路由表有什么限制？ 当您创建VPC时，系统会同步为VPC创建一个默认路由表。除此之外，您还可以创建自定义路由表。 在一个VPC内，最多可关联5个路由表，包括1个默认路由表和4个自定义路由表。 在一个VPC内的所有路由表中，最多可容纳1000条路由。系统自动创建的路由，即类型为“系统”的路由不占用该配额。 在VPC路由表中，路由优先级说明如下： Local路由：类型为“系统”，用于VPC内通信的系统默认路由，优先级高于自定义路由。 自定义路由：类型为“自定义”，是用户自己添加的路由或者创建其他实例自动下发的路由，自定义路由遵循最长匹配原则，即优先选择匹配度更高的目的地址进行路由转发。 图1 VPC路由表 父主题： 路由类

请求示例 插入两条入方向规则到id为e9a7731d-5bd9-4250-a524-b9a076fd5629的网络ACL中，插入到规则a2a7731d-5bd9-4250-a524-b9a076fd5630之后。 PUT https://{Endpoint}/v3/{project_id}/vpc/firewalls/e9a7731d-5bd9-4250-a524-b9a076fd5629/insert-rules { "firewall" : { "ingress_rules" : [ { "name" : "network_acl_rule ipv4 test", "description" : "network_acl_rule ipv4 test", "action" : "allow", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "name" : "network_acl_rule ipv6 test", "description" : "network_acl_rule ipv6 test", "action" : "allow", "protocol" : "tcp", "ip_version" : "6", "source_ip_address" : "2002:50::44", "destination_ip_address" : "2002:51::44", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null } ], "insert_after_rule" : "a2a7731d-5bd9-4250-a524-b9a076fd5630" } } 插入两条出方向规则到id为e9a7731d-5bd9-4250-a524-b9a076fd5629的网络ACL中，插入到规则a3a7731d-5bd9-4250-a524-b9a076fd5630之后。 PUT https://{Endpoint}/v3/{project_id}/vpc/firewalls/e9a7731d-5bd9-4250-a524-b9a076fd5629/insert-rules { "firewall" : { "egress_rules" : [ { "name" : "network_acl_rule ipv4 test", "description" : "network_acl_rule ipv4 test", "action" : "allow", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "name" : "network_acl_rule ipv6 test", "description" : "network_acl_rule ipv6 test", "action" : "allow", "protocol" : "tcp", "ip_version" : "6", "source_ip_address" : "2002:50::44", "destination_ip_address" : "2002:51::44", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null }], "insert_after_rule" : "a3a7731d-5bd9-4250-a524-b9a076fd5630" } }

响应示例 状态码： 200 OK { "firewall" : { "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_test1", "description" : "network_acl_test1", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "created_at" : "2022-04-07T07:30:46Z", "updated_at" : "2022-04-07T07:30:46Z", "admin_state_up" : true, "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9", "status" : "ACTIVE", "tags" : [ ], "ingress_rules" : [{ "id" : "a2a7731d-5bd9-4250-a524-b9a076fd5630", "name" : "network_acl_rule", "description" : "network_acl_rule", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.13.0/24", "destination_ip_address" : "192.168.16.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "id" : "4afc959f-5380-dd94-8082-5701f6bc3f1c", "name" : "network_acl_rule ipv4 test", "description" : "network_acl_rule ipv4 test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "id" : "b49dcd4c-508e-4b99-9093-2680616f2a7e", "name" : "network_acl_rule ipv6 test", "description" : "network_acl_rule ipv6 test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "6", "source_ip_address" : "2002:50::44", "destination_ip_address" : "2002:51::44", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null }], "egress_rules" : [{ "id" : "a3a7731d-5bd9-4250-a524-b9a076fd5630", "name" : "network_acl_rule", "description" : "network_acl_rule", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.13.0/24", "destination_ip_address" : "192.168.16.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null },{ "id" : "f9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_rule ipv4 test", "description" : "network_acl_rule ipv4 test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null }, { "id" : "bbbc1cd1-b8e1-45d3-b3bc-7bc360f8860d", "name" : "network_acl_rule ipv6 test", "description" : "network_acl_rule ipv6 test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "6", "source_ip_address" : "2002:50::44", "destination_ip_address" : "2002:51::44", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null }], "associations" : [ { "virsubnet_id" : "8359e5b0-353f-4ef3-a071-98e67a34a143" } ] } }

