BrainyBeeBrainyBee
Study Guide985 words

Mastering AWS Route Tables: Propagation and BGP Dynamics

Using route tables to direct traffic appropriately (for example, automatic propagation, BGP)

Mastering AWS Route Tables: Propagation and BGP Dynamics

This guide covers the mechanics of directing VPC traffic through route tables, focusing on the automation provided by route propagation and the Border Gateway Protocol (BGP) in hybrid cloud architectures.

Learning Objectives

By the end of this guide, you should be able to:

  • Explain the Longest Prefix Match rule in route selection.
  • Configure and troubleshoot Route Propagation for Virtual Private Gateways (VGW).
  • Distinguish between iBGP and eBGP in the context of AWS hybrid connectivity.
  • Identify when Static Routes are required versus when dynamic updates (BGP) can be utilized.

Key Terms & Glossary

  • Route Table: A set of rules (routes) used to determine where network traffic from your VPC is directed.
  • Route Propagation: A feature that allows a Virtual Private Gateway to automatically inject routes into VPC route tables.
  • BGP (Border Gateway Protocol): A dynamic routing protocol used to exchange reachability information between autonomous systems (AS).
  • Autonomous System (AS): A collection of IP networks and routers under the control of one entity that presents a common routing policy to the internet.
  • Longest Prefix Match: The algorithm used by routers to select a route from the routing table; the most specific subnet mask (highest CIDR prefix) wins.

The "Big Idea"

Think of the VPC Route Table as the "traffic controller" of your cloud network. In a simple setup, you can manually tell the controller where to send every car. However, in a hybrid environment (AWS connected to a Data Center), traffic patterns change constantly. BGP and Route Propagation act as a live radio feed for the controller, automatically updating the maps so traffic always finds the most efficient path to on-premises resources without manual intervention.

Formula / Concept Box

RuleDescription
Longest Prefix MatchIf traffic matches 10.0.0.0/16 and 10.0.1.0/24, the /24 route is chosen.
Static Over PropagatedIn some AWS configurations, if an exact CIDR match exists for both a static and a propagated route, the static route takes precedence.
BGP PeeringBGP runs over TCP port 179. It uses Keepalives to maintain sessions without resending the entire table.

Hierarchical Outline

  • I. VPC Routing Fundamentals
    • Default vs. Custom Tables: Every VPC has a main table; subnets use the main table unless explicitly associated with a custom one.
    • Targets: Routes point to targets like igw-id (Internet Gateway), vgw-id (Virtual Private Gateway), or tgw-id (Transit Gateway).
  • II. Route Propagation
    • Automation: Imports on-premises routes (via VPN or Direct Connect) automatically.
    • VGW Requirement: Requires a Virtual Private Gateway with propagation enabled.
  • III. Border Gateway Protocol (BGP)
    • eBGP: Routing between different ASs (e.g., AWS AS 64512 to On-prem AS 65000).
    • iBGP: Routing within the same AS.
    • Attributes: BGP routes are collections of attributes used for path selection (e.g., AS-Path, Multi-Exit Discriminator).
  • IV. Transit Gateway (TGW) Specifics
    • Dynamic Updates: TGW uses BGP to update its own internal route tables.
    • Static Necessity: VPC route tables do not automatically populate from TGW; you must create a static route pointing to the TGW ID.

Visual Anchors

Traffic Decision Flow

Loading Diagram...

