A route table contains a phối of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.
Main route table—The route table that automatically comes with your VPC. It controls the routing for all subnets that are not explicitly associated with any other route table.
Custom route table—A route table that you create for your VPC.
Edge association—A route table that you use to lớn route inbound VPC traffic to lớn an appliance. You associate a route table with the mạng internet gateway or virtual private gateway, & specify the network interface of your appliance as the target for VPC traffic.
Route table association—The association between a route table và a subnet, internet gateway, or virtual private gateway.
Subnet route table—A route table that"s associated with a subnet.
Gateway route table—A route table that"s associated with an internet gateway or virtual private gateway.
Destination—The range of IP.. addresses where you want traffic lớn go (destination CIDR). For example, an external corporate network with a 172.16.0.0/12 CIDR.
Target—The gateway, network interface, or connection through which to skết thúc the destination traffic; for example, an mạng internet gateway.
Local route—A default route for communication within the VPC.
For example routing options, see Example routing options.
How route tables work
Your VPC has an implicit router, & you use route tables khổng lồ control where network traffic is directed. Each subnet in your VPC must be associated with a route table, which controls the routing for the subnet (subnet route table). You can explicitly associate a subnet with a particular route table. Otherwise, the subnet is implicitly associated with the main route table. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same subnet route table.
You can optionally associate a route table with an internet gateway or a virtual private gateway (gateway route table). This enables you lớn specify routing rules for inbound traffic that enters your VPC through the gateway. For more information, see Gateway route tables.
There is a quota on the number of route tables that you can create per VPC. There is also a quota on the number of routes that you can add per route table. For more information, see Amazon VPC quotas.
Each route in a table specifies a destination và a target. For example, lớn enable your subnet to access the internet through an internet gateway, add the following route to your subnet route table.
The destination for the route is 0.0.0.0/0, which represents all IPv4 addresses. The target is the mạng internet gateway that"s attached to lớn your VPC.
CIDR blocks for IPv4 and IPv6 are treated separately. For example, a route with a destination CIDR of 0.0.0.0/0 does not automatically include all IPv6 addresses. You must create a route with a destination CIDR of ::/0 for all IPv6 addresses.
Every route table contains a local route for communication within the VPC. This route is added by default khổng lồ all route tables. If your VPC has more than one IPv4 CIDR bloông xã, your route tables contain a local route for each IPv4 CIDR bloông chồng. If you"ve associated an IPv6 CIDR bloông xã with your VPC, your route tables contain a local route for the IPv6 CIDR bloông chồng. You cannot modify or delete these routes in a subnet route table or in the main route table.
For more information about routes và local routes in a gateway route table, see Gateway route tables.
If your route table has multiple routes, we use the most specific route that matches the traffic (longest prefix match) khổng lồ determine how to lớn route the traffic.
In the following example, an IPv6 CIDR blochồng is associated with your VPC. In your route table:
IPv6 traffic destined lớn remain within the VPC (2001:db8:1234:1a00::/56) is covered by the Local route, & is routed within the VPC.
IPv4 and IPv6 traffic are treated separately; therefore, all IPv6 traffic (except for traffic within the VPC) is routed to lớn the egress-only mạng internet gateway.
There is a route for 172.31.0.0/16 IPv4 traffic that points to lớn a peering connection.
There is a route for all IPv4 traffic (0.0.0.0/0) that points khổng lồ an internet gateway.
There is a route for all IPv6 traffic (::/0) that points to lớn an egress-only mạng internet gateway.
If you frequently reference the same set of CIDR blocks across your kulturbench.com resources, you can create a customer-managed prefix list to group them together. You can then specify the prefix các mục as the destination in your route table entry.
Main route table
When you create a VPC, it automatically has a main route table. When a subnet does not have an explicit routing table associated with it, the main routing table is used by default. On the Route Tables page in the Amazon VPC console, you can view the main route table for a VPC by looking for Yes in the Main column.
By mặc định, when you create a nonmặc định VPC, the main route table contains only a local route. When you use the VPC wizard in the console to create a nonmặc định VPC with a NAT gateway or virtual private gateway, the wizard automatically adds routes khổng lồ the main route table for those gateways.
