VPC subnet routing.

Question

We are setting up a site to site VPN to a VPC. The VPC has a main subnet and several subnets. For route tables, do we need explicit subnet associations? We are having difficulty getting the VPN and our network to communicate even though the virtual provate gateway and site-to-site vpn look fine.  Aslo how do we trace routing through this configuration since there are not any hops to see on trace routes?

Accepted Answer

Hi GregL,

It doesn't necessarily required to explicitly associate `subnets` with `route tables` if the **Main** route table is efficiently providing connectivity to your subnets to/from the on-prem networks via the S2S VPN. However if you have multiple route tables designated for your subnets, you need to explicitly associate them in order for the route tables and the connectivity to be working for those subnets.

Few things to check for the connectivity:

* Is the route to on-premises network(s) exist in the route table. If you have multiple route tables, check whether the route tables are associated with correct subnets as per your requirement. 
* Potentially, checking the route propagation on the Virtual Private Gateway could help in some cases if the routes to on-prem are not present in the VPC Route table(s). Check here [[1]](https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-configure-routing)

Thanks

Answer

I found the answer to the first part of my quest. The route table will apply to all subnets of a VPC, unless you explicitly assign some other Route Table to them.

VPC subnet routing.

関連するコンテンツ