Read on:

AWS for Beginners: What is AWS Network Firewall and How it works: Part 23

A VPC is dedicated to your AWS Account. It’s logic isolation between different virtual networks. VPC peering is a connection between two VPCs to enable communication over private IP address. The Instances can communicate between each other as it looks like they are on the same Network. The VPC peering can be formed between 2 VPCs within same Account or between different Accounts.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck.

A VPC peering connection helps you to facilitate the transfer of data. For example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs.

How it Works?

  • First the owner of the requester VPC sends a request to the owner of the accepter VPC
  • Then the Owner of the accepter VPC accept the VPC peering connection
  • To enable the traffic flow between the VPCs, the owner of the VPC must add routes in subnet Route table for other VPC range and next hop should be VPC peering connection
  • If needed update the security group assigned EC2 for incoming traffic

Architecture to follow

AWS VPC Peering and Why Transit Gateway

Download Banner

Prerequisite

  • Create 2 VPCs with subnets
  • Create EC2 Instances in the VPCs
  • Associate the subnets to respective Route table

VPCs details

AWS VPC Peering and Why Transit Gateway

Subnet Details

AWS VPC Peering and Why Transit Gateway

Route Tables

AWS VPC Peering and Why Transit Gateway

EC2 Instances

AWS VPC Peering and Why Transit Gateway

Limitations

  • You cannot have more than one VPC peering connection between 2 VPCs
  • You cannot query or connect to Amazon DNS server in peer VPC
  • You cannot create VPC peering between overlap CIDR ranges
  • You cannot use Internet gateway and NAT Gateway in the peer VPC
  • You cannot use VPN connection or direct connect of peer VPC
  • Default Active VPC peering connection per VPC is 50 but can be extended up to 125

Steps to Follow

  • Create VPC Peering Connection
  • Accept VPC Peering Connection
  • Update Route tables for VPC peering connection
  • Testing

Create VPC Peering Connection:

We are creating VPC peering between 2 VPCs within Same Account

  • Navigate to AWS VPC console, choose peering connection
  • Click on Create peering connection, provide a Name and choose the requester VPC. Select the other VPC Account you want to peer. For us it’s same Account

    • AWS VPC Peering and Why Transit Gateway

  • Choose the region in which peer VPC is present and choose the VPC ID to be peered. Click on create peering connection

    • AWS VPC Peering and Why Transit Gateway

  • Now the Peering connection has been requested and waiting for Acceptance

AWS VPC Peering and Why Transit Gateway

Accept VPC Peering Connection:

A VPC peering connection that’s in the pending-acceptance state must be accepted by the owner of the acceptor VPC to be activated.

Click on the VPC peering connection you want to Accept. Click on Action , then click on Accept request.

AWS VPC Peering and Why Transit Gateway

AWS VPC Peering and Why Transit Gateway

Now the Connection has been established and status is Active.

AWS VPC Peering and Why Transit Gateway

Update Route Tables:

To communicate between the VPCs, we have to update the route table with peer VPCs subnets and next hop as VPC peering connection ID.

  • Navigate to VPC section. Click on Route table of the Private subnet associated in each VPCs. Click on Edit Routes
  • Add route and provide the VPC B CIDR which is 10.10.2.0/24 and 10.10.4.0/24
  • In the target choose peering connection and click the peering connection from the drop down

    • AWS VPC Peering and Why Transit Gateway

    AWS VPC Peering and Why Transit Gateway

  • Click Save and Move to VPC B subnet Route table
  • Click on Add route and provide the VPC A CIDR 10.10.0.0/23 and target as peering connection

    • AWS VPC Peering and Why Transit Gateway

  • Now the Route has been updated. To verify navigate to peering connection, click on Route tables under peering connection

AWS VPC Peering and Why Transit Gateway

Testing:

Now Verify the connectivity by pinging the instances of VPC A and VPC B from each other.
VPC A Instance: 10.10.1.22
VPC B Instance: 10.10.2.173
Now ping from VPC A Instance to VPC B instance

AWS VPC Peering and Why Transit Gateway

Now ping from VPC B instance to VPC A Instance

AWS VPC Peering and Why Transit Gateway

DNS Settings

Over VPC peering connection you can also resolve DNS of Hosts in requestor VPC or Acceptor VPC to Private IP addresses.

AWS VPC Peering and Why Transit Gateway

Pricing

There is no price for VPC peering connection but data transfer charges are there over VPC peering connection.

Conclusion

VPC peering is very helpful when you have limited number of VPCs in your organization. By using VPC peering you will get full access to almost all resources of AWS in the peered Account except the limitations. The management is very less when you have a smaller number of VPCs. If you have more than 20 VPCs it’s always recommended to use Transit gateway over Peering connections.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post