Setup VPC peering connection in Google Cloud
VPC Network peering allows private connectivity across two CPC networks regardless of whether or not they belong to the same project or the same organisation. VPC networks can be in any project. It makes communication private across VPCs and organisations with lower latencies & network costs with better network security.
VPC networks remain separate administratively only resources can communicate privately. Firewalls, routes and VPNs are taken care of, as per VPC. Each peering connection is setup independently and can be terminated by any VPC at any point of time. A single VPC can peer with multiple VPC networks but peering is not transitive.
Key things to remember while setting up VPC peering connection is subnet CIDR range cannot overlap with a static route in another network. CIDR ranges should be different for the networks with which peering connection is to be established. Google checks the above condition when we attempting to peer, creating a static route in a peered VPC network and creating a new subnet in a peered VPC network. Tags or service accounts can not be used from one peered network to another and have to configure firewall rules and routes to configure the CIDR range for which you want to allow the connection. Internal DNS of compute engine is not accessible in peered networks, we have to use IPs to connect and communicate.
Steps to create a VPC Network peering connection
Assumptions
- We are having 2 Projects (vpc-peering-demo-a and vpc-peering-demo-b) with 2 VPC network (network-a, network-b) inside them to connect via VPC network peering.
- We are having firewall rule to have ssh or ping for another VPC’s subnet’s CIDR. For testing purpose you can open for
0.0.0.0/0as well and try connecting via instances via private IP.
Step1: Navigate to VPC network peering in VPC network section.
Step2: Click on create connection, we’ll be needing Project ID (if connecting to a VPC network in another project) and name of the VPC network we want to peer with. Fill the details as per your project id and network name as shown in the below image.
Step3: Now navigate to another project vpc-peering-demo-b and Navigate to VPC network peering in VPC network section.
Step4: Click on create connection, we’ll be needing Project ID (if connecting to a VPC network in another project) and name of the VPC network we want to peer with. Fill the details as per your project id and network name as shown in the below image for previous VPC network.
Step5: Once the peered connection is created you can check that connection is established in both of the project with green check mark saying connected.
Step6: Now the last step to check connectivity test. Login to one VM and try to connect or ping via private IP to another VPC’s VM with its private IP.
I have tried my best to keep the steps simple and understandable. Still if there is something which is difficult to understand then please let me know, I will try to simplify.
If you like this, please give clap/s for me, it really motivates me to write more useful things.
If you have anything in your mind and want me to write about that then also you can suggest me. My LinkedIn profile in the bio, you can connect with me from there.
Thank you very much for reading this.
Happy Learning !!! 🙂 📚
