VGW VPC Route Priority

- networking aws

This post is part of my note taking while studying for the AWS Certified Advanced Networking - Specialty certification.

In studying for my AWS Advanced Networking Specialty, I came across the following information on how the VPC route table will select a route if there are overlapping routes. To read it from the horse’s mouth, see here

  1. Longest prefix match
  2. (If a VGW is attached) Local routes preferred over routes via VPN or AWS Direct Connect. Direct Connect preferred over VPN
  3. (If a VGW is attached) If any propagates routes from a VPN connection or AWS Direct Connect have the same destination CIDR blocks as existing static routes (and a longest prefix match cannot be applied), static routes are prioritized whose targets are an IGW, VGW, ENI, Instance ID, VPC peering connection, NAT gateway, or VPC endpoint (I think as opposed to an IP address)
  4. (If overlapping routes with a VPN connection an a longest prefix match cannot be applied) BGP route learned via AWS Direct Connect
  5. (If overlapping routes with a VPN connection an a longest prefix match cannot be applied) Manually added static routes for a VPN connection
  6. (If overlapping routes with a VPN connection an a longest prefix match cannot be applied) BGP routes learned via a VPN connection

Understanding these rules will help understand where traffic flows and how to succesfully architect different failover scenarios.