The following rules apply to lớn the main route table:
You cannot delete the main route table.
Bạn đang xem: Routing table là gì
You cannot set a gateway route table as the main route table.
You can replace the main route table with a custom subnet route table.
You can add, remove, and modify routes in the main route table.
You cannot create a route that is more specific than the local route.
Custom route tables
By mặc định, a custom route table is empty and you add routes as needed. When you use the VPC wizard in the console lớn create a VPC with an mạng internet gateway, the wizard creates a custom route table and adds a route lớn the internet gateway. One way to lớn protect your VPC is lớn leave the main route table in its original default state. Then, explicitly associate each new subnet that you create with one of the custom route tables you"ve created. This ensures that you explicitly control how each subnet routes traffic.
You can add, remove sầu, & modify routes in a custom route table. You can delete a custom route table only if it has no associations.
Subnet route table association
Each subnet in your VPC must be associated with a route table. A subnet can be explicitly associated with custom route table, or implicitly or explicitly associated with the main route table. For more information about viewing your subnet & route table associations, see Determine which subnets và or gateways are explicitly associated with a table.
Subnets that are in VPCs associated with Outposts can have sầu an additional target type of a local gateway. This is the only routing difference from non-Outposts subnets.
You cannot associate a subnet with a route table if any of the following applies:
The route table contains an existing route that"s more specific than the default local route.
The target of the default local route has been replaced.
Example 1: Implicit & explicit subnet association
The following diagram shows the routing for a VPC with an internet gateway, a virtual private gateway, a public subnet, và a VPN-only subnet. The main route table has a route lớn the virtual private gateway. A custom route table is explicitly associated with the public subnet. The custom route table has a route khổng lồ the mạng internet (0.0.0.0/0) through the mạng internet gateway.
If you create a new subnet in this VPC, it"s automatically implicitly associated with the main route table, which routes traffic to the virtual private gateway. If you mix up the reverse configuration (where the main route table has the route to the internet gateway, và the custom route table has the route to lớn the virtual private gateway), then a new subnet automatically has a route to lớn the internet gateway.
Example 2: Replacing the main route table
You might want to lớn make changes lớn the main route table. To avoid any disruption lớn your traffic, we recommkết thúc that you first chạy thử the route changes using a custom route table. After you"re satisfied with the testing, you can replace the main route table with the new custom table.
The following diagram shows a VPC with two subnets that are implicitly associated with the main route table (Route Table A), & a custom route table (Route Table B) that isn"t associated with any subnets.
You can create an explicit association between Subnet 2 & Route Table B.
After you"ve sầu tested Route Table B, you can make it the main route table. Note that Subnet 2 still has an explicit association with Route Table B, và Subnet 1 has an implicit association with Route Table B because it is the new main route table. Route Table A is no longer in use.
If you disassociate Subnet 2 from Route Table B, there"s still an implicit association between Subnet 2 và Route Table B. If you no longer need Route Table A, you can delete it.
Gateway route tables
You can associate a route table with an internet gateway or a virtual private gateway. When a route table is associated with a gateway, it"s referred to lớn as a gateway route table. You can create a gateway route table for fine-grain control over the routing path of traffic entering your VPC. For example, you can intercept the traffic that enters your VPC through an internet gateway by redirecting that traffic khổng lồ a middlebox appliance (such as a security appliance) in your VPC.
A gateway route table supports routes where the target is local (the mặc định local route), a Gateway Load Balancer endpoint, or an elastic network interface (network interface) in your VPC that"s attached lớn your middlebox appliance. When the target is a Gateway Load Balancer endpoint or a network interface, the following destinations are allowed:
The entire IPv4 or IPv6 CIDR bloông chồng of your VPC. In this case, you replace the target of the default local route.
The entire IPv4 or IPv6 CIDR blochồng of a subnet in your VPC. This is a more specific route than the default local route.
If you change the target of the local route in a gateway route table khổng lồ a network interface in your VPC, you can later restore it to the mặc định local target. For more information, see Replace or restore the target for a local route.
In the following gateway route table, traffic destined for a subnet with the 172.31.0.0/đôi mươi CIDR bloông chồng is routed to a specific network interface. Traffic destined for all other subnets in the VPC uses the local route.
