AWS Networking Fundamentals: Route Tables and VPC Connectivity

This guide covers the core components of Amazon Virtual Private Cloud (VPC) networking, focusing on how traffic is directed through subnets using route tables, gateways, and CIDR blocks.

Learning Objectives

After studying this guide, you should be able to:

• Define the role and structure of Route Tables in an AWS VPC.
• Differentiate between the Main Route Table and Custom Route Tables.
• Calculate available IP addresses in a CIDR block and identify AWS reserved addresses.
• Configure a Public Subnet using an Internet Gateway and a default route.
• Explain the routing requirements for NAT Gateways and VPC Peering.

Key Terms & Glossary

• CIDR (Classless Inter-Domain Routing): A method for allocating IP addresses and IP routing. Example: 10.0.0.0/16 provides 65,536 addresses.
• Implicit Router: The software-defined function AWS uses to manage VPC traffic; there is no physical router to configure.
• Local Route: A mandatory route in every table that allows communication between all subnets within the same VPC.
• Destination-Based Routing: The principle that routing decisions are made solely based on the destination IP prefix, not the source.
• Main Route Table: The default table automatically created with a VPC that controls all subnets not explicitly assigned to a custom table.

The "Big Idea"

In AWS, the Route Table is the "brain" of the network. While subnets provide logical isolation for resources, the route table determines where those resources can actually "talk." Without a properly configured route table, an EC2 instance is isolated, even if it has a public IP address. Mastering route tables is the key to building secure, multi-tier architectures (e.g., Public Web Tier + Private Database Tier).

Formula / Concept Box

Hierarchical Outline

1. VPC Structure
   • CIDR Block: Defines the primary IP range for the entire VPC.
   • Subnets: Sub-segments of the VPC CIDR located in specific Availability Zones (AZs).
2. Route Table Mechanics
   • The Main Route Table: Automatically handles routing for all subnets by default.
   • Custom Route Tables: Created by users to override default routing for specific subnets (e.g., making a subnet "Public").
   • Routes: Comprised of a Destination (CIDR) and a Target (IGW, NAT, VGW, or Peering Connection).
3. Connectivity Components
   • Internet Gateway (IGW): Provides a target for internet-bound traffic.
   • NAT Gateway: Allows private instances to reach the internet without being reachable from the internet.
   • VPC Peering: Connects two VPCs; non-transitive (if A peers with B, and B peers with C, A does NOT peer with C).

Visual Anchors

Packet Routing Flow

Multi-Tier Architecture Logic

\begin{tikzpicture}[node distance=2cm, every node/.style={rectangle, draw, minimum width=3cm, minimum height=1cm, align=center}]

% VPC Boundary \draw[dashed, thick] (-1,-1) rectangle (9,5); \node[draw=none] at (4,4.7) {\textbf{VPC (10.0.0.0/16)}};

% Nodes \node (IGW) at (4,6) {Internet Gateway (IGW)}; \node (PubRT) at (1.5,3.5) {Public Route Table$0.0.0.0/0 $\rightarrow$ IGW)}; \node (PrivRT) at (6.5,3.5) {Private Route Table$Local Only)}; \node (Sub1) at (1.5,1) {Public Subnet$Web Servers)}; \node (Sub2) at (6.5,1) {Private Subnet$DB Cluster)};

% Connections \draw[->, thick] (Sub1) -- (PubRT); \draw[->, thick] (PubRT) -- (IGW); \draw[->, thick] (Sub2) -- (PrivRT); \draw[<->, dashed] (Sub1) -- node[midway, above] {Local Route} (Sub2);

\end{tikzpicture}

Definition-Example Pairs

• Default Route (0.0.0.0/0):
  • Definition: A catch-all route for any traffic destined for an IP address outside the known local or specific routes.
  • Example: To let a web server talk to the general internet, you add 0.0.0.0/0 with the target igw-12345678 to its route table.
• Static Routing:
  • Definition: Manually entering routes into a table rather than using a dynamic protocol.
  • Example: When setting up a VPC Peering connection, you must manually add the CIDR of the peer VPC and point it to the Peering Connection ID (pcx-xxxx).

Worked Examples

Scenario 1: Creating a Public Subnet

Problem: You have a new VPC (10.0.0.0/16) and a subnet (10.0.1.0/24). Instances in this subnet cannot reach the internet.

Step-by-Step Solution:

1. Create an Internet Gateway (IGW): Attach it to your VPC.
2. Create a Custom Route Table: Name it "Public-RT".
3. Add a Route: Set Destination to 0.0.0.0/0 and Target to the ID of the IGW you just created.
4. Associate Subnet: Explicitly associate the 10.0.1.0/24 subnet with "Public-RT".
5. Assign IP: Ensure instances have a Public IP or Elastic IP address.

Scenario 2: Calculating Subnet Capacity

Problem: You create a subnet with a CIDR of 10.0.2.0/28. How many usable IP addresses are available for your EC2 instances?

Step-by-Step Solution:

1. Calculate Total IPs: A /28 mask provides $2^{(32-28)} = 2^4 = 16$ total addresses.
2. Subtract Reserved IPs: AWS reserves 5 IPs in every subnet.
3. Final Count: $16 - 5 = 11$ usable addresses.

Checkpoint Questions

1. What is the only mandatory route found in every AWS route table?
   • Answer: The Local Route.
2. If a subnet is not explicitly associated with a custom route table, which table does it use?
   • Answer: The Main Route Table.
3. True or False: A VPC Peering connection supports transitive routing (A can talk to C through B).
   • Answer: False.
4. What target should you use in a route table to allow private instances to access the internet through a NAT Gateway?
   • Answer: The NAT Gateway ID (e.g., nat-0a1b2c3d).
5. How many IP addresses are available in a /24 subnet after accounting for AWS reservations?
   • Answer: 251 ($256 - 5$).

[!IMPORTANT] Routing in AWS is destination-based. You cannot route based on the source of the traffic. To control access based on source, use Security Groups or NACLs instead of Route Tables.