| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Route Tables
A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.
Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. You can associate multiple subnets with the same route table, but you can associate a subnet with only one route table.
Topics
Route Table Basics
The following are the basic things that you need to know about route tables:
Your VPC has an implicit router.
Your VPC automatically comes with a main route table that you can modify.
You can create additional custom route tables for your VPC.
Each subnet must be associated with a route table, which controls the routing for the subnet. If you don't explicitly associate a subnet with a particular route table, the subnet uses the main route table.
You can replace the main route table with a custom table that you've created (so that this table is the default table each new subnet is associated with).
Each route in a table specifies a destination CIDR and a target (for example, traffic destined for 172.16.0.0/12 is targeted for the virtual private gateway); we use the most specific route that matches the traffic to determine how to route the traffic.
Main Route Tables
When you create a VPC, it automatically has a main route table. The following image from the
VPC console shows the main route table for each VPC (the Main column is Yes).
Initially, the main route table (and every route table in a VPC) contains only a single route: a local route that enables communication within the VPC.
You can't modify the local route in a route table. Whenever you launch an instance in the VPC, the local route automatically covers that instance; you don't need to add the new instance to a route table.
If you don't explicitly associate a subnet with a route table, the subnet is implicitly associated with the main route table. However, you can still explicitly associate a subnet with the main route table. You might do that if you change which table is the main route table (see Replacing the Main Route Table).
The console shows the number of subnets associated with each table. Only explicit associations are included in that number (see Determining Which Subnets Are Explicitly Associated with a Table).
When you add a gateway to a VPC (either an Internet gateway or a virtual private gateway), you must update the route table for any subnet that uses that gateway. For example, the following image shows updates to the main route table that routes traffic to the virtual private gateway.
If you've attached a virtual private gateway to your VPC and enabled route propagation on your route table, routes representing your VPN connection automatically appear as propagated routes in your route table’s list of routes.
Custom Route Tables
Your VPC can have route tables other than the default table. One way to protect your VPC is to leave the main route table in its original default state (with only the local route), and explicitly associate each new subnet you create with one of the custom route tables you've created. This ensures that you must explicitly control how each subnet's outbound traffic is routed.
For information about the limit on the number of route tables that you can create, see Amazon VPC Limits.
The following diagram shows the routing for a VPC with both an Internet gateway and a virtual private gateway, plus a public subnet and a VPN-only subnet. The main route table came with the VPC, and it also has a route for the VPN-only subnet. There's a custom route table that's associated with the public subnet (Subnet 1). The custom route table has a route for the public subnet over the Internet gateway (the destination is 0.0.0.0/0, and the target is the Internet gateway).
If you create a new subnet in this VPC, it would be automatically associated with the main route table, which routes its traffic to the virtual private gateway. If you were to set up the reverse configuration (the main route table with the route to the Internet gateway, and the custom route table with the route to the virtual private gateway), then if you create a new subnet, it would automatically have a route to the Internet gateway.
Route Table Association
The main route table is the default table that subnets use if they're not explicitly associated with another table. When you add a new subnet, it automatically uses the routes specified in the main route table. You can change which table is the main route table, and thus change the default for additional new subnets.
Subnets can be implicitly or explicitly associated with the main route table. Subnets typically won't have an explicit association to the main route table, although it might happen temporarily if you're replacing the main route table.
You might want to make changes to the main route table, but to avoid any disruption to your traffic, you decide to first test the route changes using a custom route table. After you're satisfied with the testing, you then replace the main route table with the new custom table.
The following diagram shows a VPC with two subnets that are implicitly associated with the main route table (Route Table A), and a custom route table (Route Table B) that isn't associated with any subnets.
You can create an explicit association between Subnet 2 and Route Table B.
After you've tested Route Table B, you can make it the main route table. Note that Subnet 2 still has an explicit association with Route Table B, and Subnet 1 has an implicit association with Route Table B because it is the new main route table. Route Table A is no longer in use.
If you disassociate Subnet 2 from Route Table B, there's still an implicit association between Subnet 2 and Route Table B. If you no longer need Route Table A, you can delete it.
Working with Route Tables
This section shows you how to work with route tables.
Note
When you use the wizard in the console to create a VPC with a gateway, the wizard automatically updates the route tables to use the gateway. If you're using the command line tools or API to set up your VPC, you must update the route tables yourself.
Topics
- Determining Which Route Table a Subnet Is Associated With
- Determining Which Subnets Are Explicitly Associated with a Table
- Creating a Custom Route Table
- Adding and Removing Routes from a Route Table
- Enabling and Disabling Route Propagation
- Associating a Subnet with a Route Table
- Changing a Subnet's Route Table
- Disassociating a Subnet from a Route Table
- Replacing the Main Route Table
- Deleting a Route Table
Determining Which Route Table a Subnet Is Associated With
You can determine which route table a subnet is associated with by looking at the subnet's details in the Amazon VPC Console.
To determine which route table a subnet is associated with
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Subnets in the navigation pane, and then select the subnet.
The subnet details are displayed in the details pane. The ID of the route table the subnet is associated with is included in the details (see the following image). If it's the main route table, the console doesn't indicate whether the association is implicit or explicit. To determine if the association to the main route table is explicit, see Determining Which Subnets Are Explicitly Associated with a Table.
