Day 29 – Life of a Packet inside AWS VPC - Part 2- Internet Gateway(IGW)
In the previous blog, I mentioned how VPC Router is responsible for routing packets within VPC subnets. But in case you want to send the packet outside the VPC. This is where you need an Internet Gateway.
Internet Gateway can be thought of as a translator translating Private IP to Public IP. It sits edge of VPC and gives resources access to the public internet.
NOTE: Internet gateway is created in a specific region and can only be attached in that region and to only one VPC.
How Internet Gateway Works
- We have some data created by the EC2 instance that will reach to VPC router and proceed onto the internet gateway directed by the Route table.
- At this point, the internet gateway checks for mapping between the instance’s private IP address and public ip address. In this case, the internet gateway finds the mapping and maps the instance’s private ip to the public ip.
- The IGW, at this point, performs the Source Address Translation, i.e., modifies the packet to appear from a public ip address and not from an instance private ip address. This allows the packet to be sent over the internet.
- The same path in translation happens in the reverse direction when the response data is sent back to the internet to the public IP and to the IGW. IGW again checks the mapping and knows the address should not be public ip but should be private ip. It does the translation and forwards it to the instance via the Router.
That’s the main work of IGW. It provides translation for ingress and egress traffic from the internet to any private resources space in your VPCs.
NOTE: IGW only works if you have
- Resources must have a public IP
- There must be a route entry for the IGW in the route table.