I have built the following model below.
There are 4 instances which have CSR 1000v router deployed in 4 created subnets (green CIDR) that have 28 as a mask. I have created other subnets in order to create interfaces to these routers (blue CIDR). I have attached each interface to its proper instance.
Because the ip route showed direct connections between 2 instances after the interfaces' configuration, I could not ping the other interfaces from any instance of the network.
I could only ping from Instance 1 the interfaces of Instance 2 and vice-versa, but the others are unreachable.
I also tried the static route which did not work either. I tried to do a custom Route Table Destination as subnet 1 where the Instance 1 which is deployed is 172.31.0.0/28, and the target is one of the interfaces that is attached to Instance 1. Like the above table:
|--------------------|---------------------|--------------|
| Destination | Target | Status |
|--------------------|---------------------|--------------|
| 172.31.0.0/16 | Local | Active |
|--------------------|---------------------|--------------|
| 172.31.0.0/28 |eni-01688e43d190ca787| |
|--------------------|---------------------|--------------|
Then I got this message error
API error message
cannot create a more specific route for 172.31.0.0/28 than CIDR 172.31.0.0/16 associated with the VPC, with association-id vpc-cidr-assoc-9ee5e5f6, in route table rtb-06de44ffbb5c66799
Note that, I allowed ICMP traffic in all instances, and I disable Source/Dest, how can I do the pinging here, or how to use the Route table in my case ?
Best Answer
It's quite confusing to have all the routers inside the same VPC and I'm not surprised it doesn't work because VPC routing has some limitations.
If I were you I would:
That will be much closer to a real world scenario where you would have a router for each LAN, the LANs have different CIDRs, you can have EC2 instances inside the LANs, and it will all be much tidier and easier to operate.
Hope that helps :)