Route Table
A Route Table is used to manage the paths of traffic within a VPC. When a route table is created, a corresponding router is internally created, and each subnet is associated with a specific router within the VPC. Consequently, the route table determines which router traffic is forwarded to its destination based on the list of routes it maintains internally. Therefore, efficient route table configuration is a key element in directing traffic within a VPC in the desired direction.
You can create a route table to set the packets of each subnet to appropriate routes or to associate the subnets to route. Each VPC must have at least one route table, which is referred to as the 'main route table'. The main route table is marked as Main: Yes.
The main route table cannot be deleted and will be deleted along with the VPC when it is deleted.
For more information on the quotas of route table, refer to the Pricing and Quotas.
Route table types
Main route table
The main route table comes pre-configured with a default VPC, serving as the primary routing table should no custom table be specified upon subnet creation. Identifiable by a Yes tag, the main route table adheres to the following protocols:
- Automatically associates with the default subnet of a newly created default VPC.
- The main route table cannot be deleted.
- Routes can be added, removed, and modified in the main route table.
- Permits the association of any subnet with a different route table.
- Can be designated as the main route table for the VPC, impacting subsequent subnet associations.
Custom route table
For more specific needs, you can create custom route tables.This flexibility allows you to control and isolate how different subnets within your VPC communicate.
In other words, each subnet has its own route table, and you can use it to adjust traffic flow and select the optimal route based on the destination. When you want to delete a route table, however, you must first disconnect all subnets associated with the table before deleting the route table as the route table is closely related to the associated subnet.
Configuration of route table
Each route table contains rules that define where data should be sent. By default, every route table includes a local route for internal VPC communication. Here are some rule considerations.
- Besides the default
localroute, you can add more specific routes. - The destination for these routes must align with the VPC’s subnet IPv4 CIDR block, directing traffic to a gateway, network interface, etc.
- If a route table has multiple routes, data follows the most specific route available(longest prefix match).
- For external IPv4 traffic (0.0.0.0/0), setting an internet gateway as the target makes the subnet public.
| Destination | Target |
|---|---|
| 10.0.0.0/16 | local |
| 0.0.0.0/0 | Internet gateway |
Longest prefix match routing
Route Tables follow the 'longest prefix match', where the most specific route takes precedence. If there are overlapping or matching routes in a route table, additional rules apply. The following example illustrates Longest Prefix Match. In this route table, there are two routes.
- The first route is an IPv4 route pointing to internet traffic (0.0.0.0/0), which goes to the internet gateway.
- The second route is an IPv4 route pointing to the Transit Gateway (172.30.0.0/16), which handles traffic directed to tgw-11223344556677889. All traffic from subnets with 172.30.0.0/16 IP addresses uses the Transit Gateway connection. This is because it is a more specific route than the Route to the internet gateway. Additionally, traffic sent to the VPC (10.0.0.0/16) is routed within the VPC via the
localroute. Other traffic originating from subnets uses the internet gateway.
Route table examples
| Priority | Destination | Target |
|---|---|---|
| 1 | 10.0.0.0/16 | local |
| 2 | 172.30.0.0/16 | Transit Gateway |
| 3 | 0.0.0.0/0 | Internet Gateway |
Routing scenarios
Explains routing examples for internet gateway, NAT Instance, and Transit Gateway in a VPC.
Routing via internet gateway
To configure a subnet as a public subnet, an internet gateway can be added to its route table. Begin by creating an internet gateway and attaching it to the VPC. Subsequently, introduce a route for IPv4 traffic (0.0.0.0/0) directed towards the internet gateway, setting it as the destination for that route.
| Destination | Target |
|---|---|
| 0.0.0.0/0 | Internet Gateway |
Routing via NAT instance
To connect instances in a private subnet to the internet, you can start a NAT Instance. Then, incorporate a route in the private subnet's route table to channel IPv4 internet traffic (0.0.0.0/0) through the NAT Instance. For additional details, refer to the NAT Instance Usage Guide.
| Destination | Target |
|---|---|
| 0.0.0.0/0 | NAT Instance |
Routing to Transit Gateway
To integrate a Transit Gateway with a VPC, you must add specific routes to the VPC's route table that direct traffic to the Transit Gateway. For example, consider two VPCs: VPC A and VPC B.
- VPC A with CIDR block 10.1.0.0/16 is connected to Attachment-1.
- VPC B with CIDR block 10.2.0.0/16 is connected to Attachment-2.
To allow access through the Transit Gateway, configure VPC A's route table as follows:
-
Add settings for VPC attachments to the Transit Gateway's route table as follows:
Destination Target 10.1.0.0/16 local 10.0.0.0/8 Transit Gateway -
For more information on Transit Gateway's route table, refer to Routing Table.
Destination Target 10.1.0.0/16 Attachment-1 10.0.0.0/8 Attachment-2
Configure route and destination IP
You can set the Destination IP address where traffic will arrive and the gateway (Target type) it will pass through. The Destination IP of a route whose target type is local can only be set to the VPC CIDR Block. The destination IP of a route whose target type is internet gateway can only be set to IP pool other than VPC CIDR Block IP.
Routing policies with a target type of local in the main route table cannot be modified or deleted.
Available destination IP by target type
| Target type | Target name | Destination IP allowed |
|---|---|---|
| local | Local | VPC CIDR Block |
| internet gateway | IGW-uuid | IP and VPC CIDR Block |