Understanding inter-region VPC Peering: Connecting AWS VPCs for Seamless Communication with hands-on demo

Leave a Comment / By /

In today’s ever-evolving cloud computing landscape, effective network communication between Virtual Private Clouds (VPCs) is essential. AWS (Amazon Web Services) provides a solution to this challenge through VPC peering connections. In this article, we will explore the concept of VPC peering, understand its capabilities, limitations, and walk through a hands-on demonstration of setting up VPC peering connections.

What is VPC Peering?

Imagine a scenario where you have multiple VPCs, each containing crucial resources and instances. These VPCs need to communicate with each other seamlessly, but by default, they are isolated from one another. This is where VPC peering comes into play.

VPC peering is a network connection between two VPCs that allows you to route traffic between them using private IPv4 or IPv6 addresses. It enables secure and private communication between VPCs, eliminating the need for public internet access, VPN connections, or complex network configurations.

The Need for VPC Peering

To understand the importance of VPC peering, let’s consider a common scenario: two VPCs, VPC-A and VPC-B, with instances that need to communicate. Without VPC peering, these instances cannot directly exchange data, and traditional methods like internet gateways or VPN connections are required.

However, VPC peering simplifies this process. It allows instances in VPC-A to communicate with instances in VPC-B securely and directly, as if they were part of the same network. This eliminates the need for complex network configurations and enhances security.

Key Features of VPC Peering

  1. Inter-Region VPC Peering: AWS provides support for inter-region VPC peering connections, enabling VPCs located in different AWS regions to communicate securely.
  2. No Additional Hardware: VPC peering doesn’t require any special hardware or physical connections. It leverages existing AWS infrastructure, making it cost-effective and straightforward to implement.
  3. Private Communication: All traffic routed through VPC peering connections remains within the private IP space, ensuring data privacy and security.
  4. Collaboration: VPC peering can be used to facilitate collaboration between different AWS accounts or within the same organization, allowing teams to share resources and applications privately.

How to Establish VPC Peering Connection

Setting up a VPC peering connection involves a series of steps:

  1. Request Peering Connection: The owner of the requester VPC sends a peering connection request to the owner of the acceptor VPC.
  2. Accept Peering Request: The owner of the acceptor VPC accepts the peering connection request.
  3. Configure Route Tables: To enable traffic flow, the requester VPC must add routes to its route table for the IP addresses in the acceptor VPC. Security group settings may also need adjustment to allow traffic between the VPCs.
  4. Enable DNS Hostname Resolution: If instances on either side of the connection use public DNS hostnames for communication, DNS hostname resolution must be enabled to use private IPs.

VPC Peering Lifecycle Stages

Understanding the lifecycle of a VPC peering connection is crucial. Here are the key stages:

  1. Initiating Request: The requester sends a peering connection request. It can either fail or move to the pending acceptance stage.
  2. Pending Acceptance: The acceptor must accept the peering request. If not, it can expire or be rejected.
  3. Active: Once accepted, the peering connection becomes active and usable. It cannot be rejected but can be deleted.
  4. Deleting: The connection can be deleted by either party when in the active state or by the acceptor when in the pending acceptance state.
  5. Deleted: Deleted connections remain visible to the deleting party for two hours and to the other party for two days if created within the same AWS account.

Limitations of VPC Peering

While VPC peering offers many benefits, it comes with limitations:

  1. No Transitive Peering: VPC peering does not support transitive peering relationships. Connectivity between VPCs is strictly one-to-one.
  2. Overlapping CIDR Blocks: VPCs with overlapping IPv4 or IPv6 CIDR blocks cannot establish a peering connection.
  3. Edge-to-Edge Routing Through VPN or Direct Connect: VPC peering does not support edge-to-edge routing through a VPN connection or AWS Direct Connect connection.
  4. Edge-to-Edge Routing Through Internet Gateway: VPC peering does not enable edge-to-edge routing through an internet gateway.
  5. Edge-to-Edge Routing Through VPC Endpoint: VPC peering does not facilitate edge-to-edge routing through a VPC endpoint.

Multiple VPC Peering Connections

It’s essential to understand that VPC peering is a one-to-one relationship. There is no support for transitive relationships or connections between multiple VPCs. Each VPC must establish its peering connection with the target VPC independently.

Hands-on demo

Please follow along with the AWS CLI commands provided to gain practical experience.

Step 1: Create VPCs

Before we dive into VPC peering, we need two VPCs to work with. Let’s create them using the AWS CLI. First, create VPCA:


aws ec2 create-vpc --cidr-block 10.0.0.0/16

Next, create VPCB:


aws ec2 create-vpc --cidr-block 10.1.0.0/16

Step 2: Launch Instances

For this demonstration, we’ll need instances in both VPCs. Let’s launch instances in VPCA and VPCB using the following AWS CLI commands.

Launch an instance in VPCA:


aws ec2 run-instances --image-id <ami-id> --subnet-id <subnet-id-in-vpca> --instance-type <instance-type> --key-name <your-key-name>

Launch an instance in VPCB:


aws ec2 run-instances --image-id <ami-id> --subnet-id <subnet-id-in-vpcb> --instance-type <instance-type> --key-name <your-key-name>

Step 3: Create VPC Peering Connection

Now that we have our VPCs and instances ready, let’s create a VPC peering connection between VPCA and VPCB. Use the following AWS CLI command:


aws ec2 create-vpc-peering-connection --vpc-id <vpc-id-for-vpca> --peer-vpc-id <vpc-id-for-vpcb>

Step 4: Accept VPC Peering Connection

After creating the peering connection, it will be in a pending acceptance state. You need to accept it from the VPCB side. Use this AWS CLI command:


aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id <your-peering-connection-id>

Step 5: Modify Route Tables

To enable traffic flow between the peered VPCs, modify the route tables in both VPCs. First, let’s modify the route table for VPCA:


aws ec2 create-route --route-table-id <route-table-id-for-vpca> --destination-cidr-block <vpcb-cidr> --vpc-peering-connection-id <your-peering-connection-id>

Now, let’s modify the route table for VPCB:


aws ec2 create-route --route-table-id <route-table-id-for-vpcb> --destination-cidr-block <vpca-cidr> --vpc-peering-connection-id <your-peering-connection-id>

Step 6: Test Connectivity

You should now be able to communicate between instances in VPCA and VPCB. Use SSH or any other protocol relevant to your use case to test the connectivity.

Congratulations! You have successfully set up VPC peering between two VPCs and established communication between instances using the AWS CLI. Remember that AWS CLI commands may vary depending on your AWS environment, so be sure to replace placeholders like <ami-id>, <subnet-id>, <instance-type>, <your-key-name>, <vpc-id-for-vpca>, <vpc-id-for-vpcb>, <your-peering-connection-id>, <route-table-id-for-vpca>, and <route-table-id-for-vpcb> with appropriate values.

Conclusion

VPC peering is a powerful feature that allows you to connect VPCs and enable private communication between instances. Mastering this skill with the AWS CLI is valuable for managing your AWS infrastructure efficiently.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top