Routing Tables in AWSLearn how routing tables manage the flow of traffic in your AWS VPC, ensuring efficient communication between subnets, other VPCs, and the internet.
ByAnis Mer_

Routing Tables in AWS

The Traffic Directors of Your VPC

In your AWS VPC, routing tables act as the traffic directors. They decide where network traffic should go — whether it’s to another subnet, another VPC, or the internet. A well-configured routing table ensures smooth communication within your network and to the outside world.

In this article, we’ll take a deep dive into what routing tables are, how they work, and how to set them up effectively.

What is a Routing Table?

A routing table is a set of rules that governs how network traffic moves. Every resource in your VPC — like EC2 instances, databases, and load balancers — relies on routing tables to determine:

  1. Where traffic is headed (the destination).
  2. How to get there (the target).

Mental Model: Routing Tables as Road Maps

Think of your VPC as a city, and the routing table as its traffic management system:

  • The destination is the neighborhood or address you want to reach (e.g., a CIDR block or the internet).
  • The target is the checkpoint or intermediary that directs the traffic to that destination.

Examples:

  1. To reach the internet:

    • Destination: 0.0.0.0/0 (all traffic leaving the VPC).
    • Target: Internet Gateway — the main exit to the internet.

  2. To communicate within the VPC:

    • Destination: 10.0.1.0/24 (a subnet’s CIDR block).
    • Target: Local (implicit), as AWS automatically routes traffic within the VPC.

  3. To connect with another VPC:

    • Destination: 192.168.1.0/24 (the CIDR block of the peered VPC).
    • Target: VPC Peering Connection, allowing seamless traffic between the two VPCs.

The Structure of a Routing Table

Each routing table consists of one or more routes, and each route contains:

  1. Destination: Specifies where the traffic is going (e.g., a specific CIDR block or 0.0.0.0/0 for the internet).
  2. Target: Defines the resource (e.g., Internet Gateway, NAT Gateway, or VPC Peering Connection) that handles the traffic.

Default Main Routing Table:
When you create a VPC, AWS automatically provides a main routing table. This table is applied to all subnets by default unless you explicitly associate them with a custom routing table.

Custom Routing Tables:
You can create custom routing tables to handle specific traffic flows. For example:

  • Public subnets can have a route to the Internet Gateway.
  • Private subnets can have a route to a NAT Gateway for outbound internet access.

How Local Routing Works

Local routing is AWS’s built-in feature that allows resources within the same VPC to communicate with each other automatically, without requiring user-defined routes.

Key Points:

  1. AWS creates a local route in every routing table for the VPC’s CIDR block.

    • Example: 
      Destination: 10.0.0.0/16
Target: local

  2. This local route enables intra-VPC communication. For example:

    • An EC2 instance in Subnet A (10.0.1.0/24) can talk to an RDS database in Subnet B (10.0.2.0/24) automatically, as long as security groups and NACLs permit the traffic.

  3. You don’t need to define local routes manually. AWS handles this for you when the VPC is created.

Intra- vs Inter- Communication

Definitions:

  1. Intra-:
    The prefix "intra" means within. It refers to communication, interaction, or activity happening inside the same group, system, or boundary.

  2. Inter-:
    The prefix "inter" means between. It refers to communication, interaction, or activity happening between two or more separate groups, systems, or boundaries.

Examples

Intra-VPC Communication (within the same VPC):

  • Resources such as EC2 instances in different subnets of the same VPC communicating with each other.

    Example:

    • An EC2 instance in Subnet A (10.0.1.0/24) communicating with an RDS database in Subnet B (10.0.2.0/24).
    • This happens automatically via local routing, as both subnets are within the same VPC.

Inter-VPC Communication (between two different VPCs):

  • Resources in one VPC communicating with resources in another VPC.

    Example:

    • An EC2 instance in VPC 1 (10.0.0.0/16) communicating with an S3 bucket or another instance in VPC 2 (192.168.0.0/16).
    • This requires setting up VPC Peering, Transit Gateways, or other networking methods to connect the two VPCs.

Intra-Region Communication (within the same AWS region):

  • Communication between resources in different VPCs or services (like Lambda and DynamoDB) that are in the same region.

    Example:

    • An EC2 instance in VPC A (10.0.0.0/16) communicating with DynamoDB in the same region.

Inter-Region Communication (between different AWS regions):

  • Communication between resources located in different AWS regions.

    Example:

    • A database in us-east-1 communicating with an application server in eu-west-1.
    • This often involves AWS Global Accelerator or Direct Connect for optimized routing.

Simple Analogy

Think of "intra" and "inter" like neighborhoods and cities:

  • Intra-: Communication within the same neighborhood (e.g., between houses in the same area).
  • Inter-: Communication between two different neighborhoods or cities (e.g., using roads, bridges, or highways to connect them).

Setting Up Routing Tables: A Step-by-Step Guide

1. Go to the VPC Dashboard

  • In the AWS Management Console, navigate to VPC Dashboard > Route Tables.

2. Create a New Routing Table

  • Click Create Route Table and give it a descriptive name (e.g., PublicRoutingTable).
  • Select the VPC where this table will be used.

3. Add Routes to the Table

  • Add routes based on the traffic flow you want:
    • For internet-bound traffic:
      • Destination: 0.0.0.0/0
      • Target: Internet Gateway
    • For internal communication:
      • Destination: Your VPC CIDR block (e.g., 10.0.0.0/16).
      • Target: Local (implicit).

4. Associate the Routing Table with a Subnet

  • Under the Subnet Associations tab, select the subnet(s) that should use this routing table. For example:
    • Associate a public routing table with public subnets.
    • Associate a private routing table with private subnets.

5. Test the Configuration

  • Launch an EC2 instance in the subnet and check connectivity to the intended destination (e.g., the internet or another subnet).

Common Issues and Troubleshooting

1. Traffic Not Reaching the Internet

  • Check if the routing table has a route to the Internet Gateway (0.0.0.0/0).
  • Ensure the subnet has been configured as public (e.g., resources need Public IPs).

2. Subnet Connectivity Issues

  • Verify that the destination CIDR block is included in the routing table.
  • Check security groups and NACLs to allow necessary traffic.

3. No Traffic Between Peered VPCs

  • Ensure both VPCs have routes pointing to the VPC Peering Connection.
  • Confirm that security groups and NACLs permit cross-VPC traffic.

Big Words Defined

  • Routing Table: A set of rules that directs traffic within your VPC and beyond.
  • Route: An entry in the routing table specifying a destination and a target.
  • Destination: The IP range where the traffic is headed.
  • Target: The next resource (e.g., Internet Gateway, NAT Gateway, etc.) that routes the traffic.
  • Local Routing: AWS’s built-in routing mechanism for intra-VPC traffic.
  • Main Routing Table: The default routing table for a VPC.
  • Custom Routing Table: A user-defined table for specific routing needs.

What’s Next?

Next, we’ll dive into NAT Gateways and Internet Gateways — the bridges that connect your VPC to the outside world while keeping things secure.

Back