Skip to main content

VPC Peering



VPC Peering


VPC Peering feature is used when we need to establish connectivity between subnet in two different VPCs in the same or different account.
Let’s take a scenario of creating VPC Peering between two VPC in the same account to keep it simple.
NOTE: All the IP address and CIDR range depicted in the below diagram and subsequent steps is for example only.


Step 1: Create a VPC A with CIDR Range 10.0.0.0/16 and keep Default in Tenancy dropdown. 
Step 2: Create a VPC B with CIDR Range 172.16.0.0/16 and keep Default in Tenancy dropdown. 
Step 3: Enter Name tag as SubNetA and map to VPC A in VPC dropdown. Note that VPC CIDRs of VPC A is auto-populated and status as associated.
Selecting Availability zone is not mandatory. However, AWS will select one of the Availability Zone when we create a subnet.
Enter 10.0.1.0/24 as IPv4 CIDR block and then click on Create button.
Step 4: Create SubNet A and map to VPC B in VPC dropdown. Note that CIDR of VPC B is auto-populated and status as associated.
Enter 172.16.1.0/24 as IPv4 CIDR block and then click on Create button.

Step 5: Create InternetGatewayA required for VPC A
Step 6: Map the InternetGateway A to VPC A from the VPC drop-down



Step 7: Create the InternetGatewayB and attach to VPC B from the VPC dropdown

Step 8: Navigate to Route Tables from left-hand pane and then select default route for VPC A
Allow all IPv4 traffic route (0.0.0.0/0) and Target to InternetGatewayA 
0.0.0.0/0 is also known as quad-zero route 

Step 9: Navigate to VPC Select default route for VPC A
Allow all IPv4 traffic route (0.0.0.0/0) and Target to InternetGatewayB



Step 10: Create EC2 Instance in respective VPC and Subnet with Public IP also enabled. To launch the EC2 instance, click on Launch Instance button 

Step 11: For testing, we have selected t2.micro as its eligible for Free tier. 

Step 12: Select the VPC and Subnet created earlier. Also, select Enable in the Auto-assign Public IP dropdown. 


Step 13: Add a tag to assign a Machine Name to differentiate. 
Step 14: You may create a new security group or you can select the existing group if you have already created. Select All traffic in the Type drop-down and select Anywhere in Source dropdown.
Review and Launch
Step 15: Select an existing key pair in the region if you have already or create a new key pair 




Repeat the EC2 creation steps to create another EC2 instance in VPC B.

Step 16: Navigate to VPC Peering Connections from the left-hand pane
Click on Create Peering Connection button to create new peering between VPC A and VPC B. 
Enter the Name tag for the peering connection. Then Select VPC A as VPC Requester and VPC Accepter in VPC B. 
Step 17: Ensure Peering connection is successful 


Step 18: Select Accept Request from the Actions drop down. 







Step 19: Navigate to VPC à Route Tables à Select the Route Table created for VPC A
Add the VPC B’s CIDR as route and target to VPC Peering then click on Save routes
Step 20: Select the Route Table created for VPC B
Add the VPC A’s CIDR as route and target to VPC Peering then click on Save routes.
Step 21: Login to EC2 instance created in VPC A using the Public IP and Private Key then ping to private IP of EC2 instance in VPC B.
Step 22: Login to EC2 instance created in VPC b using the Public IP and Private Key then ping to private IP of EC2 instance in VPC A.
Expected to get the ping response as shown in the screenshot below. 

Little more about VPC Peering:
  1. If there are three VPC named VPC A, VPC B & VPC C. Peering created between Aà B and Bà C then VM in VPC A CANNOT ping to VM in VPC C. This is called VPC Transitive.
  2. To establish VPC Peering, it is mandatory to have two Subnet in different range.
  3. To communicate between to Subnet in Same VPC, no peering to be created as VPC itself will act as a peering connection.
  4. If we are creating the VPC Peering between two VPC in different account/region then VPC peering request approval will go to receiver account.

Comments

Popular posts from this blog

IP Sec Tunneling

Requirement: Establish connectivity between the on-premise data center and AWS data center using IPSec tunneling.  Solution: We are creating IPSec Tunneling between two VPC in a different account and the different region as we don’t have on-premise data center.  Steps to achieve this. 1.        Create VPC A with CIDR Range 10.100.0.0/16 in First account. 2.        Create Subnet A in VPC A with range 10.100.1.0/24 3.        Create Internet Gateway and attach to VPC A. 4.        Add the Route (0.0.0.0/0) in default Route Table and target to Internet Gateway. 5.        Create VPC B with CIDR Range 10.200.0.0/16 in Second account. 6.        Create Subnet B in VPC B with range 10.200.1.0/24 7.        Create Internet Gateway and attach ...

NAT Gateway

NAT Gateway Create a VPC with two subnets and allow public access to EC2 instances only on one subnet. Then enable the internet to EC2 instances in Private Subnet. Requirement: Create EC2 instance in private Subnet and provide Internet access using NAT Gateway. Solution: 1.        Create One VPC with CIDR Range 10.0.0.0/16 2.        Create a private Subnet with CIDR Range 10.0.1.0/24 3.        Create a public Subnet with CIDR Range 10.0.2.0/24 4.        Create One Internet Gateway and assign to VPC. 5.        Create one custom Route table and associate Public Subnet. a.        Create a global route (0.0.0.0/0) and target to IGW 6.        Associate private subnet to default Route table 7.        Launch one...