Determining Which Subnets Are Explicitly Associated with a Table
You can determine how many and which subnets are explicitly associated with a route table.
The main route table can have explicit and implicit associations. Custom route tables have only explicit associations.
Subnets that aren't explicitly associated with any route table have an implicit association with the main route table. You can explicitly associate a subnet with the main route table (for an example of why you might do that, see Replacing the Main Route Table).
To determine how many subnets are explicitly associated
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane.
Check the Associated With column to determine the number of explicitly associated subnets.
To determine which subnets are explicitly associated
Select the route table of interest.
Click the Associations tab in the details pane. The subnets explicitly associated with the table are listed on the tab. Any subnets not associated with any route table (and thus implicitly associated with the main route table) are also listed.
Creating a Custom Route Table
Depending on your situation, you might need to create your own route tables.
To create a custom route table
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane.
Click the Create Route Table button.
In the Create Route Table dialog box, in the VPC drop-down list, select your VPC, and then click Yes, Create.
Adding and Removing Routes from a Route Table
You can't modify routes in a table; you can only add and delete routes.
To add a route to a route table
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane, and then select the route table.
In the Routes tab in the details pane, enter the destination and the target for the route, and then click Add.
In the Create Route dialog box, click Yes, Create.
To delete a route from a route table
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane, and then select the route table.
Right-click the route you want to delete, and then click the Delete button.
In the Delete Route dialog box, click Yes, Delete.
Enabling and Disabling Route Propagation
Route propagation allows a virtual private gateway to automatically propagate routes to the route tables so that you don't need to manually enter VPN routes to your route tables. You can enable or disable route propagation.
For more information about VPN routing options, see Routing Types.
To enable route propagation
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane, and then select the route table.
In the details pane, click the Route Propagation tab.
Select the virtual private gateway from the drop-down list, and then click Add.
To disable route propagation
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane, and then select the route table.
In the details pane, on the Route Propagation tab, next to the ID of the VGW, click Remove.
In the Remove Virtual Private Gateway dialog box, click Yes, Disable.
Associating a Subnet with a Route Table
To apply a route table's routes to a particular subnet, you must associate the route table with the subnet. A route table can be associated with multiple subnets; however, a subnet can be associated with only one route table. Any subnet not explicitly associated with a table is implicitly associated with the main route table by default.
To associate a table with a subnet
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane, and select the route table.
In the details pane, on the Associations tab, select the subnet to associate with the table and click Associate.
In the Associate Route Table dialog box, click Yes, Associate.
Changing a Subnet's Route Table
You can change which route table a subnet is associated with. For example, when you create a subnet, it is implicitly associated with the main route table. You might want to instead associate it with a custom route table you've created.
To change a subnet's route table association
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Subnets in the navigation pane, and then select the subnet.
In the details pane, next to the ID of the route table associated with the subnet, click Replace.
In the Replace Route Table dialog box, select the route table to associate the subnet with from New Route Table, and then click Yes, Replace.
Disassociating a Subnet from a Route Table
You might want to disassociate a subnet from a route table. For example, you might have a subnet that is associated with a custom route table, and you instead want it associated with the main route table. By disassociating the subnet from the custom route table, the subnet becomes implicitly associated with the main route table.
To disassociate a subnet from a route table
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane, and then select the route table.
In the details pane, select the Associations tab and verify that the subnet is currently associated with the route table.
Click Disassociate.
In the Disassociate Route Table dialog box, click Yes, Disassociate.
Replacing the Main Route Table
The following procedure describes how to change which route table is the main route table in your VPC.
To replace the main route table
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane.
Locate the route table that you want to be the new main route table, right-click the table, and then select Set as Main Table.
In the Set Main Route Table dialog box, click Yes, Set.
The following procedure describes how to remove an explicit association between a subnet and the main route table. The result is an implicit association between the subnet and the main route table. The process is the same as disassociating any subnet from any route table.
To remove an explicit association with the main route table
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane.
Select the main route table and click its Associations tab.
Click Disassociate.
In the Disassociate Route Table dialog box, click Yes, Disassociate.
Deleting a Route Table
You can delete a route table only if there are no subnets associated with it. You can't delete the main route table.
To delete a route table
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Route Tables in the navigation pane.
Select the route table, and then click the Delete button.
In the Delete Route Table dialog box, click Yes, Delete.
API and Command Overview
The following table summarizes the available route table commands and corresponding API actions.
| Description | Command | API Action |
|---|---|---|
|
Creates a custom route table for your VPC. | ||
|
Describes one or more of your route tables. | ||
|
Deletes a route table from a VPC. | ||
|
Adds a new route to a route table. | ||
|
Deletes a route from a route table. | ||
|
Replaces an existing route in a route table. | ||
|
Associates a subnet with a route table. | ||
|
Disassociates a subnet from a route table. | ||
|
Changes the route table associated with a subnet. Also changes which route table is the main route table. | ||
|
Enables a virtual private gateway (VGW) to propagate routes to the routing tables of a VPC. | ||
|
Disables a VGW from propagating routes to the routing tables of a VPC. If you disable route propagation, you must manually enter routes associated with a VPN connection to route tables. | ||
|
Creates a static route associated with a VPN connection. | ||
|
Deletes a static route associated with a VPN connection. |
