Amazon VPC – Concept of VPC Peering
VPC Peering network using private IPv4 and IPv6 addresses. It is not transitive i.e. we need to establish the connection for each VPC that needs to connect to each other.
These VPCs can be in different regions and are hence known as inter-region VPC Peering connections.
Setting up :
To configure VPC, the following steps are required
- Have two VPCs which do not have overlapping CIDR (Classless Inter-Domain Routing) blocks.
- Create a peering connection request between the two VPCs.
- The owner of the remote VPC approves the peering request.
- Configure routing on both VPCs.
- Adjust affected security groups and all done.
Now let’s look in AWS Console and see how we can do it.
Here we have 2 VPCs one is an accepter and the other is a reviewer. When both the requester and accepter are in the same AWS account, and the VPC peering request is created using Cloud Formation, Cloud Formation will attempt to accept the request automatically.
To create the peering request in the AWS Console, go to the VPC Dashboard, and click on VPC Peering Connections. To create a peering request, click on the Create Peering Connection button. The Create Peering Connection form is displayed. Now you have to enter a name for the connection, the requester, and accepter VPCs, along with the account and region the accepter VPC is located in. Fill this form where we have to fill the IP range of requester and accepter
Now when we will look in the VPC dashboard we will se the peering request under the Action menu which is to be accepted. A new dialog is displayed where you confirm the acceptance of the peering request. Once accepted, you are prompted to update the routing tables to facilitate the routing of traffic between the two peered VPCs.
Sometimes we need to allow resources in different VPCs to exchange data based upon the architecture of the service. Regardless of any specific need, using VPC peering is a great way of extending your VPC design.
When things get complex:
When you start to have a lot of peering connections between multiple VPCs, in multiple regions, across multiple AWS accounts, managing the connections starts to get difficult. When it starts to get difficult, it is time to start looking at moving the existing peering connections to Transit Gateway and managing the connections there.