请求示例 在id为e9a7731d-5bd9-4250-a524-b9a076fd5629的网络ACL中更新入方向规则e9a7731d-5bd9-4250-a524-b9a076fd5629 PUT https://{Endpoint}/v3/{project_id}/vpc/firewalls/e9a7731d-5bd9-4250-a524-b9a076fd5629/update-rules { "firewall" : { "ingress_rules" : [ { "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_rule test2", "description" : "network_acl_rule test2", "action" : "allow", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null } ] } }

响应示例 状态码： 200 OK { "firewall" : { "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_test1", "description" : "network_acl_test1", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "created_at" : "2022-04-07T07:30:46Z", "updated_at" : "2022-04-07T07:30:46Z", "admin_state_up" : true, "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9", "status" : "ACTIVE", "tags" : [ ], "ingress_rules" : [ { "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_rule test2", "description" : "network_acl_rule test2", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null } ], "egress_rules" : [ { "id" : "f9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_rule test", "description" : "network_acl_rule test", "action" : "allow", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "protocol" : "tcp", "ip_version" : "4", "source_ip_address" : "192.168.3.0/24", "destination_ip_address" : "192.168.6.0/24", "source_port" : "30-40,60-90", "destination_port" : "40-60,70-90", "source_address_group_id" : null, "destination_address_group_id" : null } ], "associations" : [ { "virsubnet_id" : "8359e5b0-353f-4ef3-a071-98e67a34a143" } ] } }

响应参数 表3 响应参数 参数名称 类型 说明 security_group_rule security_group_rule object security group rule对象。请参见表4。 表4 Security Group Rule对象 属性 类型 说明 id String 安全组规则id 使用说明：查询安全组规则非必选 description String 安全组规则描述 security_group_id String 所属安全组id remote_group_id String 所属安全组的对端id direction String 规则方向 remote_ip_prefix String 对端ip网段 protocol String 协议类型或直接指定IP协议号 port_range_max Integer 最大端口，当协议类型为ICMP时，该值表示ICMP的code port_range_min Integer 最小端口，当协议类型为ICMP时，该值表示ICMP的type。 protocol为tcp和udp时，port_range_max和port_range_min必须同时输入，且port_range_max应大于等于port_range_min。 protocol为icmp时，指定ICMP code（port_range_max）时，必须同时指定ICMP type（port_range_min）。 ethertype String 网络类型 支持IPv4，IPv6 tenant_id String 项目ID remote_address_group_id String 功能说明：远端IP地址组ID 约束：和remote_ip_prefix，remote_group_id互斥 project_id String 项目ID，请参见获取项目ID。 created_at String 资源创建时间，UTC时间 格式：yyyy-MM-ddTHH:mm:ss updated_at String 资源更新时间，UTC时间 格式：yyyy-MM-ddTHH:mm:ss

响应示例 { "security_group_rule": { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": "10.10.0.0/24", "protocol": "tcp", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "port_range_max": null, "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", "port_range_min": null, "ethertype": "IPv4", "description": null, "id": "7c336b04-1603-4911-a6f4-f2af1d9a0488", "project_id": "6fbe9263116a4b68818cf1edce16bc4f", "created_at": "2018-09-20T02:15:34", "updated_at": "2018-09-20T02:15:34", "remote_address_group_id": null } }

请求示例 创建出方向安全组规则，所在安全组id为5cb9c1ee-00e0-4d0f-9623-55463cd26ff8，协议为tcp，对端ip为10.10.0.0/24。 POST https://{Endpoint}/v2.0/security-group-rules { "security_group_rule": { "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", "direction": "egress", "protocol": "tcp", "remote_ip_prefix": "10.10.0.0/24" } }

