Route Types
Global VPC currently supports six types of routes: Subnet Routes, Static Routes, Policy-based Routes, Dynamic Routes, NAT Gateway Routes, and Default Internet Gateway Routes.
Subnet Routes
Subnet routes are automatically generated by the system and share the same lifecycle as the subnet. They cannot be deleted independently. Each time a subnet is created in a Global VPC, a corresponding subnet route is automatically generated with:
Destination IP range: the subnet IP range (IPv6 subnet uses private or public IPv6 CIDR)
Next hop type: subnet
Next hop ID: subnet ID
Next hop region: the region of the subnet
Static Routes
Static routes are created by users. The destination IP range is user-defined but must not be more specific than the destination of any subnet route.
Next hop type: network interface only
Next hop ID: network interface ID
Next hop region: the region of the network interface
Policy-based Routes
Policy-based routes extend static routes by adding source IP matching. The source IP address is mandatory.
Dynamic Routes
Dynamic routes are automatically learned and generated by the Border Gateway via Cloud Networking Layer 3 Cloud Router connections. They cannot be edited and have a fixed route priority of 65535.
The scope of dynamic routes depends on the Border Gateway dynamic routing mode:
Regional mode: routes are effective only within the corresponding region
Global mode: routes are effective across the entire Global VPC
NAT Gateway Routes
NAT gateway routes are automatically generated when a public NAT gateway is associated with a subnet or a Border Gateway.
Source IP range: subnet IP range or Border Gateway
Destination IP range:
0.0.0.0/0Next hop type: NAT Gateway
Next hop region: the region of the NAT gateway
Default Network Gateway Routes
Default network gateway routes are automatically generated when an elastic compute is bound to an elastic IP.
Source IP address: the private IP of the elastic compute instance
Destination IP range:
IPv4:
0.0.0.0/0IPv6:
::/0
Next hop type: Network Gateway
Next hop ID / region: empty
Matching Order
In the VPC route table, the priority of the route types from highest to lowest is:
Policy-based Routes
Subnet Routes
Static Routes = Dynamic Routes
Default Network Gateway Routes
NAT Gateway Routes
Overall, routing follows the “most specific destination prefix first” principle. The matching logic is consistent with Linux routing tables and aligns with major public cloud providers such as Google Cloud, AWS, and Alibaba Cloud.
Route Matching Flow in Global VPC
The table below summarizes the route matching order from highest to lowest priority in a Global VPC network:
1
Layer 2 Direct Connectivity
Traffic is forwarded at Layer 2 if source and destination are within the same network.
If not matched, proceed to Policy-based Routes.
2
Policy-based Routes
Match by policy priority (higher priority first).
If priorities are equal, match the longest source prefix.
If source prefixes are equal, match the longest destination prefix.
If not matched, proceed to Subnet Routes.
3
Subnet Routes
Direct traffic within the specified subnet and match by longest destination prefix.
If not matched, proceed to Static and Dynamic Routes.
4
Static Routes = Dynamic Routes
Match by longest destination prefix.
If destination prefixes are equal, match by route priority (higher priority first).
If not matched, proceed to Default Network Gateway Routes.
5
Default Network Gateway Routes
Matched only when the instance is bound to an elastic IP.
If not matched, proceed to NAT Gateway Routes.
6
NAT Gateway Routes
Match by source (subnet or Border Gateway).
After source match, match by longest destination prefix.
If no NAT gateway route matches, the packet is dropped.
This table represents the order of route types used for matching within a Global VPC network following the "most specific destination prefix first" principle.
Last updated