You manage a network that has multiple internal subnets
|
A route table contains a set of rules, called routes, that determine where network traffic from your subnet or gateway is directed. Show
Contents
Route table conceptsThe following are the key concepts for route tables.
Subnet route tablesYour VPC has an implicit router, and you use route tables to control where network traffic is directed. Each subnet in your VPC must be associated with a route table, which controls the routing for the subnet (subnet route table). You can explicitly associate a subnet with a particular route table. Otherwise, the subnet is implicitly associated with the main route table. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same subnet route table. RoutesEach route in a table specifies a destination and a target. For example, to enable your subnet to access the internet through an internet gateway, add the following route to your
subnet route table. The destination for the route is
CIDR blocks for IPv4 and IPv6 are treated separately. For example, a route with a destination CIDR of If you frequently reference the same set of CIDR blocks across your AWS resources, you can create a customer-managed prefix list to group them together. You can then specify the prefix list as the destination in your route table entry. Every route table contains a local route for communication within the VPC. This route is added by default to all route tables. If your VPC has more than one IPv4 CIDR block, your route tables contain a local route for each IPv4 CIDR block. If you've associated an IPv6 CIDR block with your VPC, your route tables contain a local route for the IPv6 CIDR block. You cannot modify or delete these routes in a subnet route table or in the main route table. Rules and considerations
Example In the following example, suppose that the VPC has both an IPv4 CIDR block and an IPv6 CIDR block. In the route table:
Main route tableWhen you create a VPC, it automatically has a main route table. When a subnet does not have an explicit routing table associated with it, the main routing table is used by default. On the Route tables page in the Amazon VPC console, you can view the main route table for a VPC by looking for Yes in the Main column. By default, when you create a nondefault VPC, the main route table contains only a local route. If you Create a VPC and choose a NAT gateway, Amazon VPC automatically adds routes to the main route table for the gateways. The following rules apply to the main route table:
Custom route tablesBy default, a custom route table is empty and you add routes as needed. If you Create a VPC and choose a public subnet, Amazon VPC creates a custom route table and adds a route that points to the internet gateway. One way to protect your VPC is to leave the main route table in its original default state. Then, explicitly associate each new subnet that you create with one of the custom route tables you've created. This ensures that you explicitly control how each subnet routes traffic. You can add, remove, and modify routes in a custom route table. You can delete a custom route table only if it has no associations. Subnet route table associationEach subnet in your VPC must be associated with a route table. A subnet can be explicitly associated with custom route table, or implicitly or explicitly associated with the main route table. For more information about viewing your subnet and route table associations, see Determine which subnets and or gateways are explicitly associated. Subnets that are in VPCs associated with Outposts can have an additional target type of a local gateway. This is the only routing difference from non-Outposts subnets. Example 1: Implicit and explicit subnet association The following diagram shows the routing for a VPC with an internet gateway, a virtual private gateway, a public subnet, and a VPN-only subnet. Route table A is a custom route table that is explicitly associated with the public subnet. It has a route that sends all traffic to the internet gateway.
Route table B is the main route table. It has a route that sends all traffic to the virtual private gateway.
If you create a new subnet in this VPC, it's automatically implicitly associated with the main route table, which routes traffic to the virtual private gateway. If you set up the reverse configuration (where the main route table has the route to the internet gateway, and the custom route table has the route to the virtual private gateway), then traffic to the new subnet is routed to the internet gateway. Example 2: Replacing the main route table You might want to make changes to the main route table. To avoid any disruption to your traffic, we recommend that you first test the route changes using a custom route table. After you're satisfied with the testing, you can replace the main route table with the new custom table. The following diagram shows a VPC with two subnets that are implicitly associated with the main route table (Route Table A), and a custom route table (Route Table B) that isn't associated with any subnets. You can create an explicit association between Subnet 2 and Route Table B. After you've tested Route Table B, you can make it the main route table. Note that Subnet 2 still has an explicit association with Route Table B, and Subnet 1 has an implicit association with Route Table B because it is the new main route table. Route Table A is no longer in use. If you disassociate Subnet 2 from Route Table B, there's still an implicit association between Subnet 2 and Route Table B. If you no longer need Route Table A, you can delete it. Gateway route tablesYou can associate a route table with an internet gateway or a virtual private gateway. When a route table is associated with a gateway, it's referred to as a gateway route table. You can create a gateway route table for fine-grain control over the routing path of traffic entering your VPC. For example, you can intercept the traffic that enters your VPC through an internet gateway by redirecting that traffic to a middlebox appliance (such as a security appliance) in your VPC. Gateway route table routesA gateway route table associated with an internet gateway supports routes with the following targets:
A gateway route table associated with a virtual private gateway supports routes with the following targets:
When the target is a Gateway Load Balancer endpoint or a network interface, the following destinations are allowed:
If you change the target of the local route in a gateway route table to a network interface
in your VPC, you can later restore it to the default Example In the following gateway route table, traffic destined for a subnet with the
Example In the following gateway route table, the target for the local route is replaced with a network interface ID. Traffic destined for all subnets within the VPC is routed to the network interface.
Rules and considerationsYou cannot associate a route table with a gateway if any of the following applies:
In addition, the following rules and considerations apply:
Route priorityIn general, we direct traffic using the most specific route that matches the traffic. This is known as the longest prefix match. If your route table has overlapping or matching routes, additional rules apply. Contents
Longest prefix matchRoutes to IPv4 and IPv6 addresses or CIDR blocks are independent of each other. We use the most specific route that matches either IPv4 traffic or IPv6 traffic to determine how to route the traffic. The
following example subnet route table has a route for IPv4 internet traffic (
Route priority and propagated routesIf you've attached a virtual private gateway to your VPC and enabled route propagation on your subnet route table, routes representing your Site-to-Site VPN connection automatically appear as propagated routes in your route table. If the destination of a propagated route overlaps a static route, the static route takes priority. If the destination of a propagated route is identical to the destination of a static route, the static route takes priority if the target is one of the following:
For more information, see Route tables and VPN route priority in the AWS Site-to-Site VPN User Guide. The following example route table has a static route to an internet gateway and a propagated route to a virtual private gateway. Both routes have a destination of
Route priority and prefix listsIf your route table references a prefix list, the following rules apply:
Route table quotasThere is a quota on the number of route tables that you can create per VPC. There is also a quota on the number of routes that you can add per route table. For more information, see Amazon VPC quotas. Which two commands do you use to force a new IP configuration?Press windows key and X key at the same time. Then click at Command Prompt. Type ipconfig /release at the Command Prompt window, press Enter, it will release the current IP configuration. Type ipconfig /renew at the Command Prompt window, wait for a while, the DHCP server will assign a new IP address for your computer.
Which of the following best describes the purpose of using subnets?Which of the following best describes the purpose of using subnets? Subnets divide an IP address into multiple addresses.
Which port does the relay agent use when it sends DHCP information back to the client?Relay agent forwards using Source port 68 / Destination port 67 to the DHCP server. Relay agent converts server response back to Src67 / Dest68 to the client.
Which of the following IP address ranges is reserved for Automatic Private IP Addressing apipa )?The Internet Assigned Numbers Authority (IANA) has reserved 169.254. 0.0-169.254. 255.255 for Automatic Private IP Addressing. As a result, APIPA provides an address that is guaranteed not to conflict with routable addresses.
|
