Configure Routes
How to add and manage CIDR-based routing rules for services
How to Configure Routes
This guide shows you how to add, update, and manage routing rules for Arctic services. Routes determine which traffic flows through a service based on source and destination CIDR blocks.
Before You Start
Ensure you have:
- An existing service (see Create a Service)
- The service ID
- Knowledge of the networks you want to route
Add a Route
Basic Route
Add a route matching specific source and destination networks:
arctic routes add --service SERVICE_ID \
--source-cidr 10.0.0.0/8 \
--dest-cidr 192.168.100.0/24 \
--priority 100Destination-Only Route
Route all traffic to a specific destination regardless of source:
arctic routes add --service SERVICE_ID \
--dest-cidr 192.168.100.0/24 \
--priority 100Source-Only Route
Route all traffic from a specific source regardless of destination:
arctic routes add --service SERVICE_ID \
--source-cidr 10.0.0.0/8 \
--priority 100Understanding Priority
Routes are evaluated by specificity and priority:
- Most specific match wins: A route with
/24CIDR is more specific than/16 - Higher priority wins: When specificity is equal, higher priority value wins
Example ordering (most preferred first):
| Priority | Source CIDR | Dest CIDR | Reason |
|---|---|---|---|
| 200 | 10.1.0.0/16 | 192.168.100.0/24 | Most specific source |
| 100 | 10.0.0.0/8 | 192.168.100.0/24 | Less specific source |
| 100 | 10.0.0.0/8 | 192.168.0.0/16 | Less specific dest |
List Routes
View all routes for a service:
arctic routes list --service SERVICE_IDUpdate a Route
Modify an existing route's priority or CIDR:
arctic routes update --service SERVICE_ID --route ROUTE_ID \
--priority 200You can also update the CIDRs:
arctic routes update --service SERVICE_ID --route ROUTE_ID \
--source-cidr 10.1.0.0/16 \
--dest-cidr 192.168.200.0/24Delete a Route
Remove a route from a service:
arctic routes delete --service SERVICE_ID --route ROUTE_ID
# Use --yes to skip confirmation:
arctic routes delete --service SERVICE_ID --route ROUTE_ID --yesCommon Routing Patterns
Route All Traffic to a Service
Route everything from one network to another:
arctic routes add --service SERVICE_ID \
--source-cidr 10.0.0.0/8 \
--dest-cidr 0.0.0.0/0 \
--priority 100Multiple Routes for Different Subnets
Add routes for different destination subnets:
# Route to subnet A
arctic routes add --service SERVICE_ID \
--dest-cidr 192.168.100.0/24 \
--priority 100
# Route to subnet B
arctic routes add --service SERVICE_ID \
--dest-cidr 192.168.200.0/24 \
--priority 100Override with Higher Priority
Add a more specific route that overrides a general one:
# General route (lower priority)
arctic routes add --service SERVICE_ID \
--source-cidr 10.0.0.0/8 \
--dest-cidr 192.168.0.0/16 \
--priority 100
# Specific override (higher priority)
arctic routes add --service SERVICE_ID \
--source-cidr 10.1.0.0/16 \
--dest-cidr 192.168.100.0/24 \
--priority 200Troubleshooting
Routes Not Taking Effect
If traffic is not being routed as expected:
- Trigger a config sync:
arctic cluster sync - Verify NFTables rules:
nft list ruleset | grep arctic - Check the generated config:
cat /opt/tillered/pegasus/config.json
Invalid CIDR Notation
Ensure CIDRs are valid:
- Use slash notation:
10.0.0.0/8not10.0.0.0 - Network address must match the mask:
10.0.0.0/8not10.1.2.3/8
Route Not Found
If a route ID is not found:
- List routes to verify:
arctic routes list --service SERVICE_ID - Ensure you are using the correct service ID