feat(vpc): custom routing doc (#3436)

* feat(vpc): add custom routes doc

* feat(vpc): finish custom routing doc

* fix(vpc): update faqé

* Apply suggestions from code review

Co-authored-by: ldecarvalho-doc <[email protected]>

* Apply suggestions from code review

Co-authored-by: Jessica <[email protected]>

* Apply suggestions from code review

Co-authored-by: Jessica <[email protected]>

* fix(vpc): update routing doc

* Update network/vpc/concepts.mdx

* fix(vpc): remove custom route coming soon

---------

Co-authored-by: ldecarvalho-doc <[email protected]>
Co-authored-by: Jessica <[email protected]>

Author: 3 people

faq/vpc.mdx

@@ -16,7 +16,7 @@ One default VPC (**V**irtual **P**rivate **C**loud) for every available region i
 
 Within each VPC, you can create multiple **Private Networks** and attach Scaleway resources to them, as long as the resources are in an AZ within the network's region. Attached resources can then communicate between themselves in an isolated and secure layer 2 network, away from the public internet.
 
-In the future, VPC will allow you to define specific routing rules for your Private Networks, interconnect your VPC with other networks, define access control lists and more.
+In the future, VPC will allow you to interconnect your VPC with other networks, define access control lists and more.
 
 ## Can I route traffic between different Private Networks on the same VPC?
 

network/vpc/concepts.mdx

@@ -92,13 +92,18 @@ While DHCP is built into all new Private Networks, it may not be automatically a
 
 A [route table](/network/vpc/reference-content/understanding-routing/#route-table) is used to manage and control the routing of traffic within a VPC. The routes within a route table tell the VPC where to send traffic trying to get to a specific destination IP address. One line in the route table corresponds to one route.
 
-Routes can either be of type `local subnet route` for routes to Private Networks, or `default route to internet` for routes to Public Gateways. When deciding which route to apply, the route table reads the routes from most specific to least specific, in terms of destination IP range. The first matching route encountered is the one that determines the path for the traffic. Therefore, a route to destination `172.16.8.0/22` is applied before a default route to `0.0.0.0/0`.
+Routes can be of the following types:
+- Auto-generated, fully managed `Local subnet routes` for routes to Private Networks.
+- Auto-generated, fully managed `Default route to internet` for routes to Public Gateways.
+- Custom routes created by the user.
+
+When deciding which route to apply, the route table reads the routes from most specific to least specific, in terms of destination IP range. The first matching route encountered is the one that determines the path for the traffic. Therefore, a route to destination `172.16.8.0/22` is applied before a default route to `0.0.0.0/0`.
 
 ## Routing
 
-Routing allows Private Networks in the same VPC to communicate with each other, via automatically-created and managed routes. Routing is activated by default whenever you create a new VPC, and can be activated on pre-existing VPCs by [following these steps](/network/vpc/how-to/manage-routing/#how-to-activate-routing-on-an-existing-vpc).
+Routing allows Private Networks in the same VPC to communicate with each other, via managed and custom routes. Routing is activated by default whenever you create a new VPC, and can be activated on pre-existing VPCs by [following these steps](/network/vpc/how-to/manage-routing/#how-to-activate-routing-on-an-existing-vpc).
 
-Each routed VPC has a [route table](#route-table) which is automatically populated with routes to each Private Network in the VPC, as well as to any attached Public Gateways. These routes allow the VPC to automatically route packets between its Private Networks, or from a given Private Network to its attached Public Gateway when the destination is outside the VPC. 
+Each routed VPC has a [route table](#route-table) which is automatically populated with routes to each Private Network in the VPC, as well as to any attached Public Gateways. These routes allow the VPC to automatically route packets between its Private Networks, or from a given Private Network to its attached Public Gateway when the destination is outside the VPC. You can also create your own [custom routes](/network/vpc/how-to/manage-routing/#how-to-create-a-custom-route).
 
 Read more about how routing works in [our detailed guide](/network/vpc/reference-content/understanding-routing/).
 

