☁️ Understanding VPC Routing in AWS
Amazon VPC (Virtual Private Cloud) is like your own mini data center in the cloud. Routing within a VPC is essential for controlling how traffic flows between subnets, the internet, and other AWS or on-premises networks.
🧭 1. What Is a Route Table?
A route table in AWS defines how traffic is directed within and outside your VPC. Each subnet must be associated with a route table that tells it where to send outgoing traffic.
Key Components:
- Destination: The IP range the traffic is destined for.
- Target: Where the traffic should be sent (e.g., internet gateway, NAT, transit gateway).
Every VPC comes with a main route table, and you can create additional ones if needed.
🔍 2. How to View and Manage Routing Tables
Access the Route Table:
- Go to your AWS Dashboard.
- Navigate to VPC → Your VPCs → Details → Main Route Table.
View All Routing Tables:
- Go to Virtual Private Cloud → Route Tables.
- Use your VPC ID to filter and find associated tables.
This is especially helpful when dealing with multiple subnets that may be grouped under the same or different routing tables.
🧱 3. Subnet-Level Routing
Each subnet must be associated with a route table. If no explicit association is made, it uses the main route table.
- Private and Public Subnets: Often, separate route tables are used for internal (private) traffic (e.g., monitoring tools like ISE or SolarWinds) and public-facing services (e.g., websites or APIs).
🌍 4. Common Routing Targets
| Target | Used For |
|---|---|
local | Default internal VPC communication |
igw-xxxxxxxx | Internet Gateway – for internet-bound traffic |
nat-xxxxxxxx | NAT Gateway – for private subnet internet access |
tgw-xxxxxxxx | Transit Gateway – for routing across VPCs/regions/sites |
pcx-xxxxxxxx | VPC Peering – direct VPC-to-VPC communication |
eni-xxxxxxxx | Elastic Network Interface – for directing traffic to EC2s |
🌐 5. Example: Office CIDR Routing with Transit Gateway
- The CIDR block
10.10.1.0/24is used in an office network. - It’s part of a private subnet in Availability Zone
eu-west-1a. - In the routing table, there’s an entry:
Destination: 10.10.1.0/24
Target: tgw-05277a116e941c227
This means traffic from that subnet to 10.10.1.0/24 is routed via a Transit Gateway, which acts like a cloud router.
🔀 6. Transit Gateway & Peering Concepts
- Transit Gateway: Central hub for routing traffic between multiple VPCs and on-prem networks.
- Attachment: The link between a VPC and the Transit Gateway (like a cable from a server to a router).
- Peering: A connection between Transit Gateways across regions (e.g., Europe to Australia), forming secure inter-regional tunnels.
🔄 7. Internet Access: IGW vs NAT
- Public Subnets need a route to an Internet Gateway (IGW):
Destination: 0.0.0.0/0 Target: igw-xxxxxxxx - Private Subnets use a NAT Gateway for outbound internet access:
Destination: 0.0.0.0/0 Target: nat-xxxxxxxx
🧠 8. Tips & Best Practices
- Use tags to label routing tables by purpose (e.g., “Public”, “Private”, “Dev”).
- Create separate route tables for clarity and security segmentation.
- Use
timedatectlto sync timezones across EC2 instances. - Keep an eye on CIDR overlap when peering VPCs or connecting via TGWs.