In the following gateway route table, the target for the local route is replaced with a network interface ID. Traffic destined for all subnets within the VPC is routed to the network interface.
Rules & considerations
You cannot associate a route table with a gateway if any of the following applies:
The route table contains existing routes with targets other than a network interface, Gateway Load Balancer endpoint, or the mặc định local route.
The route table contains existing routes lớn CIDR blocks outside of the ranges in your VPC.
Route propagation is enabled for the route table.
In addition, the following rules and considerations apply:
You cannot add routes lớn any CIDR blocks outside of the ranges in your VPC, including ranges larger than the individual VPC CIDR blocks.
You can only specify local, a Gateway Load Balancer endpoint, or a network interface as a target. You cannot specify any other types of targets, including individual host IP addresses.
You cannot route traffic from a virtual private gateway to a Gateway Load Balancer endpoint. If you associate your route table with a virtual private gateway & you add a route with a Gateway Load Balancer endpoint as the target, traffic that"s destined for the endpoint is dropped.
You cannot specify a prefix list as a destination.
You cannot use a gateway route table khổng lồ control or intercept traffic outside of your VPC, for example, traffic through an attached transit gateway. You can intercept traffic that enters your VPC và redirect it to another target in the same VPC only.
To ensure that traffic reaches your middlebox appliance, the target network interface must be attached to a running instance. For traffic that flows through an internet gateway, the target network interface must also have sầu a public IP. address.
When you route traffic through a middlebox appliance, the return traffic from the destination subnet must be routed through the same appliance. Asymmetric routing is not supported.
For an example of routing for a security appliance, see Routing for a middlebox appliance.
We use the most specific route in your route table that matches the traffic to determine how to lớn route the traffic (longest prefix match).
Routes khổng lồ IPv4 và IPv6 addresses or CIDR blocks are independent of each other. We use the most specific route that matches either IPv4 traffic or IPv6 traffic to lớn determine how to route the traffic.
For example, the following subnet route table has a route for IPv4 internet traffic (0.0.0.0/0) that points to an mạng internet gateway, & a route for 172.31.0.0/16 IPv4 traffic that points to lớn a peering connection (pcx-11223344556677889). Any traffic from the subnet that"s destined for the 172.31.0.0/16 IP.. address range uses the peering connection, because this route is more specific than the route for mạng internet gateway. Any traffic destined for a target within the VPC (10.0.0.0/16) is covered by the Local route, and therefore is routed within the VPC. All other traffic from the subnet uses the mạng internet gateway.
If you"ve attached a virtual private gateway to your VPC and enabled route propagation on your subnet route table, routes representing your Site-to-Site VPN connection automatically appear as propagated routes in your route table. If the propagated routes overlap with static routes & longest prefix match cannot be applied, the static routes take priority over the propagated routes. For more information, see Route tables and VPN route priority in the kulturbench.com Site-to-Site VPN User Guide.
In this example, your route table has a static route to an mạng internet gateway (which you added manually), và a propagated route to lớn a virtual private gateway. Both routes have a destination of 172.31.0.0/24. In this case, all traffic destined for 172.31.0.0/24 is routed lớn the mạng internet gateway — it is a static route and therefore takes priority over the propagated route.
The same rule applies if your route table contains a static route lớn any of the following:
Gateway VPC endpoint
VPC peering connection
Gateway Load Balancer endpoint
If the destinations for the static và propagated routes are the same, the static route takes priority.
Route priority for prefix lists
If your route table references a prefix menu, the following rules apply:
If your route table contains a static route that overlaps with another route that references a prefix các mục, the static route with the destination CIDR bloông xã takes priority.
If your route table contains a propagated route that overlaps with a route that references a prefix menu, the route that references the prefix các mục takes priority.
If your route table references multiple prefix lists that have overlapping CIDR blocks to lớn different targets, we randomly choose which route takes priority. Thereafter, the same route always takes priority.
If the CIDR block in a prefix list entry is not valid for the route table, the entry is ignored. For example, in a subnet route table, if the prefix danh mục contains an entry with a more specific CIDR than the VPC CIDR, that entry is ignored.