VPC Peering

Download as txt, pdf, or txt
Download as txt, pdf, or txt
You are on page 1of 6

-: Hey everyone, and welcome back.

Now in today's video we'll have a high level overview

about VPC peering.

Now VPC peering is a network connection

between two VPCs that enables the communication

between the instances of both the VPCs.

So this can be better explained with a diagram,

where you have one VPC with the CIDR of 172 31 0016,

and you have one more VPC which has the CIDR of 10 77 0016.

So if you want the instances between both the VPC

to communicate between each other via the private IP,

then you can establish a VPC peering between them.

So once this VPC peering is established,

then the instances will be able to communicate

with each other in a private manner.

So let's look into the architecture

that we we'll be having for today's demo.

So the first architecture here

is where we have a first VPC with a CDIR of 172 31 0016,

which is the left one, and the second VPC,

which has a CIDR of 10 77 0016, which is the right one.

And there is a VPC peering,

and we look into how the communication happens.

Now we have one more architecture that we have designed,

where you have the same VPC, which is 10 77 0016,

which is the right one over here.

And this VPC has two peering connection.

One with the first VPC that we were discussing

in the architecture diagram one,

but it also has one more peering connection


with one more VPC with the CIDR of 10 66 0016.

So these are the two architecture diagrams,

based on which we'll have today's demo.

So, let's quickly have a look into it.

So I'm in the EC2 console, and currently you see

that you have two EC2 instances running.

One is running either default VPC,

so it is running in the VPC of 172 31 0016,

and you have one more instance, called the secondary VPC,

it is running in the CIDR of 10 77 0016.

Same can be seen here, if you look into the IP of secondary,

it has 10 77 1.2.34.

And the IP address of the default, it is 172 31 3.59.

So first, let's quickly log in to the EC2 instance

in the secondary VPC.

So within the CLI,

let's quickly go ahead and connect to the instance.

Great, let's switch to route.

So the first thing that we'll do is from this VPC,

10 77 0016, we'll try and ping the instance

in the default VPC.

So the instance in the default VPC has a private IP,

let's copy the private IP here.

And let's quickly do a ping on the private IP.

And you see it is successful over here.

Great, so the communication

between both the VPCs are successful.

Now, let's look into the second architecture,

where we are logged in in 10 77 CIDR instance,


and from here we'll try to ping one more instance

of 10 66 0016 CIDR.

However, this specific instance

is not within the same region.

So, these two VPCs that we are discussing,

these are in the same region,

and the 10 77 and the 10 66 are in a different region.

So let's open up one more region, which is the Tokyo one.

So here you have one more EC2 instance which is running,

and if you look into the private IP, it is 10 66 1.251.

So let's go ahead and try that out as well.

So let's replace it with the new IP.

And as expected,

you see you are able to perform the communication as well.

So this communication which allows instances

to communicate between VPCs across the private IP addresses

is the part of VPC peering.

Now in fact, let me quickly show you

the VPC peering configuration as well.

So let's go to the VPC.

So here we'll go to the peering connections.

So currently you see that there are two peering connections,

and the status are active.

So the first peering connection,

if you look into the configuration here,

the requester VPC is 10 77 0016.

So this is the requester VPC,

and the acceptor VPC is 172 31 0016, which is this one.

So this is the first peering connection,

and it is in the active state.


You have one more peering connection,

called as second to third.

If you'll see here, the request there is 10 77 0016.

So it is the bottom one, and the acceptor is 10 66 0016,

which is the top right one.

So generally in VPC peering what happens

is that before this peering connection gets established,

you'll have to accept that peering connection,

and that is why it is saying who has requested

for the peering connection,

and which VPC has accepted that peering connection.

So these are the two peering connections

through which the communication is happening.

Great, so I hope at a high level overview

you understood what VPC peering is.

Now there are certain important pointers

that you need to remember.

First one is that the VPC peering

is now possible between regions.

So earlier, this first point was not possible,

so let's say that you have one instance in North Virginia,

and second instance in Tokyo.

So earlier you could not perform the VPC peering there.

However, now you can go ahead

and also peer the VPCs between the regions,

similar to what we looked into today's demo.

Now here you can also perform VPC peering

between multiple accounts.

Second important pointer here


is that VPC peering does not act like a transit VPC,

this is very important.

So let's say that a VPC A has a peering with VPC B

and VPC C.

So this does not mean that the EC2 instance in VPC B

will be able to communicate with the EC2 instance in VPC C

via are the route of VPC A.

So, this VPC A cannot act as a transit VPC.

So very similar to the architecture diagram,

where instances in the VPC of 172 31,

would not be able to communicate with 10 66,

via the route of 10 77.

So this cannot act as a transit VPC.

So in case if this VPC needs to communicate with the 10 66,

then you can establish one more peering connection

between them.

All right, So that's what transit VPC is all about.

Now, there are certain unsupported

VPC peering configuration.

First one is that you cannot create a VPC peering connection

between VPCs with matching, or overlapping IPv4 CIDR blocks,

this is also applicable with the IPv6.

So, let's say you have a VPC A, it's 172 16 0016,

and VPC B with the same CIDR, which is 172 16 0016.

So you cannot establish a peering connection here.

So in order to establish a peering connection,

the VPCs needs to have a different CIDR block,

which are not overlapping.

And the second unsupported VPC peering configuration

is something that we just discussed about the transit VPC,


where from the VPC B, if you'll see,

you cannot communicate to VPC C via the route of VPC A.

So this is something that we have already discussed.

So that's the high level overview about VPC pairing,

I hope this video has been informative for you,

and I look forward to seeing you in the next video.

You might also like