Open in app

Sign in

Write

Sign in

Ever Wondered How to Cut AWS Networking Cost? 🤔💸 Use VPC Peering for Smarter Spending! 🚀

Chandika S
7 min readNov 9, 2023

--

Ever wondered, What is the need of VPC peering !! How to connect resources privately in 2 different VPCs of same AWS account or different AWS accounts !!

AWS VPC Peering is one way to reduce Networking Costs on AWS. Lets see how VPC peering does that.

Agenda

  • How to do VPC peering?
  • Where to use VPC peering?
  • When not to use VPC peering?
  • Use Cases
  • What is the Cost of VPC Peering?

How to do VPC peering?

Pre-requisites

  • 2 VPCs with Non overlapping CIDR range (Either in same account or different) Note: VPC need to be in same region.

Eg: VPC-1: 172.31.0.0/16 & VPC-2 : 172.30.0.0/16

  • One EC2 instance launched in each VPC

Let's move to the steps involved in VPC peering.

Step 1 : Login to AWS account >> Navigate to VPC console. For easier understanding, I have renamed my default VPC into vpc-1.

vpc-1 : 172.31.0.0/16

Step 2 : Second VPC creation

Creating a second VPC in my AWS account itself in ap-south-1 region

Name : vpc-2

CIDR range: 172.30.0.0/16

Now, we have 2 VPCs (vpc-1 & vpc-2) in the same region with non-overlapping CIDR ranges

Step 3: Peering connection creation

Navigate to VPC console >> Peering connections >> Click on Create peering connection.

Name: my-peer-conn

VPC ID (Requester) — vpc-1

Select another VPC to peer with:
Account : My account (if vpc-2 in your account itself) or another account (if vpc-2 is in another account)
Note: If chosen another account, you need to have the AWS account ID in hand
Region: This Region or Another region.

Select Accepter VPC id from the dropdown

Click on Create peering connection

You can now see the peering connection status as Pending Acceptance. The accepter VPC (in our case vpc-2) has to accept the peering connections.

Step 4 : Accepting Peering connection

Navigate to VPC console >> Peering connections >> Select peering connection name (my-peer-conn) >> Click on Actions >> Accept request

If the accepter VPC is in another AWS account, please login to the corresponding AWS account >>VPC console >> Peering connections and Accept request.

Accept request

Now, the peering connection has been established.

Step 5 : Configuring routing in routing table

We are going to add a route to vpc-1 route table that packets destined to any IP in CIDR range 172.30.0.0/16 to target to my-peer-conn peering connection ID.

Viz-a-viz, we are going to add a route to vpc-2 route table to route packets destined to any IP in CIDR range 172.31.0.0/16 to target to my-peer-conn peering connection ID.

Every Route table while creation will have a default route to VPC’s CIDR range (destination: 172.31.0.0) target to local. This denotes that every resource created within this VPC can communicate privately.

Eg: If an EC2 instance having IP 172.31.0.10 send data to another EC2 instance of IP 172.31.0.20, this will be routed to local without referring it to IGW.

What is the use of data communication within VPC network is we do not get data transfer charges. Charges apply only if the data goes out of VPC network via an Internet Gateway

In my screenshot, there are 2 default route tables of vpc-1 and vpc-2

The default routes of route table of vpc-1 shown below. It has two routes. 1. Outside traffic to send to Internet Gateway. 2. Internal traffic within VPC to send to local.

Now, we are going to add route to
Destination 172.30.0.0/16
Target Peering Connection
Select the peering connection ID starts with pcx-xxxxx

Save changes

The route is created. You can see route of 172.30.0.0/16 send to peering connection.

Step 6: Like the same, we are going to add route to vpc-2 routing table

Destination 172.31.0.0/16
Target Peering Connection
Select the peering connection ID starts with pcx-xxxxx

Save changes

Step 7: Testing VPC communication privately via peering connection

We have created EC2 instances in both the VPC

Logging to the first instance in VPC-1 and try to ping the VPC-2 instance’s Private IP. We are getting the ping results which means the ping packets are delivered to VPC-2 instance via private network.

We are able to SSH into the VPC-2 instance using private IP.

Viz-a-viz, we are able to ping to VPC-2 ec2 instance’s private IP from VPC-1 ec2 instance.

If we have peered VPCs like this, then the resources in the VPCs can communicate using VPC private network without needing the use of Internet Gateway.

Where to use VPC peering?

  • Multi-tier Applications: Separate your application into different VPCs for web servers, application servers, and databases. VPC peering allows them to communicate securely.
  • Cross-Account Access: If you have multiple AWS accounts, VPC peering enables you to connect VPCs from different accounts, facilitating resource sharing and collaboration.
  • Isolation: VPC peering helps isolate different environments like development, testing, and production in separate VPCs while allowing controlled communication between them
  • Disaster Recovery: You can use VPC peering to replicate data and services between VPCs in different regions for disaster recovery purposes.
  • Connecting Shared Services VPC: You can create a central VPC that hosts shared services like Active Directory, DNS, or authentication, and peer it with other VPCs that require access to these services
  • Geographic Redundancy: VPC peering can help achieve geographic redundancy by connecting VPCs in different AWS regions to provide high availability.

When not to use VPC peering?

  • Overlapping IP Addresses: If there are overlapping IP address ranges between the peered VPCs, it can lead to routing conflicts.
  • Transitive Peering: VPC peering is not transitive. If A is peered with B and B is peered with C, A and C are not implicitly connected. Separate peering connections would be needed.
  • Cross-Region Peering: By default, VPC peering is within the same region. If you need connectivity across different regions, alternative solutions like AWS Transit Gateway might be more suitable.
  • Complex Networking Requirements: For scenarios with complex networking requirements or a need for advanced features, other AWS networking solutions like VPN or Direct Connect might be more appropriate.

Use Cases:

  • Microservices Architecture: In a microservices architecture, each microservice can be in its own VPC, and VPC peering allows them to communicate efficiently.
  • Elastic Load Balancer: When you have VPC peering set up, you can use an Application Load Balancer in one VPC to distribute traffic to instances in another peered VPC.
  • Cross account resource sharing: When EC2 instance in one AWS account’s VPC wants to connect RDS database in another AWS account’s VPC and many more…

What is the Cost of VPC Peering?

All data transfer over a VPC Peering connection that stays within an Availability Zone (AZ) is free.

All data transfer over a VPC Peering connection that crosses Availability Zones will continue to be charged at the standard in-region data transfer rates

Customers use VPC Peering to inter-connect VPCs within a region. VPC Peering is commonly used when interconnecting a small number of VPCs in a region to achieve full mesh connectivity. AWS Transit Gateway and AWS Private Link are the recommended mechanisms to inter-connect hundreds or thousands of VPCs at scale.

Happy reading and engaging! 🚀

I hope you’ve been enjoying the content so far. As part of an ongoing effort to make this blog a space for meaningful discussions, please leave your queries in Comment Section!

AWS
Vpc Peering
Networking
Cloud Security
Cloud Connectivity

--

--

Chandika S

Written by Chandika S

63 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams