I have created a vpc, and created two subnets one is public subnet(attached to internet gateway) and another is private subnet. I am able to access private subnet from public subnet. My question is how the traffic goes out from private subnet to public subnet? The private subnet is associated with main route table.
And it has only route to local.
If possible can you please met me know how the traffic goes in route tables(in bound and out bound)?
3
Answers
Both route tables has a route to the target called local. "local" means VPC network. Therefore both subnets can communicate within the VPC network. The "VPC Route tables" guide explains these concepts.
The public subnet can communicate with the private subnet because the CIDR of the private subnet falls within the
local
route of the route table associated with the public subnet. Likewise, the private subnet can communicate with the public one because thelocal
route in its route table includes the CIDR of the public subnet.You can run a little experiment with the VPC reachability analyzer to visualize this. Here’s an example which illustrates TCP traffic going from one network interface in a public subnet (associated with the default route table), to a network interface in a private subnet (associated with a custom route table):
and here’s what it looks like the other way around:
Each VPC in AWS has an implicit router. You can configure this router by creating Route Tables. You define Routes in these Route Tables.
Assuming that both of your private and public subnets are part of the same VPC, the traffic between them goes through this implicit router.
What is the difference between private and public subnets?
Some or all of the resources which are part of a public subnet may be reachable from the internet. No resource from the private subnet should be reachable from the internet directly. This does not mean, that private subnets can not have internet access. They can have internet access with a help of a NAT gateway deployed in a public subnet.
Some explanation for the routes from your diagram:
local
route: the default route for a Route Table, makes possible the local traffic to be routed internally in the VPC;igw-id
route: this route makes possible the communication with resources outside if the VPC. Since it has a lower priority than thelocal
route, every destination address which falls outside of the VPC CIDR is routed to the Internet Gateway.