请求参数 表1 请求参数 参数名称 类型 必选 说明 security_group_rule security_group_rule object 是 security group rule对象。请参见表2。 表2 Security Group Rule对象 属性 是否必选 类型 说明 description 否 String 安全组规则描述 security_group_id 是 String 所属安全组id remote_group_id 否 String 所属安全组的对端id 使用说明：和remote_ip_prefix，remote_address_group_id参数互斥 direction 是 String 规则方向 取值范围：ingress（入方向）/egress（出方向） remote_ip_prefix 否 String 对端ip网段 使用说明：和remote_group_id，remote_address_group_id参数互斥 protocol 否 String 协议类型或直接指定IP协议号 取值范围：tcp/udp/icmp或IP协议号 port_range_max 否 Integer 最大端口，当协议类型为ICMP时，该值表示ICMP的code 取值范围：1-65535（当表示code时为0-255） port_range_min 否 Integer 最小端口，当协议类型为ICMP时，该值表示ICMP的type。 protocol为tcp和udp时，port_range_max和port_range_min必须同时输入，且port_range_max应大于等于port_range_min。 protocol为icmp时，指定ICMP code（port_range_max）时，必须同时指定ICMP type（port_range_min）。 取值范围：1-65535（当表示code时为0-255） ethertype 否 String 网络类型 取值范围：IPv4/IPv6 remote_address_group_id 否 String 功能说明：远端IP地址组ID。您可以登录管理控制台，在IP地址组页面查看该ID。 约束：和remote_ip_prefix，remote_group_id互斥

URI GET /v3/{project_id}/vpc/vpcs 表1 参数说明 名称 是否必选 参数类型 说明 project_id 是 String 项目ID。 获取方法请参见获取项目ID。 表2 Query参数 参数 是否必选 参数类型 描述 limit 否 Integer 功能说明：每页返回的个数 取值范围：0-2000 marker 否 String 分页查询起始的资源ID，为空时查询第一页 id 否 Array of strings VPC资源ID。可以使用该字段过滤VPC name 否 Array of strings VPC的name信息，可以使用该字段过滤VPC description 否 Array of strings VPC的描述信息。可以使用该字段过滤VPC cidr 否 Array of strings VPC的CIDR。可以使用该字段过滤VPC

请求示例 查询VPC列表 "GET https://{Endpoint}/v3/{project_id}/vpc/vpcs" 使用ID过滤查询VPC列表 "GET https://{Endpoint}/v3/{project_id}/vpc/vpcs?id=01ab4be1-4447-45fb-94be-3ee787ed4ebe&id=02cd5ef2-4447-36fb-75be-3ee787ed6adf" 使用name过滤查询VPC列表 "GET https://{Endpoint}/v3/{project_id}/vpc/vpcs?name=vpc-test" 分页查询VPC列表 "GET https://{Endpoint}/v3/{project_id}/vpc/vpcs?limit=2&marker=01ab4be1-4447-45fb-94be-3ee787ed4ebe"

