Can I add an extra route to my Amazon VPC?

Question

I have an Amazon VPC set up between AWS and my corporate LAN.

Originally, when I set it up, I specified static routing for the following CIDRs:

10.55.55.0/24 10.77.77.0/24 10.99.99.0/24

I set up the following CIDR in the VPC:

10.44.0.0/16

This all worked fine.

I now have a new network on my Corporate LAN: 10.55.54.0/24

I added a new route in the main routing table for this, pointing to the same vgw as the others.

When I know look at the routes, I see that the original 3 routes are propagated, but the 4th new one is not.

On a server instance in 10.44.0.0/16, I can still connect to hosts in the existing 3 CIDRs, but I am not seeing any routing for the new CIDR:

[server]$ traceroute 10.55.55.88
traceroute to 10.55.55.88 (10.55.55.88), 30 hops max, 60 byte packets
1  169.254.254.37 (169.254.254.37)  0.543 ms  0.524 ms  0.504 ms
2  169.254.254.5 (169.254.254.5)  1.278 ms  1.007 ms  0.985 ms
3  169.254.254.2 (169.254.254.2)  32.596 ms 169.254.254.6 (169.254.254.6)  35.244 ms     169.254.254.2 (169.254.254.2)  32.830 ms
4  ip-10-55-55-88.eu-west-1.compute.internal (10.55.55.88)  36.822 ms  37.338 ms  36.842 ms


[server]$ traceroute 10.55.54.88
traceroute to 10.55.54.88 (10.55.54.88), 30 hops max, 60 byte packets
<timeout>

What step am I missing here? Do I have to recreate the entire VPC/VPN to include the new CIDR?

I think there is a way to alter the routing table of the VPC somewhere in the AWS panel. — Florin Asăvoaie, Aug 28 '14 at 13:29
"I added a new route in the main routing table for this, pointing to the same vgw as the others." — Garreth McDaid, Aug 28 '14 at 13:32

dialt0ne · Accepted Answer · 2014-08-30T17:41:05.260

You do not need to add a route into any routing table for this to work. It can be accomplished in a few steps in the console

Go to "VPN Connections", select the connection for your corporate LAN, go to the "Static Routes" tab and add the new IP subnet
Go to "Route Tables", select the table you want to modify, go to the "Route Propagation" tab and insure the Virtual Private Gateway for your corporate LAN is checked
Insure that the route table modified in the previous step is associated with the subnets you want ("Subnets", select a subnet, "Route Table")

Note: You can only have one route table associated with a subnet at a time. If you have changed the route table from the main routing table to a custom one, you will need to insure that route table has route propagation enabled for your virtual private gateway.

Additional things to check:

Be sure that routes are setup appropriately on your corporate LAN so that packets from the new IP subnet to the VPC subnet will be appropriately routed via your customer gateway
Insure that if you were filtering packets on your customer gateway you enable packets with the new IP subnet as the source.

As always review the Amazon Virtual Private Cloud documentation.

Much obliged for this. It was Step 1 that I was missing ie adding the extra Static Route under the VPN Connection. I love AWS, but the VPC stuff can be a bit of a "Black Art" by times. — Garreth McDaid, Aug 29 '14 at 12:14
I think the UI has changed and this answer no longer seems relevant. I have a very similar problem but am using direct connect. The route I've added to the main table appears as not propagated and i have no idea how i'm supposed to propagate it. — rix, Jul 30 '19 at 09:48

Can I add an extra route to my Amazon VPC?

1 Answers1