Everything you should know about VPC Peering in GCP!
You might have heard the term VPC often peering if you had worked with any cloud provider and wondered what exactly VPC peering is! 🤷‍♂️
Google Cloud VPC network peering allows internal IP address connectivity between two VPC networks. Those VPC networks could be from the same project or organization or different projects or organizations.
Traffic remains inside the Google backbone network and doesn’t traverse through the internet.
VPC Network Peering gives you several advantages over using external IP addresses or VPNs to connect networks:
- Connectivity that uses internal IP addresses provides lower latency than external IP addresses, as there are no hops or devices between the peered connection.
- Services do not need exposure to the public internet and deal with its associated risks.
- By using internal IPs, you are saving egress communication costs. So, it is cheaper than an external IP connection.
🤷‍♂️ How to create a VPC Peering between two VPCs :
Consider an organization that needs VPC Network Peering to be established between network-a in project-DR and network-b in project-prod. For VPC Network Peering to be established successfully, administrators of network-a and network-b must separately configure the peering association.
Pre-requisite setup:
- VPC A has one subnet with a CIDR range of 10.0.0.0/16
- VPC B also has one subnet with a CIDR range of 10.8.0.0/16
- Each subnet has a Google Compute Instance, which you would want to connect to via their private IP addresses.
Follow the below steps to create the peering connection:
- From VPC A, you create a connection and enter the project and network you want to peer with, which is VPC-B in project prod.
2. You click on (enable) import and export custom routes and create the peering connection. This connection will be created from dr → prod.
At this point, the peering state remains INACTIVE because there is no matching configuration in network-b in project-b.
3) A network admin, or a user with appropriate IAM permissions, in project-prod must configure the matching configuration from prod →dr for the peering to become ACTIVE on both ends.
4. You follow the same steps from VPC network B to create the connection from prod →dr.
5. As soon as the peering moves to an ACTIVE state, subnet and custom routes are exchanged, and your VM in both networks can talk to each other via their private IPs.
Transitive peering is not ❌supported in GCP. Let’s have a look at what exactly transitive peering is.
We have 3 VPC networks: VPC A, VPC B, and VPC C.
If VPC A is peered with VPC B and VPC B is peered with VPC C, that doesn’t mean VPC A automatically peers with VPC C. This is called transitive peering, and it is not supported.
A few important points to keep in mind🎯 for VPC Peering in GCP:
- Subnet CIDR range overlapping is not allowed.
- Transitive peering is not supported.
- You can only have 25 maximum connections to a single VPC network.
- To delete a VPC network, you must first delete all the peering configurations.
- To create/delete VPC Peering in GCP, you should have at least roles/editor or roles/compute.networkAdmin IAM role.
- VPC Network Peering works in a flexible environment with Compute Engine, GKE, and App Engine.
Watch the video below for more details on VPC Peering.
Enjoyed the video? Feel free to clap and follow me!
Also, you can subscribe to my YouTube Channel for amazing DevOps and Cloud content!
References:
