Using route tables to direct traffic appropriately (for example, automatic propagation, BGP)

Task Statement 3.1: Maintain routing and connectivity on AWS and hybrid networks.

📘AWS Certified Advanced Networking – Specialty

A route table is a core AWS networking concept that tells your network traffic where to go. Think of it as a set of rules that directs data packets from one place to another inside your Virtual Private Cloud (VPC) or between VPCs, VPNs, and on-premises networks.

Each subnet in a VPC is associated with one route table, which determines how traffic leaving that subnet is handled.

Key Components of a Route Table

  1. Destination CIDR block – This defines where the traffic should go. It could be:
    • Another subnet in the same VPC
    • A VPN connection to on-premises
    • A peered VPC
    • The Internet (0.0.0.0/0)
  2. Target – This defines how to reach the destination. Examples include:
    • Internet Gateway (IGW) – for Internet traffic
    • Virtual Private Gateway (VGW) – for VPN connections
    • VPC Peering connection – for communication between VPCs
    • NAT Gateway – for allowing private subnets to access the Internet

Directing Traffic Appropriately

AWS allows you to manage traffic in two main ways:

1. Static Routes

  • You manually define the destination and target.
  • Example for IT: If you have a subnet 10.0.1.0/24 and you want traffic to reach a VPN to on-premises, you add a static route: Destination: 192.168.0.0/16 (on-prem network)
    Target: Virtual Private Gateway (VGW)
  • Use case: Best when routes rarely change.

2. Dynamic Routes (BGP & Automatic Propagation)

  • AWS supports dynamic routing with BGP (Border Gateway Protocol) when using Direct Connect or VPNs.
  • BGP automatically shares network routes between AWS and on-premises networks.
  • Automatic route propagation allows routes learned via BGP to be added to your route tables automatically.
  • Example for IT:
    • You set up a VPN between AWS and on-premises.
    • Your on-prem network is 192.168.0.0/16.
    • With BGP, AWS learns this route and automatically adds it to the route table.
    • Now subnets in your VPC can send traffic to on-premises without manually creating routes.

How AWS Route Tables Work in Different Scenarios

1. Private Subnet Access

  • Private subnets can’t access the Internet directly.
  • You can add a route to a NAT Gateway to allow outgoing Internet traffic.
  • Example route: Destination: 0.0.0.0/0
    Target: NAT Gateway

2. VPC Peering

  • If two VPCs need to communicate:
    • Add a route in each VPC route table pointing to the other VPC’s CIDR via the VPC Peering connection.
    • Automatic propagation is not available for VPC peering, so routes must be added manually.

3. Transit Gateway

  • A Transit Gateway can connect multiple VPCs and on-premises networks.
  • Route tables in the TGW define how traffic flows between VPC attachments and VPNs.
  • AWS can propagate routes from attached networks into the Transit Gateway route table.

Exam Tips: What You Must Know

  1. Every subnet must have a route table.
  2. Default route table – When a VPC is created, AWS automatically creates a main route table.
  3. Static vs Dynamic routes
    • Static: You manually add routes.
    • Dynamic: Learned via BGP and automatic propagation.
  4. Route propagation
    • Enables VPN/Direct Connect to automatically update route tables.
    • Must be enabled on the route table.
  5. Route priority
    • AWS uses most specific route match.
    • Example: If two routes match a packet, AWS chooses the one with the smaller CIDR block.
  6. Common targets
    • IGW → Internet traffic
    • VGW → VPN / Direct Connect
    • NAT Gateway → Outbound traffic from private subnets
    • VPC Peering → Other VPCs
    • Transit Gateway → Multiple VPCs or hybrid networks

Quick Diagram for IT Context

[Private Subnet 10.0.1.0/24] ---Route Table---> [NAT Gateway] ---> [Internet]
[Public Subnet 10.0.0.0/24]  ---Route Table---> [Internet Gateway] ---> [Internet]
[VPC1 10.0.0.0/16]           ---Route Table---> [VPC Peering to VPC2 10.1.0.0/16]
[VPC 10.0.0.0/16]            ---Route Table---> [Virtual Private Gateway] ---> [On-Prem 192.168.0.0/16] (via BGP)

Key Takeaways for the Exam

  • Know how route tables connect subnets, VPCs, and hybrid networks.
  • Understand automatic propagation vs manual static routes.
  • Remember most-specific route wins principle.
  • Identify appropriate targets (IGW, NAT, VGW, TGW, Peering).
  • Practice drawing route table flows for hybrid connectivity, especially with Direct Connect and VPN.
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by