Routing Policy Overview
For all network instances added to the UGN, the routes will be automatically learned without the need for manual configuration. You can create routing policies customarily to manage the intercommunication relationships between instances in a customized way.
- Default Policy: All instances are interconnected. It has the lowest priority and cannot be modified.
- Custom Policy: Users can configure different policies according to their business requirements, and they can add, delete and modify these policies.
Customize Policies
Policy Direction
Routing policies, based on the sending and receiving of routes by the UGN, can be defined respectively in the receiving direction and the sending direction.
- Receiving Direction: It refers to the direction in which the UGN receives the routes of each instance. In this direction, only the starting point of the route needs to be located.
- Sending Direction: It refers to the direction in which the UGN sends routes to each instance. In this direction, both the starting point and the ending point of the route need to be located simultaneously.
Target Objects
The target objects refer to the objects to which the routing policy will be applied, and multiple target objects can be selected in batches.
- In the receiving direction, the target objects describe the characteristics of the route starting point, which can be accurate to an internal network segment of a single network instance.
| Field Name | Region | Instance Type | Instance ID | Address Prefix |
|---|---|---|---|---|
| Description | Select the region where the target resides | Select the instance type; Currently supported: VPC; Other types coming soon | Select the resource ID(s) of the target network instance(s) (multiple selections allowed) | Select internal subnet(s) (multiple selections allowed) |
| Example | Shanghai | VPC | XXX | 192.168.0.0/16 (XXX) |
- In the sending direction, the target objects describe the characteristics of the route ending point, which are accurate to the network instance.
| Field Name | Region | Instance Type | Instance ID |
|---|---|---|---|
| Description | Select the region where the object is located | Select instance type Currently supported: VPC Other types are coming soon | Select the resource IDs of the network instances to be used as target objects, and multiple selections are allowed |
| Example | Shanghai | VPC | XXX |
Route Matching Conditions
Route matching conditions refer to the set of conditions for route selection in the sending direction of the UGN. They describe the characteristics of the route starting point and can be selected in batches.
The matching can be precise to the network instance or to the internal network segment of the network instance.
| Field Name | Region | Instance Type | Instance ID | Address Prefix |
|---|---|---|---|---|
| Description | Optional. Select the region where the object is located | Select instance type Currently supported: VPC Other types are coming soon | Select the resource IDs of the network instances to be used as target objects, and multiple selections are allowed | Select the internal network segment, multiple selections are allowed |
| Example | Shanghai | VPC | XXX | 192.168.0.0/16 (XXX) |
Action
The action represents the behaviors of allowing or denying the routes located through the target objects and route matching conditions by the UGN.
- Allow: Routes are transmitted normally.
- Deny: Routes are discarded.
Route Priority
The route priority represents the sequence of route forwarding, and the routes with higher priority will be forwarded first.
It can be set only when the execution action is “Allow”, and the range is from 1 to 255. The smaller the number, the higher the priority.
Basic Configuration
Policy Name
The policy name is set to identify the content.
Policy Priority
The policy priority represents the matching sequence, and the ones with higher priority will be scanned and matched first.
Within the same UGN instance, the policy priorities in the same direction are unique and cannot be repeated, and the range is from 1 to 255.
Policy Execution Flow
- When the UGN receives a route from a network instance, it determines the route direction and content, and attempts to match the policies in descending order of policy priority.
- Match Policy Direction: Match the receiving direction and sending direction separately.
- Match Target Objects: Hit the policy whose target objects are the same as those in the policy.
- Match Routes: Hit the policy whose route matching conditions are the same as those in the policy.
-
If all conditions are met, proceed to the next step. If any condition is not met, match the next policy, and so on. If no match is found, the default policy of full inter-communication shall be executed.
-
Execution of Policy Content. It is divided into “Allow” and “Deny”. If the action is “Allow”, the routes are forwarded in descending order of route priority.
- Receiving Direction: If “Allow”, the route can be successfully uploaded to the UGN. If “Deny”, the route will not be sent to any instance through the UGN.
- Sending Direction: If “Allow”, the route can be sent to the target objects. If “Deny”, the route will not be sent to the target objects.
- After the execution is completed, regardless of the policy content, the UGN will end the matching action and generate a unique effective routing table for a single UGN instance.
Routing Table
The routing table of the UGN is used to display the routing situation within a single UGN instance, and it can be verified here after the policy takes effect. For details, see Routing Table.