This topic describes how to create routes in HCP. Routes are rules in the HashiCorp Virtual Network (HVN) route table that direct network traffic between the HVN and a target connection.
Routes are necessary parts of the HVN configuration. They provide a networking abstraction for enabling network traffic between the HVN and a target HVN connection, such as a peering connnection or transit gateway attachment.
Routes enable communication between all clusters in the HVN, including clusters created later, and the destination. When you create a route, it is added to the route table of the HVN, enabling HCP resources to communicate with your provider resources.
Routes have a destination and a target for the network traffic. The destination is specified by the CIDR block of the resource you want to reach via your target. A target represents an HVN Connection where traffic is to be routed, such as a peering connection or a transit gateway attachment.
The ports available for use in the route configuration depend on the type of cluster you are connecting.
Refer to the Connect an Amazon Transit Gateway to your HashiCorp Virtual Network tutorial for step-by-step instructions on how to add or modify traffic sent through a transit gateway attachment, including configuring a route.
»Create a Route
You can repeat the following procedure to add more than one route to the table.
- Click HashiCorp Virtual Network in the sidebar and click the link to your HVN in the ID column. The HVN overview screen appears.
- Click Route table in the sidebar. The Route table screen shows the default table entry created for the HVN. The default entry routes local traffic. Refer to Route Table Reference for more details.
- Click Create route and specify a name for the route in the Route ID field. The route ID can be up to 36 characters and can only include letters, numbers, and dashes.
- Specify the CIDR range of the AWS resource that the HVN should reach through your target in the Destinations field. Retrieve this value from the detailed view of the resource or in the route table of your target. The CIDR block for the HVN is printed in the Destinations field description. Refer to CIDR Block Reference for details about configuring this field.
- Choose a peering connection or transit gateway attachment from the Targets drop-down menu. The route connects the HVN to the transit gateway in AWS.
- Click Create route to compete the configuration.
»Configure Security Groups
After configuring a target connection and specifying the routes for the HVN to connect to your VPC, you may need to configure security groups to open the virtual firewall between your HVN and cloud network.
Security groups are an AWS construct that controls inbound and outbound traffic to your instances. Refer to Control traffic to resources using security groups in the AWS documentation for details.
Refer to Security Groups for information specific to HCP.
»Route Table Reference
Route tables in HCP include the following fields:
- ID: Identifies the name the route was given.
- Destination: Identifies the destination CIDR block range configured in the route.
- Target: Identifies the name of the target. The value is the ID of either the peering connnection or the transit gateway attachment connection. Click on the target to open its configuration screen.
- Status: Shows if the route is active, pending, or failed.
- Target type: Indicates that the route connects either a peering connection or a transit gateway attachment.
You can delete a route entry by clicking the ellipses menu and choosing Delete. Confirm that you want to remove the route when prompted.
»CIDR Block Reference
The following rules apply to CIDR blocks specified in the route configuration:
- CIDR blocks must follow the RFC1918 specification.
- CIDR blocks configured in the route cannot overlap with the parent HVN.
- Different routes in the HVN can specify the same CIDR blocks, but the route with the narrowest CIDR definition will take priority when routing network traffic.
- Routes cannot have a narrower CIDR definition than an existing route that targets a peering connection.