A route table contains a set of rules, called routes, that determine where network traffic from your subnet or gateway is directed. Show
Contents
Route table conceptsThe following are the key concepts for route tables.
Subnet route tablesYour VPC has an implicit router, and you use route tables to control where network traffic is directed. Each subnet in your VPC must be associated with a route table, which controls the routing for the subnet (subnet route table). You can explicitly associate a subnet with a particular route table. Otherwise, the subnet is implicitly associated with the main route table. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same subnet route table. RoutesEach route in a table specifies a destination and a target. For example, to enable your subnet to access the internet through an internet gateway, add the following route to your
subnet route table. The destination for the route is
CIDR blocks for IPv4 and IPv6 are treated separately. For example, a route with a destination CIDR of If you frequently reference the same set of CIDR blocks across your AWS resources, you can create a customer-managed prefix list to group them together. You can then specify the prefix list as the destination in your route table entry. Every route table contains a local route for communication within the VPC. This route is added by default to all route tables. If your VPC has more than one IPv4 CIDR block, your route tables contain a local route for each IPv4 CIDR block. If you've associated an IPv6 CIDR block with your VPC, your route tables contain a local route for the IPv6 CIDR block. You can replace or restore the target of each local route as needed. Rules and considerations
Example In the following example, suppose that the VPC has both an IPv4 CIDR block and an IPv6 CIDR block. In the route table:
Main route tableWhen you create a VPC, it automatically has a main route table. When a subnet does not have an explicit routing table associated with it, the main routing table is used by default. On the Route tables page in the Amazon VPC console, you can view the main route table for a VPC by looking for Yes in the Main column. By default, when you create a nondefault VPC, the main route table contains only a local route. If you Create a VPC and choose a NAT gateway, Amazon VPC automatically adds routes to the main route table for the gateways. The following rules apply to the main route table:
Custom route tablesBy default, a custom route table is empty and you add routes as needed. If you Create a VPC and choose a public subnet, Amazon VPC creates a custom route table and adds a route that points to the internet gateway. One way to protect your VPC is to leave the main route table in its original default state. Then, explicitly associate each new subnet that you create with one of the custom route tables you've created. This ensures that you explicitly control how each subnet routes traffic. You can add, remove, and modify routes in a custom route table. You can delete a custom route table only if it has no associations. Subnet route table associationEach subnet in your VPC must be associated with a route table. A subnet can be explicitly associated with custom route table, or implicitly or explicitly associated with the main route table. For more information about viewing your subnet and route table associations, see Determine which subnets and or gateways are explicitly associated. Subnets that are in VPCs associated with Outposts can have an additional target type of a local gateway. This is the only routing difference from non-Outposts subnets. Example 1: Implicit and explicit subnet association The following diagram shows the routing for a VPC with an internet gateway, a virtual private gateway, a public subnet, and a VPN-only subnet. Route table A is a custom route table that is explicitly associated with the public subnet. It has a route that sends all traffic to the internet gateway.
Route table B is the main route table. It has a route that sends all traffic to the virtual private gateway.
If you create a new subnet in this VPC, it's automatically implicitly associated with the main route table, which routes traffic to the virtual private gateway. If you set up the reverse configuration (where the main route table has the route to the internet gateway, and the custom route table has the route to the virtual private gateway), then traffic to the new subnet is routed to the internet gateway. Example 2: Replacing the main route table You might want to make changes to the main route table. To avoid any disruption to your traffic, we recommend that you first test the route changes using a custom route table. After you're satisfied with the testing, you can replace the main route table with the new custom table. The following diagram shows a VPC with two subnets that are implicitly associated with the main route table (Route Table A), and a custom route table (Route Table B) that isn't associated with any subnets. You can create an explicit association between Subnet 2 and Route Table B. After you've tested Route Table B, you can make it the main route table. Note that Subnet 2 still has an explicit association with Route Table B, and Subnet 1 has an implicit association with Route Table B because it is the new main route table. Route Table A is no longer in use. If you disassociate Subnet 2 from Route Table B, there's still an implicit association between Subnet 2 and Route Table B. If you no longer need Route Table A, you can delete it. Gateway route tablesYou can associate a route table with an internet gateway or a virtual private gateway. When a route table is associated with a gateway, it's referred to as a gateway route table. You can create a gateway route table for fine-grain control over the routing path of traffic entering your VPC. For example, you can intercept the traffic that enters your VPC through an internet gateway by redirecting that traffic to a middlebox appliance (such as a security appliance) in your VPC. Gateway route table routesA gateway route table associated with an internet gateway supports routes with the following targets:
A gateway route table associated with a virtual private gateway supports routes with the following targets:
When the target is a Gateway Load Balancer endpoint or a network interface, the following destinations are allowed:
If you change the target of the local route in a gateway route table to a network interface
in your VPC, you can later restore it to the default Example In the following gateway route table, traffic destined for a subnet with the
Example In the following gateway route table, the target for the local route is replaced with a network interface ID. Traffic destined for all subnets within the VPC is routed to the network interface.
Rules and considerationsYou cannot associate a route table with a gateway if any of the following applies:
In addition, the following rules and considerations apply:
Route priorityIn general, we direct traffic using the most specific route that matches the traffic. This is known as the longest prefix match. If your route table has overlapping or matching routes, additional rules apply. Contents
Longest prefix matchRoutes to IPv4 and IPv6 addresses or CIDR blocks are independent of each other. We use the most specific route that matches either IPv4 traffic or IPv6 traffic to determine how to route the traffic. The
following example subnet route table has a route for IPv4 internet traffic (
Route priority and propagated routesIf you've attached a virtual private gateway to your VPC and enabled route propagation on your subnet route table, routes representing your Site-to-Site VPN connection automatically appear as propagated routes in your route table. If the destination of a propagated route overlaps a static route, the static route takes priority. If the destination of a propagated route is identical to the destination of a static route, the static route takes priority if the target is one of the following:
For more information, see Route tables and VPN route priority in the AWS Site-to-Site VPN User Guide. The following example route table has a static route to an internet gateway and a propagated route to a virtual private gateway. Both routes have a destination of
Route priority and prefix listsIf your route table references a prefix list, the following rules apply:
Route table quotasThere is a quota on the number of route tables that you can create per VPC. There is also a quota on the number of routes that you can add per route table. For more information, see Amazon VPC quotas. What if destination address not in routing table?1) the title asks what a router would do if it received a packet and can not find the destination address in its routing table. If there is a default route then the router would forward the packet using the default route. If there is not a default then the router would return an unreachable to the source.
When a specific route does not exist for the destination network which routing type will be used?Network administrators use static routing, or nonadaptive routing, to define a route when there is a single route or a preferred route for traffic to reach a destination. Static routing uses small routing tables with only one entry for each destination.
What is destination network in routing table?A basic routing table includes the following information: Destination: The IP address of the packet's final destination. Next hop: The IP address to which the packet is forwarded. Interface: The outgoing network interface the device should use when forwarding the packet to the next hop or final destination.
What action does the router take when it does not find a route to the destination network in its routing table?If the destination network is directly connected, the router forwards the packet to the destination host. 2. If no route exists for the destination network and a default route is present, the packet is forwarded to the next-hop router.
|