A routing table in AWS is a networking component that helps manage the traffic within a VPC, a logically isolated section of the AWS Cloud where you can launch resources in a user-defined virtual network. Each VPC generally includes a default main route table, and you can also create custom route tables.
In this article, we’ll further break down the concept of routing tables in AWS, providing you with a comprehensive understanding of their significance and how they function.
Defining a Route Table in AWS?
In AWS, a routing table is a set of rules, often referred to as routes, that dictate how network traffic should be directed. It acts as a virtual map, guiding data packets from their source to their destination within the AWS network infrastructure. Essentially, routing tables determine the paths that information takes as it travels between different components of your AWS environment.
Components of AWS Routing Table
AWS routing tables, in general, consist of the following components.
Routes: At the core of any routing table are the routes themselves. A route specifies a destination (either a specific IP address or a range of IP addresses) and the target through which traffic should be directed. Targets can include instances, gateways, or even other VPCs.
For example, to enable internet access for your subnet via an internet gateway, you need to add a route to your subnet’s table with a destination of 0.0.0.0/0, covering all IPv4 addresses, and set the target as the VPC’s internet gateway.
IPv4 and IPv6 CIDR blocks are handled separately. A route with a destination CIDR of 0.0.0.0/0 doesn’t automatically include IPv6 addresses. So, create a separate route with a destination CIDR of ::/0 for all IPv6 addresses.
Destination: The destination refers to the target IP address or range of IP addresses to which network traffic is directed based on the routing rules. Whether it’s specifying a specific external corporate network with a CIDR range or defining the IP address or range in a route, the purpose is to identify where the traffic should be sent.
Target: The target is the endpoint to which traffic for a specific destination is directed. In AWS, common targets include instances, internet gateways, virtual private gateways, or even peered VPCs.
How Do AWS Routing Tables Work?
Consider a simple example where you have an EC2 instance and a database hosted in different subnets. The routing table for the EC2 instance might have a route pointing to the database subnet via a VPC (Virtual Private Cloud) peering connection or an Internet Gateway. This way, traffic between the EC2 instance and the database follows the prescribed route.
Propagation of Routes: Some AWS services, such as VPN connections, dynamically propagate routes to your route tables. For example, if you have a VPN connection to your on-premises network, the routes from your on-premises network may be propagated to the VPC’s route table.
Route Prioritization: Routes are evaluated in order, and the route with the most specific destination CIDR block is chosen. If no matching route is found, the traffic is sent to the target associated with the “default route” (0.0.0.0/0), which is often used to direct traffic to the internet.
Here’s an example illustrating a basic AWS routing table entry:
|pcx-12345678 (Peering Connection ID)
|igw-87654321 (Internet Gateway ID)
In this example, any traffic with a destination IP in the range of 10.0.1.0/24 will be directed through a peering connection, while all other traffic (0.0.0.0/0) will flow through an Internet Gateway.
What Are the Three Types of Routing Tables in AWS?
Below are the types of AWS routing tables, which differ from each other in terms of functionalities and offer you the flexibility to choose based on your use case.
Main Route Tables
In the context of VPCs (Virtual Private Clouds) in AWS, the main route table is the default route table that comes automatically with every VPC. This main route table serves as the default routing table for all subnets that are not explicitly associated with any other custom route table.
A default route is essentially a route that is used when there is no specific route in the routing table that matches the destination of the network traffic. It acts as a catch-all, directing traffic to a specified target when there is no explicit route for the destination IP address.
Remember that you cannot delete the main route table. You can dynamically modify routes, but the main route table cannot be designated as a gateway route table. For customization, you can replace it by associating a custom route table with a subnet. You also have the option to explicitly associate a subnet with the main route table, providing granular control.
Custom Route Tables
By default, a VPC’s route table has a local route for internal communication. When creating a VPC with a public subnet, a custom route table is generated, including a route to the internet gateway. To enhance security, it’s advisable to keep the main route table in its default state and explicitly associate new subnets with custom tables for precise traffic control.
Custom route tables allow route adjustments but can only be deleted if not associated with any subnets.
Gateway Route Tables
Route tables associated with either an internet gateway or a virtual private gateway are known as gateway route tables. Establishing this association allows for the creation of specialized gateway route tables, providing precise control over the routing trajectory for incoming traffic into your Virtual Private Cloud (VPC). This capability enables actions like rerouting traffic entering the VPC via an internet gateway, directing it through an intermediary device, such as a security appliance, situated within the VPC.
Associating Subnets with Routing Tables
Every subnet in your Virtual Private Cloud (VPC) needs to be linked to a route table, which can be a custom one or the default main table. You can view these associations to determine explicit links. Subnets associated with Outposts can have an extra target type, a local gateway, which is the only routing distinction from regular subnets.
Implicit and Explicit Subnet Association
The following diagram depicts the routing configuration of a VPC containing an internet gateway, a virtual private gateway, a public subnet, and a VPN-only subnet.
A custom route table, referred to as Route table A, is explicitly associated with the public subnet. This table includes a route directing all traffic to the internet gateway, defining the subnet as public.
On the other hand, Route table B serves as the main route table and is implicitly associated with the private subnet. It lacks a route to the internet gateway, designating the subnet as VPN-only. If a new subnet is created without associating a custom route table, it will automatically be linked to Route table B as the main route table.
Subnet Association by Replacing the Main Route Table
Unlike the previous example, here, subnet A is implicitly associated with the main route table (Route table A), while Subnet B is also implicitly associated with Route table A. Additionally, Route table B, identified as a custom route table, is not associated with any subnet.
To start, you have to associate Subnet B explicitly with Route table B and test Route table B. If the testing is successful, designate Route table B as the new main route table.
As a result, Subnet B maintains its explicit association with Route table B, and Subnet A acquires an implicit association with Route table B since it becomes the new main route table. Route table A no longer associates with any subnet. This method guarantees a seamless transition and efficient management of route table changes.
Commonly Related Questions
- Can a VPC subnet have multiple route tables?
A route table can be linked to multiple subnets, but it’s important to note that each subnet can only be connected to a single route table simultaneously. Subnets that do not have an explicit association with a specific route table are automatically linked to the main route table by default.
- How many route tables can be created per VPC?
The default number of route tables that you can associate with a VPC is 200. However, you can adjust it according to your requirements.
- What does 0.0 0.0 0 mean in a routing table?
In routing tables, you may encounter 0.0.0.0 in the gateway column. This signifies that the gateway information for reaching the associated destination subnet is undefined or unspecified.
To recap, in AWS, route tables play a crucial role in managing the flow of traffic within a Virtual Private Cloud (VPC). These tables define a collection of routes that determine the path for specific traffic to reach its intended network interface. We hope this article has clarified your understanding of routing tables in AWS. Thank you for reading!