Routes in AWS – Destinations and Targets

Also read – Palo Alto East West and Ingress Egress Filtering – on GCP and AWS

Routes in AWS Overview – Destinations versus Targets

Routes are composed of destinations and targets (should sound familiar if you have worked with AWS Security Groups).  Destinations can be on premises networks (CIDR Blocks), local networks (VPC CIDR Block) or the internet (0.0.0.0/0). Targets are the gateway that the route will route traffic to.

Some examples of destinations :

Alternatively, you can replace the target for the local route with the network interface of the appliance. You can do this to ensure that all traffic is automatically routed to the appliance, including traffic destined for subnets that you add to the VPC in the future.

• Local VPC Traffic destination – within the VPC (10.0.0.0/16) is covered by the Local route, and is routed within the VPC.
• On Premises Network Destination – There is a route for 172.31.0.0/16 IPv4 traffic that CAN point to either a peering connection OR a VgW (VPN Gateway).
• Internet Destination – There is a route for all IPv4 traffic (0.0.0.0/0) that points to an internet gateway.
• IPv6 Traffic to the internet – Route for all IPv6 traffic (::/0) that points to an egress-only internet gateway (Egress Only Gateways)

What if I want to route all VPC traffic through an appliance (e.g. Palo Alto Firewall)?

Alternatively, you can replace the target for the local route with the network interface of the appliance. You can do this to ensure that all traffic is automatically routed to the appliance, including traffic destined for subnets that you add to the VPC in the future.