Hybrid Connectivity with BGP

\begin{tikzpicture}[node distance=2cm, every node/.style={draw, rectangle, minimum width=2.5cm, minimum height=1cm, align=center}]

% Nodes \node (OnPrem) {On-Premises$AS 65001)}; \node (Router) [right of=OnPrem, xshift=2cm] {Customer Gateway$Router)}; \node (VGW) [right of=Router, xshift=2cm] {AWS VGW$AS 64512)}; \node (VPC) [right of=VGW, xshift=2cm] {AWS VPC\Route Table};

% Connections \draw[thick, <->] (OnPrem) -- (Router); \draw[thick, <->, dashed] (Router) -- node[above, draw=none] {eBGP Session} (VGW); \draw[thick, ->] (VGW) -- node[above, draw=none] {Propagation} (VPC);

% Labels \node[draw=none, below of=Router, yshift=1cm] {\tiny Public IP / VPN / DX};

\end{tikzpicture}

Definition-Example Pairs

  • External BGP (eBGP):
    • Definition: BGP used between routers in different Autonomous Systems.
    • Example: Your corporate data center router (AS 65100) exchanging routes with an AWS Direct Connect location (AS 64512).
  • Route Summarization:
    • Definition: Consolidating multiple contiguous routes into a single larger advertisement.
    • Example: Instead of advertising 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24, you advertise a single 10.1.0.0/16 to reduce route table size.
  • Keepalives:
    • Definition: Small packets sent between BGP peers to confirm the session is still active.
    • Example: A router sends a keepalive every 30 seconds; if three are missed, the neighbor is declared "down" and its routes are purged.

Worked Examples

Scenario: The Conflict of Prefixes

An EC2 instance in a VPC (10.0.0.0/16) needs to send a packet to 172.16.1.50.

The VPC Route Table has these entries:

  1. 172.16.0.0/12 -> Target: tgw-0123 (Transit Gateway)
  2. 172.16.1.0/24 -> Target: vgw-4567 (VPN via VGW)
  3. 0.0.0.0/0 -> Target: igw-8901 (Internet Gateway)

Step-by-Step Selection:

  • Step 1: Does 172.16.1.50 match 0.0.0.0/0? Yes (Default route).
  • Step 2: Does 172.16.1.50 match 172.16.0.0/12? Yes.
  • Step 3: Does 172.16.1.50 match 172.16.1.0/24? Yes.
  • Result: The Longest Prefix Match is 172.16.1.0/24 because /24 is more specific than /12 or /0. Traffic is sent to the VGW.

Checkpoint Questions

  1. If you peer two Transit Gateways, are routes automatically propagated across the peering connection? (Answer: No, static routes are required).
  2. What protocol is used by Transit Gateway to automatically update its own route table when a VPN is added? (Answer: BGP).
  3. In a VPC route table, which route type always takes precedence: a /16 static route or a /24 propagated route? (Answer: The /24 propagated route due to Longest Prefix Match).

Muddy Points & Cross-Refs

[!WARNING] TGW vs VPC Propagation: A common point of confusion is thinking that enabling propagation on a VGW will also update the TGW. It won't. TGW has its own separate route tables and its own BGP sessions.

  • Overlapping CIDRs: If you have overlapping on-premises CIDRs, BGP will only choose the "Best Path" based on attributes. If BGP is not used, static routes must be carefully managed to avoid traffic blackholes.
  • Transit Gateway Peering: Remember that Route Propagation is not supported over TGW Peering interconnections. You must manually add static routes in the TGW Route Table to point to the peered TGW.

Comparison Tables

Static vs. Dynamic (BGP) Routing

FeatureStatic RoutingDynamic Routing (BGP)
Setup EffortHigh (Manual entry)Low (Automated discovery)
ScalabilityPoor (Becomes complex)Excellent (Handles thousands of routes)
FailoverManual or ScriptedAutomatic (Via path withdrawal)
Best ForSmall environments / Simple VPC peeringHybrid networks / Direct Connect / SD-WAN

iBGP vs. eBGP

CharacteristiciBGPeBGP
AS LocationSame Autonomous SystemDifferent Autonomous Systems
DistanceTypically many hops awayUsually directly connected
Primary UseInternal route distributionConnecting to ISP or AWS
All AWS Certified Advanced Networking - Specialty (ANS-C01) Study Resources

Ready to study AWS Certified Advanced Networking - Specialty (ANS-C01)?

Practice tests, flashcards, and all study notes — free, no sign-up needed.

Start Studying — Free