Routing
VPC Routing Overview
Virtual Private Clouds (VPCs) in AWS implement a sophisticated routing system that enables efficient network traffic management. The routing infrastructure is organized into three main contexts: VPC Context, Route 53 Context, and Elastic Load Balance Context.
VPC Routing Tables
VPCs are equipped with an implicit router and a main routing table by default. Key characteristics include:
The ability to modify the main routing table or create new custom tables
Each route table automatically contains a local route for the associated CIDR block
Route selection follows the principle of "most specific route wins" for any given destination address
CIDR (Classless Inter-Domain Routing) blocks, which can be pronounced as either "cedar" or "cider," are fundamental to the routing structure
Border Gateway Protocol (BGP)
BGP serves as the primary routing protocol for internet connectivity in AWS environments. Notable features include:
Core Functionality:
Acts as the standard routing protocol for internet traffic
Dynamically propagates network information to enable flexible routing
Essential for Direct Connect implementations
Optional but supported for VPN connections
Technical Requirements:
Operates on TCP port 179 plus ephemeral ports
Utilizes Autonomous System Numbers (ASN) as unique endpoint identifiers
Implements local weighting systems where higher weights indicate preferred paths for outbound traffic
AWS-Specific Features:
Supports community tagging for traffic scope control and route preference management
Provides static routes as an alternative when not using BGP with AWS VPC
Route Table Implementation
A destination in a routing table specifies which network or host the packet needs to reach. It can be:
A specific IP address for a single host (like 192.168.1.100)
A network address with subnet mask (like 192.168.1.0/24)
A default route (0.0.0.0/0) which matches all destinations not explicitly listed
The target (sometimes called "gateway" or "next hop") indicates where to send the packet next to reach that destination. It can be:
A gateway IP address (the next router to forward the packet to)
A network interface name (like eth0 or wlan0) for directly connected networks
The keyword "local" for the device's own IP addresses
The routing tables in AWS contain several standard elements as demonstrated in the example configurations:
Example Route Table Entries:
where:
pl-xxxxxxx(Destination): This is a prefix list ID that represents a set of CIDR blocks for AWS services. For example, it could be the CIDR ranges for Amazon S3 or DynamoDB. The prefix list is a way AWS groups IP ranges for their services.vpce-xxxxxxx(Target): This is a VPC Endpoint ID. It represents an endpoint that allows private communication with AWS services without going through the public internet. The 'vpce' prefix specifically identifies this as a VPC Endpoint.
Using the above routing table the below IP are resolved as follows:
These entries illustrate the hierarchical nature of AWS routing, where specific routes take precedence over more general ones, ensuring precise traffic control and optimal path selection.
Best Practices
Maintain clear documentation of routing rules and their purposes
Regularly audit route tables for unnecessary or outdated entries
Use BGP community tagging when available to enhance routing control
Consider implementing both primary and backup routing paths for critical connections
Monitor routing table size and complexity to maintain optimal performance
The routing system integrates seamlessly with other AWS services, providing a robust foundation for cloud networking infrastructure while maintaining flexibility for various deployment scenarios.
Last updated
Was this helpful?