network/vpc/how-to/assets/scaleway-create-custom-route.webp

@@ -13,27 +13,19 @@ categories:
   - network
 ---
 
-Routing is used to manage and control the flow of traffic within a VPC. It tells the VPC where to send traffic trying to get to a specific destination IP address. Notably, it allows traffic to be automatically routed between resources attached to different Private Networks within the VPC, using their [private IP addresses](/network/vpc/how-to/attach-resources-to-pn/#how-to-view-the-resource's-ip-address).
-
-Currently, only auto-created routes are available, which are fully managed by Scaleway. Two types of managed route exist:
-- **Local subnet route**: Generated when you create a Private Network in a VPC. Allows traffic to be routed between different Private Networks in the VPC.
-- **Default route to internet**: Generated when you attach a Public Gateway to a Private Network in the VPC, and set it to advertise a [default route](/network/public-gateways/concepts/#default-route). Allows traffic to be routed to addresses outside the VPC (i.e. the public internet) via the gateway. 
-
-<Message type="note">
-Public Gateways remain scoped to the Private Network(s) to which they are attached. They do not advertise the default route on other Private Networks in the VPC. For example, an Instance attached to Private Network A will not be able to access the internet via a Public Gateway in Private Network B.
-</Message>
+Routing is used to manage and control the flow of traffic within a VPC. It tells the VPC where to send traffic trying to get to a specific destination IP address. Notably, it allows traffic to be automatically routed between resources attached to different Private Networks within the VPC, using their [private IP addresses](/network/vpc/how-to/attach-resources-to-pn/#how-to-view-the-resource's-ip-address). You can also create your own custom routes.
 
 Read more about the VPC routing feature, including detailed explanations, usage considerations, limitations and best practices in our [dedicated reference content](/network/vpc/reference-content/understanding-routing/).
 
 <Macro id="requirements" />
 
   - A Scaleway account logged into the [console](https://console.scaleway.com)
 
-## How to activate routing on a new VPC
+## How to activate routing
 
-Routing is now activated as standard whenever you [create a new VPC](/network/vpc/how-to/create-vpc/#how-to-create-a-vpc).
+Routing is activated as standard whenever you [create a new VPC](/network/vpc/how-to/create-vpc/#how-to-create-a-vpc).
 
-## How to activate routing on an existing VPC
+To activate routing on a pre-existing VPC, follow these steps:
 
 1. Click **VPC** in the **Network** section of the side menu. The list of your VPCs displays.
 
@@ -47,6 +39,19 @@ Routing is now activated as standard whenever you [create a new VPC](/network/vp
 
     Routing is activated on the VPC.
 
+## How to generate a managed route
+
+Two types of auto-generated routes exist:
+
+- **Local subnet route**: Generated when you create a Private Network in a VPC. Allows traffic to be routed between different Private Networks in the VPC.
+- **Default route to internet**: Generated when you attach a Public Gateway to a Private Network in the VPC, and set it to advertise a [default route](/network/public-gateways/concepts/#default-route). Allows traffic to be routed to addresses outside the VPC (i.e. the public internet) via the gateway. 
+
+<Message type="note">
+Public Gateways remain scoped to the Private Network(s) to which they are attached. They do not advertise the default route on other Private Networks in the VPC. For example, an Instance attached to Private Network A will not be able to access the internet via a Public Gateway in Private Network B.
+</Message>
+
+You cannot edit or delete managed routes, as their lifecycle is fully managed by Scaleway. The route will be automatically deleted for you when you delete the Private Network or Public Gateway that it concerns.
+
 ## How to access and read the route table
 
 Your VPC's **route table** can be found in its **Routing** tab. The route table shows all the existing routes for the VPC.
@@ -57,19 +62,105 @@ Your VPC's **route table** can be found in its **Routing** tab. The route table
 
 3. Click the **Routing** tab.
 
-    If you have not yet created any Private Networks in the VPC, the route table will be empty. Routes are automatically generated and added to the route table when you either:
-    
+    Routes are automatically generated and added to the route table when you:
+
     - Create a Private Network in the VPC (this generates a **local subnet route**, which allows the VPC to automatically route traffic between Private Networks), or 
     - Attach a Public Gateway to a Private Network and set it to advertise a default route. This generates a **default route to the internet**.
+    - Create a custom route
 
     When your route table starts to populate, it will look something like this:
 
     <Lightbox src="scaleway-route-table.webp" alt="" />
 
-    For help with understanding the route table and how to read it, [refer to our documentation about route tables](/network/vpc/reference-content/understanding-routing/#route-table). Note that it is not currently possible to create your own custom routes, but this feature will be coming soon.
-
-    As all routes are currently managed by Scaleway, you do not need to take any action with your route table. If and when you delete Private Networks from the VPC, or delete a Public Gateway advertising the default route, these routes will be automatically deleted from your route table.
+    For help with understanding the route table and how to read it, [refer to our documentation about route tables](/network/vpc/reference-content/understanding-routing/#route-table).
 