响应示例 { "request_id": "9c1838ba498249547be43dd618b58d27", "vpcs": [ { "id": "01da5a65-0bb9-4638-8ab7-74c64e24a9a7", "name": "API-PERF-TEST-14bd44c121", "description": "", "cidr": "192.168.0.0/16", "extend_cidrs": [ ], "status": "ACTIVE", "project_id": "087679f0aa80d32a2f4ec0172f5e902b", "enterprise_project_id": "0", "tags": [ ], "created_at": "2020-06-16T02:32:18Z", "updated_at": "2020-06-16T02:32:18Z", "cloud_resources": [ { "resource_type": "routetable", "resource_count": 1 }, { "resource_type": "virsubnet", "resource_count": 0 } ] }, { "id": "43fd79b0-f7d7-4e9b-828b-2d4d7bfae428", "name": "API-PERF-TEST_m2n33", "description": "", "cidr": "192.168.0.0/16", "extend_cidrs": [ ], "status": "ACTIVE", "project_id": "087679f0aa80d32a2f4ec0172f5e902b", "enterprise_project_id": "0", "tags": [ ], "created_at": "2020-06-15T06:29:40Z", "updated_at": "2020-06-15T06:29:41Z", "cloud_resources": [ { "resource_type": "routetable", "resource_count": 1 }, { "resource_type": "virsubnet", "resource_count": 1 } ] }, { "id": "5ed053ba-b46c-4dce-a1ae-e9d8a7015f21", "name": "API-PERF-TEST-c34b1c4b12", "description": "", "cidr": "192.168.0.0/16", "extend_cidrs": [ ], "status": "ACTIVE", "project_id": "087679f0aa80d32a2f4ec0172f5e902b", "enterprise_project_id": "0", "tags": [ ], "created_at": "2020-06-16T02:32:33Z", "updated_at": "2020-06-16T02:32:33Z", "cloud_resources": [ { "resource_type": "routetable", "resource_count": 1 }, { "resource_type": "virsubnet", "resource_count": 0 } ] } ], "page_info": { "previous_marker": "01da5a65-0bb9-4638-8ab7-74c64e24a9a7", "current_count": 3 } }

URI GET /v3/{project_id}/vpc/firewalls 表1 路径参数 参数 是否必选 参数类型 描述 project_id 是 String 项目ID 表2 Query参数 参数 是否必选 参数类型 描述 admin_state_up 否 Boolean ACL是否启用 enterprise_project_id 否 Array 功能说明：企业项目ID。可以使用该字段过滤某个企业项目下的ACL。 取值范围：最大长度36字节，带“-”连字符的UUID格式，或者是字符串“0”。“0”表示默认企业项目。若需要查询当前用户所有企业项目绑定的ACL，请传参all_granted_eps。 id 否 Array ACL唯一标识，填写后接口按照id进行过滤，支持多id同时过滤 limit 否 Integer 功能说明：每页返回的个数 取值范围：0~2000 marker 否 String 分页查询起始的资源ID，为空时查询第一页 name 否 Array ACL名称，填写后按照名称进行过滤，支持多名称同时过滤 status 否 String ACL的状态 枚举值： ACTIVE INACTIVE

响应示例 状态码： 200 OK { "firewalls" : [ { "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629", "name" : "network_acl_test1", "description" : "network_acl_test1", "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12", "created_at" : "2022-04-07T07:30:46Z", "updated_at" : "2022-04-07T07:30:46Z", "admin_state_up" : true, "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9", "status" : "ACTIVE", "tags" : [ ], "associations" : [ { "virsubnet_id" : "8359e5b0-353f-4ef3-a071-98e67a34a143" } ] } ] }

响应示例 状态码为 201 时: Created { "sub_network_interface" : { "id" : "2be868f2-f7c9-48db-abc0-eea0b9105b0d", "project_id" : "8c6fb137a48a428aaf9a0229dca4edb3", "virsubnet_id" : "08278e6c-61ca-46c1-9fc3-0d4f6c12f193", "private_ip_address" : "10.0.0.225", "ipv6_ip_address" : null, "mac_address" : "fa:16:3e:48:f8:6f", "parent_device_id" : "1ab01f1d-4ef7-4d83-82be-802b3aca0223", "security_groups" : [ "6727c950-9f01-47a2-a7aa-7d3686c4c95b" ], "vpc_id" : "63b97e6b-3598-430f-9eb8-1caf06937be8", "description" : null, "parent_id" : "637748df-2986-4350-8303-95d259580fb3", "vlan_id" : 2787, "tags" : [ ], "created_at" : "2020-05-19T01:16:25Z" }, "request_id" : "ceb6273e-1ec9-4168-ac11-3dfeaacfc889" }