Skip to main content
By default, Nebius AI Cloud routes egress traffic from your resources according to the default routing rules. You can configure routing by creating and managing routing tables (route tables) and routes. For more details on how routing works, see Routing in Nebius AI Cloud.

Prerequisites

  1. Install and configure the Nebius AI Cloud CLI.
  2. Make sure you are in a group that has at least the editor role within your tenant; for example, the default editors group. You can check this in the Administration → IAM section of the web console.
  3. Get the ID of the network where you want to manage routing tables and routes.

Creating routing tables

To create a routing table, run the following command: 
nebius vpc route-table create \
  --name <name> \
  --network-id <network_ID>
The command contains the following parameters: Routing tables are created empty. After creating a routing table, add routes to it and then assign it to subnets.

Adding routes to routing tables

Routes to allocations

To route traffic to an allocation, specify the allocation ID in --next-hop-allocation-id: 
nebius vpc route create \
  --name <route_name> \
  --parent-id <routing_table_ID> \
  --destination-cidr <destination_CIDR_block> \
  --next-hop-allocation-id <allocation_ID>
To get the routing table ID and the allocation ID, run nebius vpc route-table list and nebius vpc allocation list. The outputs of these commands contain the IDs in the .metadata.id fields.

Routes to the internet

To route traffic to the internet through the default egress gateway, use the CIDR block 0.0.0.0/0 and add --next-hop-default-egress-gateway true to the command: 
nebius vpc route create \
  --name "default-egress" \
  --parent-id <routing_table_ID> \
  --destination-cidr "0.0.0.0/0" \
  --next-hop-default-egress-gateway true
To get the routing table ID, run nebius vpc route-table list. The output of this command contains the ID in the .metadata.id field.

Deleting routes

To delete a route from a routing table, run the following command: 
nebius vpc route delete <route_ID>
To get the route ID, run nebius vpc route list --parent-id <routing_table_ID>. If you delete all routes in a routing table, resources in subnets that have this routing table assigned can only communicate with other resources within their network. All traffic to private IP addresses outside the network and to public IP addresses is discarded.

Assigning routing tables to subnets

You can only assign a routing table to subnets within the network that the routing table is associated with. After you assign a routing table to a subnet, egress traffic from all resources in the subnet is routed according to the routing table. To assign a routing table to a subnet, run the following command: 
nebius vpc subnet update <subnet_ID> \
  --route-table-id <routing_table_ID>
To get the subnet ID and the routing table ID, run nebius vpc subnet list and nebius vpc route-table list, respectively.

Reverting subnets to the parent network’s default routing table

If you no longer want to apply custom routing to a subnet, you can de-assign its custom routing table. After this, the subnet uses its parent network’s default routing table. To revert a subnet to its parent network’s default routing table, run the following command: 
nebius vpc subnet update <subnet_ID> \
  --route-table-id ""
To get the subnet ID, run nebius vpc subnet list.

Resetting default routing tables of networks

Reverting to the default routing table means that the default routing rules apply to the subnet again, unless you have modified the default routing table. If you modified it, you can make the default routing table implement the default routing rules again. To do this, bring it to the state described in Default routing tables:
  1. Get the ID of the default routing table: 
    nebius vpc network list
    The output contains the ID in the .status.default_route_table_id field.
  2. List the table’s routes: 
    nebius vpc route list --parent-id <default_routing_table_ID>
  3. If the table does not contain a route to the internet through the default egress gateway for all egress traffic (CIDR block 0.0.0.0/0) as described in Default routing tables, add it: 
    nebius vpc route create \
  --name <route_name> \
  --parent-id <routing_table_ID> \
  --destination-cidr "0.0.0.0/0" \
  --next-hop-default-egress-gateway true
  4. Delete all other routes.

Deleting routing tables

You can only delete custom routing tables that are not assigned to any subnet. Before deleting a routing table, assign other routing tables to this table’s subnets or revert these subnets to defaults.
To delete a routing table, run the following command: 
nebius vpc route-table delete <routing_table_ID>
To get the routing table ID, run nebius vpc route-table list.