Hello and welcome to this lecture, where I want to discuss how AWS route tables manage routing priorities for overlapping routes.

A key point of understanding AWS routing, especially when it comes to troubleshooting, is to know how AWS route tables prioritizes these routes. For example, if there are overlapping destinations from a CIDR block perspective, which target should AWS use to send the traffic to?

Remember, the destination points to the network you need to route to and the target provides the gateway for doing so. The rule of thumb is that AWS will use the most precise route available within the table to route traffic to a specific destination. This is also known as the Longest Prefix Match.

For example, let's say you had four routes in your route table associated to a subnet as shown.

This subnet has its local route, like every subnet has, enabling all subnets within the VPC to route to each other. It also has an Internet gateway with a destination value of 0.0.0.0/0. Then it has two routes on the 192.168 network. So if traffic from within your subnet needed to be routed to 192.168.1.1, which route would it use?

Like I said before, the rule of thumb will be the most specific, in this instance, the last route in the table with a destination of 192.168.1.0/24 as this route has the Longest Prefix Match, even though it also falls within the boundaries of the third route. Let's look at some more examples.

So the first column shows a number of IP addresses in this example that we are trying to reach. The second column shows the potential routes that those IP addresses could use, if looked at individually. Almost all of the IP addresses could use more than one route in the table. The third and fourth columns show the example root table entries used previously. The fourth column shows the selected route for the corresponding IP address. And the final column explains the reason why that particular IP address used that route. Feel free to pause the video and take a review of this table for a few minutes.

Now there are some circumstances where the Longest Prefix Match of a route is not selected within the route table and these are important to be aware of, as they could aid with any routing troubleshooting issues that may arise.

If you have any virtual gateways attached to your VPC and have enabled propagation for those virtual gateways and these propagated routes have overlapping destinations with your VPC's local route, then your VPC local route will have precedence, even if your propagated routes across your VPN link have the Longest Prefix Match.

Also, again, if you have any propagated routes that have the same destination specified as any of your other existing static routes within your route table, then the rule of Longest Prefix Match will not be applied. Instead, the following priority is executed against any static routes that have the following gateways as their target first, the Internet Gateway, a Virtual Private Gateway, a Network Interface, an Instance ID, a VPC Peering connection, a NAT Gateway, or a VPC Endpoint.

Let me take a look at a couple of examples where these may come into play. This route table contains two routes, one is the local route for all VPC subnets and a second overlapping route that has been added through propagation via a Virtual Private Gateway. Any traffic destined to the 10.0.1.0/24 network will be routed using the local VPC route over any propagated route, even though it has the Longest Prefix Match.

Another example, in this example the root table has three routes, one that is the local VPC route, a route to the Internet Gateway, and a propagated route to the same destination as the Internet Gateway route. Just to clarify, the Internet Gateway does not always have to point to 0.0.0. 0/0 as it has done previously in this course. In some circumstances, you may only want to route to specific networks out to your Internet connection, rather than to everywhere. Any traffic that is destined for the 172.31.0.0/16 network would have the potential of using two routes. However, in this scenario, all traffic to that network would use the Internet Gateway route, as that is a static route and has precedence over any propagated route. When managing route tables, including your static and any propagated routes.

Do be aware that there are limitations on the number of routes within a VPC in any one table. Currently, there is a default limit of 200 routes per VPC, however, you can request an increase if required. For each route table you have a default of 50 non-propagated routes, with a maximum increased limit of 100.

However, if you do increase the amount of routes you may notice some degradation to your network performance. This limit is separate for both IPv4 and IPv6 addressing, meaning you can potentially have up to 100 IPv4 routes and 100 IPv6 routes. The maximum propagated route limit is fixed at 100 per route table, and this limit cannot be increased.

So far, we have looked at AWS routing, covering what routing is, the route tables themselves, subnet associations, route propagation, routing priority and limitations. In the next few lectures I want to run through some examples of how routing is configured across a range of different designs and configurations, including routing to a VPC Peered Connection, a Virtual Private Gateway, a NAT Gateway, an Internet Gateway and a VPC Endpoint.