Route map

更新时间:
复制 MD 格式

A route map is a mechanism for controlling Border Gateway Protocol (BGP) routes in an Alibaba Cloud network. Use a route map to filter routes, modify their attributes, and manipulate paths. By associating a route map with an Express Connect Router (ECR), you control route propagation among attached network instances to optimize traffic, implement security isolation, and configure multi-link disaster recovery.

Use cases

Scenario 1: Primary/backup connection failover

Requirement: An enterprise connects to Alibaba Cloud through two private connections: a 100 Gbps China Telecom connection and a 10 Gbps China Unicom connection. Under normal conditions, traffic uses the China Telecom link. If the primary link fails, traffic automatically switches to the China Unicom link.

Solution:

  • In an inbound route map, create a rule for routes received from the China Telecom VBR that does not modify the AS PATH

  • Create another rule for routes received from the China Unicom VBR that prepends the AS PATH.

  • When the China Telecom link fails, its routes are withdrawn, and traffic automatically fails over to the China Unicom link.

Scenario 2: Private address isolation

Requirement: Prevent routes for internal private address ranges, such as 10.0.0.0/8 and 172.16.0.0/12, from leaking to on-premises data centers or other external networks.

Solution:

  • In an outbound route map, configure a match condition for the route prefixes 10.0.0.0/8 and 172.16.0.0/12.

  • Set the action to deny to prevent these routes from being advertised.

Scenario 3: Community-based traffic steering

Requirement: Differentiate video traffic, which requires a low-latency link, from file transfer traffic, which requires a high-bandwidth link, and direct each type of traffic over a different private connection.

Solution:

  • Tag routes for video traffic with the community value 65000:100 and routes for file transfers with 65000:200.

  • In the route map, match by community to steer video traffic to the low-latency link and file transfer traffic to the high-bandwidth link.

How it works

Using a route map is a three-step process: create the route map, add rules, and associate it with a network instance.

Step

Object

Description

1. Create a route map

Route map (RouteMap)

A container for rules. You must specify a direction (inbound or outbound) when you create it. The direction cannot be changed once created.

2. Add rules

Rule (RouteMapRule)

Match-Execute unit that defines matching conditions and actions, and executes them in order of priority

3. Associate with a network instance

Association (RouteMapAssociation)

Applies the route map to a network instance or route table.

Matching process

  1. When a route enters or leaves a network instance, the system matches it against the rules for the corresponding direction in ascending order of priority.

    • Inbound: Controls which routes the instance's route table learns from the associated network instance.

    • Outbound: Controls which routes the instance advertises to the associated network instance.

  2. Match result:

    • Match found: The specified action, either permit (allow the route and modify its attributes) or deny (discard the route), is performed, and the matching process stops.

    • No match found: If a route does not match any rules, the system permits it by default.

Match conditions

The conditions are joined by a logical AND, meaning a route must meet all conditions to be considered a match.

Category

Match Condition

Description

Example

Route attribute

Route Prefix

Matches the destination IP prefix of the route. Supports IPv4/IPv6 and provides both exact match and contains match modes.

Exact match for 10.0.0.0/8; contains match for 10.0.0.0/8 and its subnets.

Community

Matches the BGP community tag. Supports exact match and contains match.

65000:100

AS_PATH

Matches the BGP AS PATH. Supports exact match and contains match.

65000, 65001

IP Address Type

Matches IPv4 or IPv6.

IPv4

Route Type

Matches the route type. Currently, only BGP is supported.

BGP

Network instance

Source Instance IDs

Matches the ID of the route's source instance.

vpc-bp1xxx, vbr-bp1xxx

Destination Instance IDs

Matches the ID of the route's destination instance.

vbr-bp1xxx

Source Instance Type

Matches the type of the route's source instance.

VBR, VPC, ECR, VPN

Destination Instance Type

Matches the type of the route's destination instance.

VBR, VPC

Source Route Table

Matches the ID of the route table where the route originates.

vtb-bp1xxx

Destination Route Table

Matches the ID of the route's destination route table.

vtb-bp1xxx

Region

Source Region

Matches the region where the route originates. You can specify up to 32 regions.

China (Hangzhou)

Destination Region

Matches the route's destination region. You can specify up to 32 regions.

China (Shanghai)

Actions

When a route matches the conditions, the system performs one of the following actions:

  • Allow: Allows the route.

  • Deny: Prevents the route from taking effect. For example, if a route entry in a TR matches a Deny action in a route map, the Route Status of the entry is displayed as Prohibited.

When the action is Allow, you can also modify the route's BGP attributes:

BGP Attribute

Modification Method

Description

Typical Use

AS_PATH

Prepend / Modify

Prepends AS numbers to the AS PATH or directly modifies the AS PATH.

