Draft: feat(network): add doc for new routing behavior #4927

RoRoJ · 2025-05-07T09:29:09Z

Modify doc for updated routing behavior, impacting VPC and PGW.

pages/public-gateways/faq.mdx

jcirinosclwy · 2025-05-30T12:00:24Z

pages/vpc/concepts.mdx


-Each routed VPC has a [route table](#route-table) which is automatically populated with routes to each Private Network in the VPC, as well as to any attached Public Gateways. These routes allow the VPC to automatically route packets between its Private Networks, or from a given Private Network to its attached Public Gateway when the destination is outside the VPC. You can also create your own [custom routes](/vpc/how-to/manage-routing/#how-to-create-a-custom-route).
+<Message type="note">
+If you have [updated](/vpc/how-to/manage-routing/#how-to-update-routing-behavior) routing behavior on your VPC, or created a VPC since TODODATE, routing takes on the following characteristics:


Just so you don't forget to update the THEDODATE here

jcirinosclwy · 2025-05-30T12:01:14Z

pages/vpc/how-to/manage-routing.mdx


-Two types of auto-generated routes exist:
+If you created your VPC before TODODATE, you must manually update its routing behavior in order to get the following capabilities:


Same her, with the TODODATE

pages/vpc/how-to/manage-routing.mdx

jcirinosclwy · 2025-05-30T12:10:36Z

pages/vpc/how-to/manage-routing.mdx

@@ -87,7 +162,9 @@ Each VPC has auto-generated, managed routes to local subnets and Public Gateways
 For example, you may wish to route all traffic for a certain private IP range to an Instance hosting a manually configured VPN tunnel, allowing secure connection to a corresponding subnet at the other end of the tunnel.

    <Message type="note">
-    Custom routes are scoped to the Private Network(s) of the "next hop" resource. Their routes are not propagated to other Private Networks in the VPC. In the scenario mentioned above of routing traffic towards a VPN tunnel, the origin of the packet must be in the same Private Network as the resource hosting the VPN.
+    The scope of custom routes depends on whether your VPC is using up-to-date routing behavior:
+    - If you created your VPC after TODODATE, or have [manually updated its routing behavior](#how-to-update-routing-behavior), custom routes are advertised across the entire VPC.


TODODATE to update too

jcirinosclwy · 2025-05-30T12:12:48Z

pages/vpc/reference-content/understanding-routing.mdx

@@ -77,6 +73,89 @@ We recommend that you build your VPC infrastructure with **separation of concern

 For example, you may use one Private Network for frontend resources and another for backend resources, limiting public access only via Load Balancers and/or Public Gateways.

+## Updating routing behavior
+
+From TODO DATE, new routing behavior is available for VPCs.


TODODATE to maj

jcirinosclwy · 2025-05-30T12:13:38Z

pages/vpc/reference-content/understanding-routing.mdx

+
+### Example use of NACLs to mitigate impact
+
+The example below shows how to achieve desired routing behavior for a custom route which is now advertised across the whole VPC.


Suggested change

The example below shows how to achieve desired routing behavior for a custom route which is now advertised across the whole VPC.

The example below shows how to achieve the desired routing behavior for a custom route which is now advertised across the whole VPC.

jcirinosclwy · 2025-05-30T12:14:02Z

pages/vpc/reference-content/understanding-routing.mdx

+
+Your Private Networks will continue to receive only their local default route announcements, **unless** you enable `Receive all default route announcements` in each Private Network's settings. Therefore, there is no risk of the scope of default route announcements automatically changing without your specific intervention, even after updating to new routing behavior.
+
+Your existing setup may be impacted by the new behavior if you want your custom routes to be scoped only to the next-hop resource's Private Network. In this case we recommend that you use [Network ACL rules](/vpc/reference-content/understanding-acls) via the VPC API to limit access to the custom route.


Suggested change

Your existing setup may be impacted by the new behavior if you want your custom routes to be scoped only to the next-hop resource's Private Network. In this case we recommend that you use [Network ACL rules](/vpc/reference-content/understanding-acls) via the VPC API to limit access to the custom route.

Your existing setup may be impacted by the new behavior if you want your custom routes to be scoped only to the next-hop resource's Private Network. In this case, we recommend that you use [Network ACL rules](/vpc/reference-content/understanding-acls) via the VPC API to limit access to the custom route.

pages/vpc/reference-content/understanding-routing.mdx

jcirinosclwy · 2025-05-30T12:15:33Z

pages/vpc/reference-content/understanding-routing.mdx

+
+From TODO DATE, new routing behavior is available for VPCs.
+
+- This routing behavior will be applied automatically to VPCs created after TODO DATE, or to pre-existing VPCs that only activate routing after this date. 


TODODATE to maj

Co-authored-by: Jessica <[email protected]>

RoRoJ added 5 commits April 29, 2025 15:24

feat(vpc): start new routing concepts

ad2ee84

feat(vpc): new routing behavior

8a76a51

fix(vpc): continue routing modifs

0dbebdd

fix(vpc,pgw): update routing doc

9ed663a

fix(nw): finish routing updates

c32ebb2

RoRoJ added do not merge PR that shouldn't be merged before a specific date (eg release) status: draft Work in progress - do not merge or review labels May 7, 2025

RoRoJ added 4 commits May 7, 2025 11:35

fix(pgw): default route

0199cbe

fix(vpc): routing

82fe666

fix(vpc): clarification

fef2b76

fix(vpc): multiple default routes

99a61f6