Route Table
This article explains how routing works in an Amazon VPC, including the role of the implicit router and route tables.
In this lesson, we’ll dive into how routing functions inside an Amazon Virtual Private Cloud (VPC). Each VPC includes an implicit, built-in router that directs traffic between subnets as well as between the VPC and external networks.
The Implicit VPC Router¶
Every VPC router:
- Has one interface per subnet, using the
.1address in each CIDR (for example, if a subnet’s CIDR is192.168.1.0/24, its router IP is192.168.1.1). - Routes traffic between subnets and to gateways or on-premises connections.
- Is configured via route tables, where each table contains a set of routes (rules) defining how to forward packets.
How Route Tables Work¶
When a packet leaves a subnet, the router:
- Examines the destination IP.
- Finds the matching prefix in the associated route table.
- Chooses the most specific route (longest prefix match).
- Forwards the packet to the route’s target (local, gateway, instance, etc.).
For example, given two IPv6 routes:
2001:db8:abcd::/48→ local2001:db8:abcd:0012::/64→ local
A packet destined for 2001:db8:abcd:0012::1234 matches both, but uses the /64 route because it has the longer prefix.
Default Route Tables and Associations¶
By default, every route table in a VPC contains:
- A local route for the VPC’s IPv4 CIDR (e.g.,
10.16.0.0/16→ local) - If IPv6 is enabled, another local route for the IPv6 block
When a VPC is created, AWS provides a default route table. Subnets automatically associate with this default unless you specify another.
You can group subnets—for instance, all public subnets—under a “public” route table that directs internet-bound traffic through an Internet Gateway. Private subnets can use a separate table routing through a NAT Gateway or other appliance.
| Component | Default Behavior | Customization |
|---|---|---|
| VPC Router | Implicit router with one interface per subnet | N/A |
| Route Table | Contains a local route for IPv4 (and IPv6 if any) | Add routes to IGW, NAT Gateway, VGW, etc. |
| Subnet Association | Each subnet links to default route table | Associate subnets to custom tables |
| Prefix Matching | Chooses longest-prefix route first | Critical when CIDRs overlap |
| Route Targets | local (default) | IGW, NAT, instance, VPC peering, etc. |
VPC Routing Overview¶
- Each VPC has an implicit router with one interface per subnet (
.1address). - Route tables define forwarding rules based on IP prefix destinations.
- The router selects the most specific matching route (longest prefix).
- Packets are forwarded to targets like local, gateways, or instances.
- Every table includes a local route for the VPC’s IPv4 (and, if enabled, IPv6) CIDR.
Key Takeaways¶
- Every VPC has one default route table.
- Subnets must be associated with exactly one route table.
- Multiple subnets can share the same route table.
- Custom route tables enable distinct public/private routing behaviors.
References¶
- Every VPC has a router which is responsible for routing traffic between subnets as well as in and out of a VPC
- The router has an interface in every subnet of the VPC and is reachable from the network+1 address of each subnet
- Route table is a set of rules the router uses to forward network traffic. Each rule is referreed to as a route
- The router looks at the destination IP of a packet leaving the subnet and will find a matching route by checking the destination column
- Once matched with a destination, the packet will be forwarded to the respective Target column of the route
- All route tables have exactly one route by default, which is the local route (2 local routess will be created if IPv6 is enabled for VPC)
- Every Subnet is associated with one route table
- Each VPC has one default route table
- Multiple subnets can be associated with a single route table