VPC Peering
This Blog has been moved from Medium to blogs.tensult.com. All the latest content will be available there. Subscribe to our newsletter to stay updated.
Amazon VPC peering enables the network connection between the private VPCs to route the traffic from one VPC to another. You can create VPC Peering between your VPC with the VPC in the same region or a different region or with other VPCs in a different AWS account in a different region.
AWS create a peering connection by using the existing infrastructure of the VPC. VPC peering connection is not a form of gateway or VPN connection. It helps to make easy to transfer the data from VPC to VPC.
VPC Peering connection works on Hub and Spoke model. Here (Figure — 1) VPC A acts as Hub and VPC B and VPC C acts as s Spoke. VPC B and VPC C can access the resources of VPC A. You can deploy all the resources on VPC A so that all the Spoke VPCs can access the resources from VPC A. But the main drawback is, VPC C and VPC B can’t talk to each other because they are not connected. Here you can’t configure any routing protocols to share the routing table from one VPC to another as it is fully managed by AWS. You will have to make a manual entry of the network into the routing table of the VPCs. If the hub goes down, all the communication will be terminated.
In this Scenario, (Figure — 2) all the VPCs are configured as “full mesh” topology. If you have some VPCs, then it’s difficult to manage them and their routing tables (Figure — 3).
This peering connection method can be used in the majority of your services in AWS. For example, if you had configured your shared services in a VPC, like Authentication server, Patch server, Mail server, DNS, DB, etc.. and they are connected to On-premises datacenter or with the Corporate office through a VPN Connection, this setup is called as Shared Service VPC. To know more about Shared Service VPC click here.
Setup: VPC Peering Connection
- Create two VPCs, for example, VPC A (CIDR: 10.10.10.0/24) and VPC B (CIDR: 10.20.0.0/16). And create subnets for VPCs and also you can edit the routing table if required.
- Go to the “Peering Connections” in the AWS VPC Console
3. Click on “Create Peering Connection” and configure the peering as per the below figure.
Here my request is “VPC A” and my accepter is “VPC B” and both VPCs are in the same account. You can use different VPC in different AWS account also. After keying all the relevant fields click on “Create Peering Connection”.
4. After creating the peering connection, you can see “Pending Acceptance” in the status bar,
If you are using a different account or different region, go to the corresponding VPC console, where you can see “Pending Acceptance” in the status bar of the Peering connection.
5. Click on the dropdown “Actions” and then click on “Accept Request” and click “Yes, Accept” on the “Accept VPC Peering Connection Request” prompt box.
Now you will see the status changing from “Pending” to “Active”.
6. The next setup is to make an entry to the VPC route table. In route table select “VPC A” route table, then go to the Routes tab and Edit it.
Click on “Add another route”. In the ‘destination field’ enters the IP of “VPC B” like 10.20.10.0/24 and select the target as “VPC Peering Connection ID” of VPC A to VPC B.
Repeat the same setups for all other Spoke VPC also. Once everything is set up your routing table will be as shown below:
[ If CIDR of VPC C is 10.30.0.0/16 and the peering connection id from VPC A to VPC C is “pcx-56c87d1b” and the peering connection id of VPC B to VPC C is “pcx-26t91e7c”. ]
For the best practice go through Transit VPC.
To go back to “Connect VPCs to make Network of Networks in AWS” click here.