 ### How to view VPC routes in IPV6 
 
-Scaleway VPC routing supports both IPv4 and IPv6 protocols. Managed routes to Private Networks are simultaneously generated for both IPV4 and IPV6, and both are added to the route table. Use the toggle above the route table to switch from the default view of **IPV4** routes, to a view of **IPV6** routes.
+Scaleway VPC routing supports both IPv4 and IPv6 protocols. Managed routes to Private Networks are simultaneously generated for both IPV4 and IPV6, and both are added to the route table. Use the toggle above the route table to switch from the default view of **IPV4** routes to a view of **IPV6** routes.
+
+Note that auto-generated managed routes to Public Gateways are only created in IPv4, since Public Gateways are not yet IPv6-compatible. Custom routes are only created for the IP type specified during the creation process.
+
+## How to create a custom route
+
+Each VPC has auto-generated, managed routes to local subnets and Public Gateways, but you can also create your own custom routes.
+
+For example, you may wish to route all traffic for a certain private IP range to an Instance hosting a manually configured VPN tunnel, allowing secure connection to a corresponding subnet at the other end of the tunnel.
+
+Follow the steps below to define a custom route:
+
+1. Click **VPC** in the **Network** section of the side menu. The list of your VPCs displays.
+
+2. Click a VPC on which you have activated routing.
+
+3. Click the **Routing** tab.
+
+4. Click **Create route**. The custom route creation wizard displays.
+
+    <Lightbox src="scaleway-create-custom-route.webp" alt="The Scaleway console Custom Route wizard displays, with the sections detailed in the text below."/>
+
+5. Enter a **description** for your route, e.g. "Route to hosted VPN".
+
+6. Optionally, enter one or more **tags** for your route. Tags help you filter and organize your list of routes.
+
+7. Enter a **destination** for the route. The VPC will apply the route to all traffic with a matching destination IP. You must enter an IPv4 or IPv6 CIDR range with a subnet mask, e.g. `192.168.1.0/24`. For a single IP address, use the `/32` mask for IPv4.
+
+8. Enter a **next hop** for the route. The VPC will route traffic for the destination IP to the resource designated as next hop.
+    - Select the Private Network which the next hop resource is attached to.
+    - Select a resource type: **Instance**, **Public Gateway** or **Elastic Metal**. Routing is not yet compatible with Managed Databases, nor with other types of Scaleway resources which are not integrated with VPC. 
+    - Select the **name** of the specific resource you want to route traffic to. The resource must be attached to a Private Network in this VPC.
+
+    <Message type="note">
+    If you entered an IPv6 destination, resources not compatible with IPv6, e.g. Public Gateways, will not be available for selection as next hop.
+    </Message>
+
+9. Click **Create route** to finish.
+
+    The custom route is created and you are returned to the list of your VPC's routes, where the newly-created route now displays.
+
+### How to fix a broken custom route
+
+If you delete a resource used as a next hop in a custom route, or detach it from the Private Network, the custom route will cease to function. A **Not found!** warning will display in the **Next hop** column for this route in the route table. 
+
+    <Lightbox src="scaleway-route-not-found.webp" alt="A VPC route table displays in the Scaleway console, with a red 'Not found!' text in the next hop column of a custom route" />
+
+To resolve this, you must either:
+
+- [Reattach the next hop resource to the Private Network](/network/vpc/how-to/attach-resources-to-pn/#how-to-attach-a-resource-to-a-private-network) **and** then [edit the route](#how-to-edit-a-custom-route) to reselect the next hop resource, or
+- [Edit the route](#how-to-edit-a-custom-route) to select a new next hop, or
+- [Delete the route](#how-to-delete-a-custom-route) 
+
+## How to edit a custom route
+
+Only custom routes that you created yourself can be edited. It is not possible to edit auto-generated managed routes to Private Networks or Public Gateways.
+
+1. Click **VPC** in the **Network** section of the side menu. The list of your VPCs displays.
+
+2. Click a VPC on which you have activated routing.
+
+3. Click the **Routing** tab.
+
+4. Click the edit <Icon name="edit" /> icon next to the custom route you want to edit.
+
+5. Modify the details of the custom route as necessary. You can edit the name, tags, destination IP address range, and next hop.
+
+6. Click **Edit custom route** to finish.
+
+    The custom route is updated, and you are returned to the list of your VPC's routes.
+
+## How to delete a custom route
+
+Auto-generated managed routes to Private Networks or Public Gateways will be automatically deleted when you delete the Private Network or Public Gateway. However, custom routes that you create yourself are never automatically deleted, even when you delete a resource used as next hop. You must manually delete custom routes yourself when you no longer want them.
+
+It is not possible to manually delete an auto-generated, managed route. Only custom routes can be deleted following the steps below.
+
+1. Click **VPC** in the **Network** section of the side menu. The list of your VPCs displays.
+
+2. Click a VPC on which you have activated routing.
+
+3. Click the **Routing** tab.
+
+4. Click the delete <Icon name="delete" /> icon next to the custom route you want to delete. A pop-up displays asking you to confirm.
+
+5. Click **Delete route** to confirm.
+
+    The custom route is deleted, and you are returned to the list of your VPC's routes.