While studying for the AWS Certified Advanced Networking exam, I came across a few things that I wanted to write down. First on the list is route priority. As a network engineer, I've been taught that the most specific route wins. That is not necessarily the case in a VPC. Instead a subnet that is marked as local in the VPC route table is always preferred. It does not matter if there is a more specific prefix pointing to a resource outside the VPC.
In the example shown below, resources within the VPC (10.0.0.0/16) will not be able to communicate with the data center (10.0.8.0/24). The VPC router will ignore the route learned from the virtual private gateway. This happens because the VPC owns the 10.0.0.0/16 IP space.
Destination | Target |
---|---|
10.0.0.0/16 | Local |
10.0.8.0/24 | vgw-xxxxxxxx |
The VPC route table uses the following process to determine how to route traffic.
For overlapping routes from a VPN connection: