Understanding Route Tables in Your AWS VPC (part 2)

Blog ENG - AWS - Post 5

When managing a Virtual Private Cloud (VPC) in AWS, subnet route tables play a crucial role in directing network traffic. Here’s a comprehensive guide to help you understand how they work and how to manage them effectively.

What Are Subnet Route Tables?

Your VPC comes with an implicit router, and you use route tables to control where network traffic is directed. Each subnet in your VPC must be associated with a route table, which controls the routing for that subnet. You can explicitly associate a subnet with a particular route table, or it will be implicitly associated with the main route table. A subnet can only be associated with one route table at a time, but multiple subnets can share the same route table.

Routes

Each route in a table specifies a destination and a target. For example, to enable your subnet to access the internet through an internet gateway, you would add a route with the destination 0.0.0.0/0 (representing all IPv4 addresses) and the target as the internet gateway attached to your VPC.

It’s important to note that CIDR blocks for IPv4 and IPv6 are treated separately. A route with a destination CIDR of 0.0.0.0/0 does not include all IPv6 addresses. For IPv6, you must create a route with a destination CIDR of ::/0.

If you frequently reference the same set of CIDR blocks across your AWS resources, you can create a customer-managed prefix list to group them together and specify the prefix list as the destination in your route table entry.

Every route table contains a local route for communication within the VPC, added by default. If your VPC has multiple IPv4 CIDR blocks, your route tables will contain a local route for each block. Similarly, if you’ve associated an IPv6 CIDR block with your VPC, your route tables will contain a local route for the IPv6 block. You can replace or restore the target of each local route as needed.

Remember:

You can add a route to your route tables that is more specific than the local route. The destination must match the entire IPv4 or IPv6 CIDR block of a subnet in your VPC, and the target must be a NAT gateway, network interface, or Gateway Load Balancer endpoint.
If your route table has multiple routes, AWS uses the most specific route that matches the traffic (longest prefix match) to determine how to route the traffic.
You can’t add routes to IPv4 addresses that are an exact match or a subset of the range 169.254.168.0/22, reserved for AWS services like the Instance Metadata Service (IMDS) and the Amazon DNS server.
Similarly, you can’t add routes to IPv6 addresses that are an exact match or a subset of the range fd00:ec2::/32, reserved for AWS services.
You can add middlebox appliances to the routing paths for your VPC.

Main Route Table

When you create a VPC, it automatically has a main route table. If a subnet does not have an explicit route table associated with it, the main route table is used by default. You can view the main route table for a VPC on the Route tables page in the Amazon VPC console.

By default, the main route table contains only a local route. If you create a VPC and choose a NAT gateway, Amazon VPC automatically adds routes to the main route table for the gateways.

Remember:

You can add, remove, and modify routes in the main route table.
You can’t delete the main route table.
You can’t set a gateway route table as the main route table.
You can replace the main route table by associating a custom route table with a subnet.
You can explicitly associate a subnet with the main route table, even if it’s already implicitly associated.

Custom Route Tables

By default, a route table contains a local route for communication within the VPC. If you create a VPC and choose a public subnet, Amazon VPC creates a custom route table and adds a route that points to the internet gateway. To protect your VPC, you can leave the main route table in its default state and explicitly associate each new subnet with one of the custom route tables you’ve created. This ensures you have explicit control over how each subnet routes traffic.

Remember:

You can add, remove, and modify routes in a custom route table.
You can delete a custom route table only if it has no associations.

By understanding and managing your subnet route tables effectively, you can ensure that your VPC’s network traffic is routed efficiently and securely.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.