百度智能云
All Product Document

          Virtual Private Cloud

          • Virtual Private Cloud
          • >
          • Operation Guide
          • >
          • Route Table

          Route Table

          Last Updated2020-07-20

          The route table is a flow controller in VPC, and realizes the global and subnet-level traffic control by a global route table. You can customize the route rules to control the guide destination of network traffic. Currently, Baidu AI Cloud supports six types of routes which are respectively local route, instance route, NAT gateway route, VPN gateway route, peer connection route and express tunnel gateway route.

          Local route

          When the user creates a Virtual Private Cloud (VPC), the system creates a local route table by default, and the subnet is automatically associated to the default route tablevThe local route table doesn't support the deletion by users.

          Instance route

          By the instance route, the user directs the next hop to one BCC instance, and imports the traffic to the instance for further forwarding processing to realize the accuracy control of traffic.

          NAT gateway

          When you use the NAT gateway to realize the connection of instances in the Virtual Private Cloud (VPC) to Internet, you should configure the route of this type, and forwards the traffic directing to Internet to one NAT gateway. For more information, please refer to NAT Gateway.

          VPN gateway

          When you use the VPN gateway to realize the connection of instances in the Virtual Private Cloud (VPC) to IDC or other VPCs, you should configure the route of this type, and forwards the traffic directing to the target segment to one VPN gateway. For more information, please refer to VPN Gateway.

          Peer connection

          When you use the peer connection to realize the network interconnection across the Virtual Private Cloud (VPC), you should configure the route of this type, and forwards the traffic directing to the target segment to one VPC. For more information, please refer to Peer Connection.

          Express tunnel Gateway

          When you use the physical express tunnel to connect to IDC, you should configure the route of this type, and forwards the traffic directing to the target segment to one express tunnel gateway. For more information, please refer to Express Tunnel Gateway.

          Note:

          • The route table is global.
          • Each subnet generates one local route by default. One local route is generated when a subnet is created, and the subnets under the same VPC interwork by default.
          • If the users should enable the subnet to communicate with the external network, the users should configure corresponding routing entries in the route table.

          Create a Route Table

          1. Log into Baidu AI Cloud Console.
          2. After logging in, navigate to "Product Service > Virtual Private Cloud (VPC)", and select the region where the VPC instance is located on the top left corner.
          3. Select one VPC instance to enter the details page, and click "Route Table" in the left navigation bar.

          4. Click "Add a Route" and fill in the following details:

            Configuration items Description
            Source network segment All or created subnets, all by default
            Destination network segment Destination IP or target segment set by the user;when the 0.0.0.0/0 route entry is entered, the NAT exclusive subnet can be selected only for the source segment.
            Route type Including local route (created by default, cannot be deleted), instance route, NAT gateway route, VPN gateway route, peer connection route and express tunnel gateway route.
            Next hop instance Select "Next Hop" according to the route type: BCC instance, public network IP and shared bandwidth package bound to NAT
            Description Edit the description of the route entry
          5. Click "Confirm", and add the customized route entry.

          Route Rule Priority

          When multiple route rules exist in the route table, the route priority sequence is: the priority according to the route type first, and then use the longest match principle.

          Priority of route type

          Priority of route type: Instance route < NAT gateway = VPN gateway = peer connection = express tunnel gateway < local route.

          Longest match principle First match the source address and then the destination address.

          • The source address is the first matching condition: The network IP of the user is in one source IP segment in the route table, and the route entry is matched in high priority. In case of no match condition, the source segment is matched by default (ALL).
          • Exact match of destination address: After the source address is matched, the destination address is matched exactly according to the longest match principle.

          For example, the following are existing route table entries, assume the network source IP to be tested is 192.168.0.1/16 and the destination IP is 100.0.0.1/1.

          • a, source (ALL)| Destination (100.0.0/24)| Next hop BCC1
          • b, source Subnet (192.168.0.0/16) | Destination (100.0.0 .0/16)| Next hop BCC2
          • c, source Subnet (192.168.0.0/16) | Destination (100.0.0 .0/30)| Next hop BCC3

          First match the b or c route, and then select the c route according to the longest match principle of destination address, and the final policy is c > b > a.

          Note:

          • The route entry without a destination cannot be detected. When two routes are matched, the high-priority route destination cannot be communicated or automatically use the low-priority route.
          Previous
          ACL
          Next
          Elastic Network Interface Card