How does Aviatrix help overcome the 100 routes limit for AWS routing tables?
Learning Center | Answers | Site-to-Cloud, VPN & Network Encryption
Amazon’s route table has a hard limit of 200 routes total per VPC. 50 non-propagated routes (Static) and 100 propagated routes (through BGP) per routing table. The 50 limit can be increased to 100 routes by requesting it. Hence, the title of this article refers to the “100 routes limit.”. For more detailed information check the Amazon VPC Limits Document.
You may be wondering, “what actually happens after I reach the 100 route limit?” The older routes will drop from the table, therefore you will think that you are adding more routes, but AWS is silently dropping them on the back end, after it reaches the 100 routes limit.
You might ask yourself: Why should I care? I don’t foresee needing anywhere near 100 routes any time soon. But, consider these scenarios:
- You are connecting from your cloud infrastructure to customer VPCs to provide your services. If you are growing, you’ll certainly reach 100 and surpass that number of customers many times over.
- Your design requires one VPC per account/department/cost center, what about those separated prod/dev/QA environments VPCs, then multiply that times the regions that you plan to deploy…you get the picture. It can easily exceed the AWS limit.
- In a medium sized enterprise 100 routes can be exceeded very quickly. Think about how many routes your internal routers currently have?
The other dimension of this problem is that in order for Amazon to increase that limit to something that is aligned with mid-size enterprises, they would have to increase their physical route capacity. This capacity is limited by the specifications of physical routers that cannot hold unlimited number of customers with unlimited number of routes per customer.
The solution to this problem is to scale the route table at the instance level, which comes with sufficient memory to hold a reasonable number of routes. This needs to work in sync with the Amazon routing table, by forwarding all the relevant IP subnets to the instance to be routed appropriately.
Since most enterprises utilize RFC1918 IP ranges, you could simply add three routes on the Amazon routing table for 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 to point to the instance holding the routing table.
Aviatrix makes all this process as simple as checking a checkbox. When deploying an Aviatrix Gateway in your VPC, simply check the box called “Designated Gateway.” Aviatrix will automatically inject the necessary routes in the Amazon routing table to allow you to connect any number of VPCs and on-prem prefixes without worrying about the Amazon route limits. See image below.
After that is checked, any VPC that is connected to that VPC will inject a route on the corresponding Aviatrix routing table, while the Amazon routing table stays untouched, holding only the three RFC1819 routes.