An enterprise connects to Alibaba Cloud through two private connections: a 100 Gbps China Telecom connection and a 10 Gbps China Unicom connection. Under normal conditions, traffic uses the China Telecom link. If the primary link fails, traffic automatically switches to the China Unicom link.
Solution:
In an inbound route map, create a rule for routes received from the China Telecom VBR that does not modify the AS PATH.
Create another rule for routes received from the China Unicom VBR that prepends the AS PATH.
When the China Telecom link fails, its routes are withdrawn, and traffic automatically fails over to the China Unicom link.
Scenario 2: Private address isolation
Requirement: Prevent routes for internal private address ranges, such as 10.0.0.0/8 and 172.16.0.0/12, from leaking to on-premises data centers or other external networks.
Solution:
In an outbound route map, configure a match condition for the route prefixes
10.0.0.0/8and172.16.0.0/12.Set the action to deny to prevent these routes from being advertised.
Scenario 3: Community-based traffic steering
Requirement: Differentiate video traffic, which requires a low-latency link, from file transfer traffic, which requires a high-bandwidth link, and direct each type of traffic over a different private connection.
Solution:
Tag routes for video traffic with the community value
65000:100and routes for file transfers with65000:200.In the route map, match by community to steer video traffic to the low-latency link and file transfer traffic to the high-bandwidth link.
How it works
Using a route map is a three-step process: create the route map, add rules, and associate it with a network instance.
Step | Object | Description |
1. Create a route map | Route map (RouteMap) | A container for rules. You must specify a direction (inbound or outbound) when you create it. The direction cannot be changed once created. |
2. Add rules | Rule (RouteMapRule) |
|
3. Associate with a network instance | Association (RouteMapAssociation) | Applies the route map to a network instance or route table. |
Matching process
When a route enters or leaves a network instance, the system matches it against the rules for the corresponding direction in ascending order of priority.
Inbound: Controls which routes the instance's route table learns from the associated network instance.
Outbound: Controls which routes the instance advertises to the associated network instance.
Match result:
Match found: The specified action, either permit (allow the route and modify its attributes) or deny (discard the route), is performed, and the matching process stops.
No match found: If a route does not match any rules, the system permits it by default.
Match conditions
The conditions are joined by a logical AND, meaning a route must meet all conditions to be considered a match.
Category | Match Condition | Description | Example |
Route attribute | Route Prefix | Matches the destination IP prefix of the route. Supports IPv4/IPv6 and provides both exact match and contains match modes. | Exact match for |
Community | Matches the BGP community tag. Supports exact match and contains match. |
| |
AS_PATH | Matches the BGP AS PATH. Supports exact match and contains match. |
| |
IP Address Type | Matches IPv4 or IPv6. |
| |
Route Type | Matches the route type. Currently, only BGP is supported. |
| |
Network instance | Source Instance IDs | Matches the ID of the route's source instance. |
|
Destination Instance IDs | Matches the ID of the route's destination instance. |
| |
Source Instance Type | Matches the type of the route's source instance. |
| |
Destination Instance Type | Matches the type of the route's destination instance. |
| |
Source Route Table | Matches the ID of the route table where the route originates. |
| |
Destination Route Table | Matches the ID of the route's destination route table. |
| |
Region | Source Region | Matches the region where the route originates. You can specify up to 32 regions. |
|
Destination Region | Matches the route's destination region. You can specify up to 32 regions. |
|
Actions
When a route matches the conditions, the system performs one of the following actions:
Allow: Allows the route.
Deny: Prevents the route from taking effect. For example, if a route entry in a TR matches a Deny action in a route map, the Route Status of the entry is displayed as Prohibited.
When the action is Allow, you can also modify the route's BGP attributes:
BGP Attribute | Modification Method | Description | Typical Use |
AS_PATH | Prepend / Modify | Prepends AS numbers to the AS PATH or directly modifies the AS PATH. | Deprioritize a route by increasing the AS PATH length. |
Community | Add / Delete | Adds or removes BGP community tags. | Tag and classify routes. |
Create and manage route maps
A route map is a container for rules. When you create one, you must specify a name and a direction (inbound or outbound). The direction cannot be changed once it is created.