Deprioritize a route by increasing the AS PATH length.

Community

Add / Delete

Adds or removes BGP community tags.

Tag and classify routes.

Create and manage route maps

A route map is a container for rules. When you create one, you must specify a name and a direction (inbound or outbound). The direction cannot be changed once it is created.

Console

  • Create a route map: Go to the Route Policy page in the CEN console. Click Create Routing Policy, and select a Policy Direction and Priority.

  • Edit a route map: You can modify the Priority of a route map. In the Actions column for the target route map, click Edit.

  • Delete a route map: In the Actions column of the target route map, click Delete.

    Before you delete a route map, you must first disassociate the route map from all network instances.

API

  • Call CreateRouteMap to create a route map. Required parameters: Name and Direction (Inbound/Outbound).

  • Call DeleteRouteMap to delete a route map.

    Before you delete a route map, you must unbind it from all associated network instances.
  • Call ModifyRouteMap to modify the name or description of a route map.

  • Call DescribeRouteMaps to query a list of route maps. You can filter by ID, name, or direction.

Add and manage rules

A route map rule (RouteMapRule) is a match-action unit. It defines match conditions and actions and is executed in order of priority.

Console

Add a rule
  1. Click the instance ID of the target route map to go to its details page.

  2. Click Add Inbound Route Rule or Add Outbound Route Rule.

    Once a route map is created, you cannot change its direction or the direction of its rules. You can create separate inbound and outbound route maps to control route propagation in each direction.
  3. Configure the following settings:

    • Priority: A value from 1 to 100. The priority must be unique among all rules in the same route map.

    • Conditions: See Match conditions for details.

    • Perform Action: Select Allow (allow the route and modify its attributes) or Deny (discard the route).

      If the action is Allow, you can also Modify BGP Attributes. You can modify the AS Path or Community attributes, with support for Add or Replace. For details, see Actions.

Edit or delete a rule

In the upper-right corner of the target rule, click Edit or Delete.

API

  • Call CreateRouteMapRule to create a rule. Required parameters: RouteMapId, Name, and Direction. In the request, use the MatchConditions and SetActions parameters to specify the match conditions and actions.

  • Call DeleteRouteMapRule to delete a rule.

  • Call ModifyRouteMapRule to modify a rule. You can change the priority, match conditions, and action, but you cannot change the direction.

  • Call DescribeRouteMapRules to query a list of rules.

Associate and unbind route maps

Associate a route map with an ECR instance to make it effective.

Console

Associate a route map
  1. On the details page of the ECR instance, go to the Route Maps tab and click Associate Routing Policy.

  2. Select the target route map, Select Effective Region, and click Confirm.

    If you associate multiple route maps with the same resource, all rules across these route maps must have unique priorities.
    If you need to modify the effective region later, you can click Modify Effective Region in the Actions column of the associated route map.
Unbind a route map

On the details page of the ECR instance, go to the Route Maps tab and click Disassociate.

To quickly navigate to each object associated with a route map, go to the details page of the route map and click the Associated Resources/Route Tables tab. You can click a target instance ID to go directly to its details page.

API

  • Call CreateRouteMapAssociation to associate a route map with a network instance. Required parameters: RouteMapId, ResourceId, and ResourceType.

  • Call DeleteRouteMapAssociation to unbind a route map from a network instance.

  • Call DescribeRouteMapAssociation to query the associations of a route map.

More information

Quotas and limitations

Quotas:

Resource

Default Limit

Increasable

Number of route maps per user account

100

No

Quota name: routemap_count_can_create_per_user

Number of rules per route map

100

Yes

Quota name: routemap_max_count_rule

Number of instances a route map can be associated with

100

No

Number of route maps per instance or route table

100

Yes

Quota name: routemap_count_can_associate_per_Instance

Route map limitations:

  • The direction of a route map cannot be changed once created.

  • Before deleting a route map, you must first unbind it from associated resources, such as ECR instances.

Rule limitations:

  • Rules within the same route map cannot have the same priority.

  • If you associate multiple route maps with the same resource, all rules across these route maps must have unique priorities. If a priority conflict occurs when you modify a rule, the Status of the route map association for that resource changes to Association Failed.

ECR limitations:

  • A route map associated with an ECR is scoped to a region. You must specify the effective regions when you associate the route map.

  • If the Sitelink feature or the route enable/disable feature on an ECR is disabled, no routes are propagated. If enabled, routes are matched against the route map.

  • If you configure prefixes for the AllowedPrefixes feature on an ECR, the corresponding routes are forcibly advertised, ignoring any deny action in a route map. If no prefixes are configured, routes are matched against the route map.

  • If routes are propagated across regions on an ECR, you must also configure and manage route maps for the cross-region connection.