Virtual Private Cloud (VPC) is a separate isolated region that is used to host AWS resources. The topic “VPC Peering” addresses the Design and Implementation of AWS Networks as highlighted in the AWS Blueprint for the exam guide.
What is VPC Peering?
VPC Peering is allowed for the connection of two VPC’s such that the instances in the VPC can communicate with each other. The VPC’s can be part of multiple accounts, ut must be in the same region.
Let’s go ahead and see how to work with VPC Peering.
Implementation of VPC Peering
Let’s follow the below steps to see how VPC Peering can be implemented.
The first few steps will involve creating 2 VPC’s first before peering them together.
Step 1) Log into your AWS Console. Choose the relevant region and go to the VPC section under Networking and Content Delivery section.
Step 2) Create one VPC with a name tag of VPCA and CIDR block of 10.0.0.0/16
Step 3) Create another VPC with a name tag of VPCB and CIDR block of 22.214.171.124/16
Step 4) Now let’s create subnets in each of these VPC’s. In VPCA let’s create a subnet with a Name tag of SubnetA with a CIDR block of 126.96.36.199/24
Step 5) Nowlet’s create a subnet in VPCB. In VPCA let’s create a subnet with a Name tag of SubnetB with a CIDR block of 10.0.1.0/24
Step 6) Now we are going to launch instances in both of the subnets. We want to ensure that both subnets get Public IP addresses, so enable them for the each subnet accordingly.
Ensure the Auto-assign IP settings is enabled for both subnets
Step 7) Now let’s create a VPC Peering connection between both of the VPC’s
On the left hand side, go to Peering connections
Step 8)In the next screen go ahead and click on Creating a new peering connection.
For the peering connection, give a name tag for the connection. And then put the requester of the VPC as VPCA
Then choose the other VPC as the VPC to Peer with and then click on Create Peering connection.
Step 9) Now the VPC Peering connection you can see that the Status is Pending Acceptance
Choose the connection, click on Actions->Accept Request
And then accept the request
Once done, the connection will be in the Active State
Step 10) Now we need to modify the route tables of both the VPC’s to ensure that communication can flow via the VPC Peering connection.
So in the Route Table for VPC B, we need to add the destination for the CIDR of VPC A as the destination and the VPC Peering connection as the target.
We need to do the same thing for the Route table of VPC A
If you want to connect to anyone of the instances in the VPC via the internet, ensure that the internet gateway is attached to the Route table as well.
Step 11) Now it’s time to launch instances in each VPC.
So here we have 2 servers, one is ServerA which is launched in VPCA and ServerB launched in VPCB
Now we are going to connect to ServerA in VPCA and then ping ServerB. The private IP of ServerB is 10.0.1.138.
Since we are going to use the ping command , ensure that the Security Group for both instances have the security group modified to allow the ICMP protocol.
Once all of this is in place, you will be able to ping ServerB from ServerA.
Also Read: Introduction to Elastic Network Interface
Important Points to Remember
- Transitive VPC Peering is not allowed. Let’s say you have the following VPC’s peered.
So here we have VPCA peered to VPCB and VPCB peered to VPCC. This does not mean that VPCA can communicate with VPCC through VPCB.
For VPCA to communicate with VPCC, there has to be one explicit VPC Peering connection from VPCA to VPCC as shown below
- You are not allowed to create a VPC peering connection between VPCs with overlapping or matching IPv6 or IPv4 CIDR blocks
- It is not possible to create a VPC peering connection between VPCs present in different regions
- Only one VPC peering connection is possible between two VPCs at a time
- In case of following VPC peering connections, it is not allowed to extend the peering
(a) If corporate network have VPN or AWS Direct connection
(b) If internet is connected through a NAT device in a private subnet
(c) If internet is connected via an internet gateway
(d) VPC endpoint to an AWS service, such as an endpoint to Amazon S3
The aim of Whizlabs is to help the individuals in their journey of preparing and passing AWS Certified Advanced Networking Specialty certification exam. We deliver the best and high-quality preparation material to evolve professional career. Whizlabs content is prepared by the industry experts who have a great knowledge and passion for cloud computing. We are continuously growing our cloud expert’s community.
- Tableau Fundamentals Training Course Launched - August 7, 2020
- Microsoft Azure AI-100 Online Course Launched - August 4, 2020
- Getting Started: Introduction to Jenkins - July 30, 2020
- Splunk Basics Training Course Launched - July 29, 2020
- Preparation Guide for DP-900: Microsoft Azure Data Fundamentals Exam - July 23, 2020