Console
Create a route map: Go to the Route Policy page in the CEN console. Click Create Routing Policy, and select a Policy Direction and Priority.
Edit a route map: You can modify the Priority of a route map. In the Actions column for the target route map, click Edit.
Delete a route map: In the Actions column of the target route map, click Delete.
Before you delete a route map, you must first disassociate the route map from all network instances.
API
Call
CreateRouteMapto create a route map. Required parameters:NameandDirection(Inbound/Outbound).Call
DeleteRouteMapto delete a route map.Before you delete a route map, you must unbind it from all associated network instances.
Call
ModifyRouteMapto modify the name or description of a route map.Call
DescribeRouteMapsto query a list of route maps. You can filter by ID, name, or direction.
Add and manage rules
A route map rule (RouteMapRule) is a match-action unit. It defines match conditions and actions and is executed in order of priority.
Console
Add a rule
Click the instance ID of the target route map to go to its details page.
Click Add Inbound Route Rule or Add Outbound Route Rule.
Once a route map is created, you cannot change its direction or the direction of its rules. You can create separate inbound and outbound route maps to control route propagation in each direction.
Configure the following settings:
Priority: A value from 1 to 100. The priority must be unique among all rules in the same route map.
Conditions: See Match conditions for details.
Perform Action: Select Allow (allow the route and modify its attributes) or Deny (discard the route).
If the action is Allow, you can also Modify BGP Attributes. You can modify the AS Path or Community attributes, with support for Add or Replace. For details, see Actions.
Edit or delete a rule
In the upper-right corner of the target rule, click Edit or Delete.
API
Call
CreateRouteMapRuleto create a rule. Required parameters:RouteMapId,Name, andDirection. In the request, use the MatchConditions and SetActions parameters to specify the match conditions and actions.Call
DeleteRouteMapRuleto delete a rule.Call
ModifyRouteMapRuleto modify a rule. You can change the priority, match conditions, and action, but you cannot change the direction.Call
DescribeRouteMapRulesto query a list of rules.
Associate and unbind route maps
Associate a route map with an ECR instance to make it effective.
Console
Associate a route map
On the details page of the ECR instance, go to the Route Maps tab and click Associate Routing Policy.
Select the target route map, Select Effective Region, and click Confirm.
If you associate multiple route maps with the same resource, all rules across these route maps must have unique priorities.
If you need to modify the effective region later, you can click Modify Effective Region in the Actions column of the associated route map.
Unbind a route map
On the details page of the ECR instance, go to the Route Maps tab and click Disassociate.
To quickly navigate to each object associated with a route map, go to the details page of the route map and click the Associated Resources/Route Tables tab. You can click a target instance ID to go directly to its details page.
API
Call
CreateRouteMapAssociationto associate a route map with a network instance. Required parameters:RouteMapId,ResourceId, andResourceType.Call
DeleteRouteMapAssociationto unbind a route map from a network instance.Call
DescribeRouteMapAssociationto query the associations of a route map.
More information
Quotas and limitations
Quotas:
Resource | Default Limit | Increasable |
Number of route maps per user account | 100 | No Quota name: routemap_count_can_create_per_user |
Number of rules per route map | 100 | Yes Quota name: routemap_max_count_rule |
Number of instances a route map can be associated with | 100 | No |
Number of route maps per instance or route table | 100 | Yes Quota name: routemap_count_can_associate_per_Instance |
Route map limitations:
The direction of a route map cannot be changed once created.
Before deleting a route map, you must first unbind it from associated resources, such as ECR instances.
Rule limitations:
Rules within the same route map cannot have the same priority.
If you associate multiple route maps with the same resource, all rules across these route maps must have unique priorities. If a priority conflict occurs when you modify a rule, the Status of the route map association for that resource changes to Association Failed.
ECR limitations:
A route map associated with an ECR is scoped to a region. You must specify the effective regions when you associate the route map.
If the Sitelink feature or the route enable/disable feature on an ECR is disabled, no routes are propagated. If enabled, routes are matched against the route map.
If you configure prefixes for the AllowedPrefixes feature on an ECR, the corresponding routes are forcibly advertised, ignoring any deny action in a route map. If no prefixes are configured, routes are matched against the route map.
If routes are propagated across regions on an ECR, you must also configure and manage route maps for the cross-region connection.