Router has network interface at network+1 address in every subnet
VPC router moves traffic from one subnet to another
The flow of traffic is controlled by route tables
Route Table associated with a subnet decides what VPC router will do when data leaves that subnet
Route Tables
A VPC is created with a Main or default route table. IF not route tables are associated with a subnet, this route table is used
Subnet can have only one route table but same route table can be used by many subnets
A route table entry consists of
Destination - The IP address or range of IP addresses where the traffic is destined to go
Target - The gateway, Network Interface or Connection through which the traffic is to be sent to destination. Value of "Local" indicates that the traffic is destined within the VPC
Priority - Local route always takes priority. Other than that the more specific a route is i.e. higher the cider prefix greater is the priority
Internet Gateway
Regionally resilent service. One does not need one IG per AZ
A VPC can have 0 or 1 IG. An IG can be attached to 0 or 1 VPC
IG gateways traffic between VPC and Internet or AWS Public zone
To use IG..Create the IG, attach it to VPC, create custom route table, associate with subnet that needs internet access, add IG as target for routes in the route table
IPV4 Routing
Instance has private IPV4 address & a public IPV4 address. But the public address never touches the OS/EC2 instance
IG maintains a mapping of IPV4 private to public address
For outbound traffic IG replaces the source Private address with a public address.
For inbound traffic IG replaces the destination public address with a private address