Introduction
AWS is a public cloud available globally. In simple terms, VPC is your private segment of the cloud. The VPC is like an abstraction of the public cloud offered to you as a private cloud. You provision all you resources under your own VPC.
A VPC isolates all your resources and provides easier management to them. Two resources in different VPCs are isolated with each other. But, what if we want to connect these resources with each other? This is when VPC Peering comes into the picture.
VPC Peering
VPC Peering is establishing a connection between VPC’s so resources inside them have networking between them. This connection is either ipv4 or v6 depending upon the use case.
To establish a connection between two VPC’s , there CIDR should not overlap. Suppose 10.0.0.0./16 and 10.10.0.0/16 is an overlapping CIDR. VPC’s with these CIDR’s cannot be peered with each other.
The owner of the VPC, say VPC A, sends a connection request to to VPC B. In this case, VPC A will be the requester VPC and VPC B will be the accepter VPC. A VPC connection request can be established only by the owner of the VPC.
To make the connection active, the owner of the accepter VPC must accept the connection request. The two VPCs can be in the same account, different regions, different accounts. The owner will be see the connection in pending-acceptance state. Once accepted, the peering connection is active.
The VPC Peering is not yet complete.After the accepter VPC owner accept the request, the route tables in both the VPC’s should be updated with the route pointing to each other. For this route you can specify the complete CIDR of the peered VPC, or CIDR of a particular subnet or even ip for a specific range. Try accessing resources of the peered VPC to test the peering connection.
VPC Peerings are not Transitive
VPC Peering follows a one-to-one relationship model. If VPC A is peered with VPC B and VPC C, this does not imply any connectivity between VPC B and VPC C. To connect VPC B and VPC C, there should be a one-to-one peering connection between them.
Things to remember
- VPC Peering is one-to-one relationship.
- VPC peering is not transitive in nature.
- The CIDR of the VPC should not overlap.
- Do not peer for large CIDR range, instead of complete VPC CIDR, provide subnet CIDR or specific IP in the route table.
Summary
In this article, we learned about VPC Peering.