Understanding Route Tables in Your AWS VPC (part 1)

Blog ENG - AWS - Post 4

When managing a Virtual Private Cloud (VPC), one of the key components you’ll work with is the route table. A route table contains a set of rules, called routes, that determine where network traffic from your subnet or gateway is directed. Let’s dive into the key concepts and functionalities of route tables.

Key Concepts of Route Tables

Main Route Table: This is the default route table that automatically comes with your VPC. It controls the routing for all subnets that are not explicitly associated with any other route table.
Custom Route Table: A route table that you create for your VPC to manage specific routing needs.
Destination: The range of IP addresses where you want traffic to go, known as the destination CIDR. For example, an external corporate network might have the CIDR 172.16.0.0/12.
Target: The gateway, network interface, or connection through which to send the destination traffic. An example of a target is an internet gateway.
Route Table Association: The link between a route table and a subnet, internet gateway, or virtual private gateway.
Subnet Route Table: A route table associated with a specific subnet.
Local Route: A default route for communication within the VPC.
Propagation: If you’ve attached a virtual private gateway to your VPC and enabled route propagation, routes for your VPN connection are automatically added to your subnet route tables. This eliminates the need to manually add or remove VPN routes.
Gateway Route Table: A route table associated with an internet gateway or virtual private gateway.
Edge Association: Used to route inbound VPC traffic to an appliance. You associate a route table with the internet gateway or virtual private gateway and specify the network interface of your appliance as the target for VPC traffic.
Transit Gateway Route Table: A route table associated with a transit gateway.
Local Gateway Route Table: A route table associated with an Outposts local gateway.

Route Priority

Routing decisions are made using the most specific route that matches the traffic, known as the longest prefix match. If your route table has overlapping or matching routes, additional rules apply. Here’s a summary of route priority:

Longest Prefix: For example, 10.10.2.15/32 has priority over 10.10.2.0/24.
Static Routes: Such as VPC peering and internet gateway connections.
Prefix List Routes.
Propagated Routes.
Direct Connect BGP Routes (dynamic routes).
VPN Static Routes.
VPN BGP Routes (dynamic routes).

Longest Prefix Match

Routes to IPv4 and IPv6 addresses or CIDR blocks are independent of each other. The most specific route that matches either IPv4 or IPv6 traffic is used to determine how to route the traffic. For example, a subnet route table might have a route for IPv4 internet traffic (0.0.0.0/0) pointing to an internet gateway, and a route for 172.31.0.0/16 IPv4 traffic pointing to a peering connection (pcx-11223344556677889). Traffic destined for the 172.31.0.0/16 IP address range uses the peering connection because this route is more specific than the route for the internet gateway. Traffic destined for a target within the VPC (10.0.0.0/16) is routed within the VPC via the local route. All other traffic from the subnet uses the internet gateway.

Route Priority for Static and Dynamically Propagated Routes

If you’ve attached a virtual private gateway to your VPC and enabled route propagation on your subnet route table, routes representing your Site-to-Site VPN connection automatically appear as propagated routes in your route table. If the destination of a propagated route is identical to the destination of a static route, the static route takes priority. Resources using static routes include:

Internet gateway
NAT gateway
Network interface
Instance ID
Gateway VPC endpoint
Transit gateway
VPC peering connection
Gateway Load Balancer endpoint

For example, if a route table has a static route to an internet gateway and a propagated route to a virtual private gateway, both with a destination of 172.31.0.0/24, the static route to the internet gateway takes priority.

Route Priority for Prefix Lists

If your route table references a prefix list, the following rules apply:

A static route with a destination CIDR block takes priority over a static route with a prefix list if they overlap.
A route that references a prefix list takes priority over a propagated route if they match.
For overlapping routes, the more specific route always takes priority, regardless of whether they are propagated routes, static routes, or routes that reference prefix lists.
If multiple prefix lists with overlapping CIDR blocks are referenced, the route priority is chosen randomly but remains consistent thereafter.

Understanding these concepts and rules will help you effectively manage your VPC’s network traffic, ensuring efficient and secure routing.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.