Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS EC2 instance route table and VPC route table

Tags:

amazon-web-services

amazon-ec2

amazon-vpc

Is the VPC route table supposed to be installed as the route table on my ec2 instance? My instance is in the associated subnet yet it's route table seems to be independent of what I do in the VPC route table. I'm in the process of setting up NAT and want to have my instances take the VPC route table so they use my NAT instance as the default gateway.

EDIT: If the VPC route table is supposed to be somehow propagated to my instance (4.1.10-17.31.amzn1.x86_64), is there any documentation on what mechanism does this? I'm not finding anything.

like image 271
mwood Avatar asked Dec 04 '15 18:12

mwood

1 Answers

Typically, the correct configuration is to leave the instance route tables alone, and disregard them.

EC2 instances inside VPC use their default route to send all traffic to the virtual router provided by VPC itself.

The VPC router then forwards the traffic according the the VPC route tables for the instance's subnet.

The routes in the VPC route table do not propagate back into the instances themselves, but they're used to make forwarding decisions for all the traffic.

Forwarding traffic "directly" from one instance to another in VPC isn't a meaningful concept, because the VPC network is not a "real" Ethernet network, in spite of appearances to the contrary -- everything is virtual (it's a software-defined network). All traffic between any two instances, whether they're on the same subnet or not, always traverses the VPC network infrastructure in pretty much the same way.

If an instance is on a subnet that has the NAT instance as its default route in the subnet's VPC route table, the instance will automatically use the NAT machine as its default gateway for all traffic outside the VPC supernet, with no configuration necessary in the instance itself.

Note that unlike a conventional network, the NAT instance needs to be on a different subnet than any of the instances that use it as their gateway. The route table for the subnet where the NAT instance is actually installed must have the the igw-xxxxxxxx Internet Gateway object as its default route.

like image 199
Michael - sqlbot Avatar answered Oct 10 '22 16:10

Michael - sqlbot
Sign in to Comment

Related questions

Options for accessing S3/DynamoDB with C/C++ [closed]
Searching for books with the Amazon Product Advertising API - Python
Deployment package did not contain an iisApp
Why do people recommend against using Amazon RDS?
How to encrypt web.config section AND deploy to multiple servers with Amazon Elastic Beanstalk
How to import MYSQL Dump into Amazon RDS
Uploading Large HD Video Files to Amazon Web Services S3
Amazon RDS mysqldump Issues
Error on using aws change-resource-record-sets to add an alias
Is there a way to use an AWS signed URL to perform a multipart upload?
MongoDB into AWS Redshift
AWS Lambda Java compatiblity [closed]
Amazon EC2: instace in public subnetwork without public IP vs instance in private subnetwork
Handling AWS STS key expiration while a file transfer to AWS S3?
AWS Beanstalk: Exponential backoff for SQS?
If a AWS Lambda function has event sources from multiple Kinesis streams, will the batch of incoming records be from a single Kinesis stream or a mix?
How to redirect crawlers requests to pre-rendered pages when using Amazon S3?
Can I authenticate with AWS Cognito from plain Java?
What is application protocol of SNS subscription?
Amazon ECS private DockerHub repo: Unable to decode provided docker credentials error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!