AWS — VPC Route Table Overview
Introduction to AWS VPC Route Table
A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed. To put it simply, a route table tells network packets which way they need to go to get to their destination.
VPC Route Table Key points
- Each subnet in your VPC must be associated with a route table, which controls the routing for the subnet (subnet route table). A subnet can be explicitly associated with custom route table.
- Main route table automatically comes with VPC. It controls the routing for all subnets that are not explicitly associated with any other route table.
- Custom route table is empty, by default and you add routes as needed.
- A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same subnet route table.
- Every route table contains a local route for communication within the VPC.
- Gateway route table — it’s associated with an internet gateway or a virtual private gateway (gateway route table).
- You can associate a route table with an internet gateway or a virtual private gateway. When a route table is associated with a gateway, it’s referred to as a gateway route table.
- A gateway route table supports routes where the target is local or an elastic network interface in VPC.
- Each route in a table specifies a destination and a target.
- IPv4 and IPv6 traffic are treated separately. i.e. Routes to IPv4 and IPv6 addresses or CIDR blocks are independent of each other.
- Route Priority — if your route table has multiple routes, we use the most specific route that matches the traffic (longest prefix match) to determine how to route the traffic.
- Route propagation — allows a virtual private gateway to automatically propagate routes to the route tables. This means that you don’t need to manually enter VPN routes to your route tables. You can enable or disable route propagation.
- Edge association use to route inbound VPC traffic to an appliance.
- Subnets that are in VPCs associated with AWS Outposts can have an additional target type of a local gateway.
- Users VPC peering connection can also support IPv6 communication between instances in the VPCs, if the VPCs and instances are enabled for IPv6 communication.
VPC Route Table best practices
- To control the routing for your private subnets you need to create custom route tables. Create separate route tables for each tier. This will provide more control in maintaining the security of each subnet.
- Leave the main route table in its original default state. Explicitly associate each new subnet that you create with one of the custom route tables you’ve created. This ensures that you explicitly control how each subnet routes traffic.