Example for Routing Table Configuration
This example explains how to create routing tables for a single VPC with a north/south connectivity scenario after configuring the Gateway load balancer and autoscaling groups in AWS.
Refer to Single VPC with north/south connectivity architecture pattern in the Architecture patterns for inline inspection section for the architecture diagram.
This example uses three routing tables to manage traffic flow in the Application VPC.
Application Route Table (per subnet to be monitored):
Associated with the Application Subnet (10.0.1/24). Routes local VPC traffic (10.0.0.0/16) as local. Routes all other traffic (0.0.0.0/0) to the Gateway Load Balancer Endpoint (GWLBE).
GWLBE Subnet Route Table:
Associated with the GWLB Endpoint Subnet (10.0.2/24). Routes local VPC traffic as local. Routes 0.0.0.0/0 (egress return traffic) to the Internet Gateway (IGW).
Main VPC Route Table (for ingress):
Routes internal traffic (10.0.0.0/16) as local. Routes 10.0.1/24 (application subnet range) to the GWLB Endpoint, allowing ingress traffic to be mirrored/inspected before reaching the application.
Create Routing Table
Refer to Configure routing section in the AWS Documentation.
Application Route table
Enter the details as mentioned in the following table.
| Traffic Direction |
Destination |
Target |
|---|---|---|
|
Traffic bound for the Internet |
0.0.0.0/0 |
Choose Gateway Load Balancer Endpoint and select the gateway load balancer endpoint. |
GWLBE Subnet Route Table
Enter the details as mentioned in the following table.
| Traffic Direction |
Destination |
Target |
|---|---|---|
|
Traffic from the GWLB bound for the Internet |
0.0.0.0/0 |
Choose Internet gateway and select the Internet gateway. |
Main VPC Route table
Edit the default routing table.
In the VPC Endpoint, any subnet that is not associated with the endpoint should be associated with the internet gateway. Enter the details as mentioned in the following table.
| Traffic Direction |
Destination |
Target |
|---|---|---|
|
Traffic from the subnet that is not associated with the endpoint |
<IP address of the subnet> |
Choose Internet gateway and select the Internet gateway. |
Edge Association
Edge association occurs when traffic coming in from the Internet enters the VPC through the Internet Gateway (IGW). Modify the default route (0.0.0.0/0) in the route table to point to the Internet Gateway. Any ingress traffic will hit the IGW when it reaches the VPC. Refer to the Edge associations section in AWS.
Associate Subnet to Route Table
You must associate the VPC endpoint subnet with the GWLBE Subnet Route Table, and the other subnets must be associated with the Application Route Table. To associate subnets with the route table, follow the instructions in the table below.
|
Parameters |
Instructions |
Reference |
Mandatory field |
|---|---|---|---|
|
Subnet route table settings |
|||
|
Route Table ID |
Choose the GWLBE Subnet Route Table for the VPC Endpoint subnet and choose the Application Route table for the other subnets. |
Yes |
|
