VPC Peering is a networking connection between two Virtual Private Clouds (VPCs) that enables traffic routing between them using private IPv4 or IPv6 addresses. Instances in either VPC can communicate with each other as if they were within the same network.
Key characteristics of VPC Peering:
1. …VPC Peering is a networking connection between two Virtual Private Clouds (VPCs) that enables traffic routing between them using private IPv4 or IPv6 addresses. Instances in either VPC can communicate with each other as if they were within the same network.
Key characteristics of VPC Peering:
1. **Non-Transitive Nature**: VPC peering connections are non-transitive. If VPC A is peered with VPC B, and VPC B is peered with VPC C, VPC A cannot communicate with VPC C through VPC B. A separate peering connection must be established between VPC A and VPC C.
2. **Cross-Region and Cross-Account**: VPC peering works across different AWS regions (inter-region peering) and between different AWS accounts, providing flexible networking options for organizations with complex architectures.
3. **No Overlapping CIDR Blocks**: The CIDR blocks of peered VPCs cannot overlap. This is a critical consideration when planning your network architecture.
4. **Route Table Configuration**: After establishing a peering connection, you must update route tables in both VPCs to enable traffic flow. Routes must point to the peering connection for the destination CIDR of the peer VPC.
5. **Security Groups and NACLs**: Standard security controls apply. Security groups and Network ACLs must be configured to allow the desired traffic between peered VPCs.
6. **No Single Point of Failure**: VPC peering uses existing AWS infrastructure, providing high availability with no bandwidth bottleneck.
7. **Cost Considerations**: Data transfer across peering connections within the same region is charged at standard data transfer rates. Inter-region peering incurs additional costs.
Common use cases include sharing resources across development and production environments, connecting VPCs owned by different business units, or enabling communication between VPCs in different regions for disaster recovery scenarios. VPC peering is essential for building scalable, secure multi-VPC architectures in AWS.
VPC Peering - Complete Guide for AWS SysOps Administrator Associate
What is VPC Peering?
VPC Peering is a networking connection between two Virtual Private Clouds (VPCs) that enables you to route traffic between them using private IPv4 or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network.
Why is VPC Peering Important?
VPC Peering is crucial for several reasons:
• Cross-Account Connectivity: Allows resources in different AWS accounts to communicate securely • Multi-Region Architecture: Enables communication between VPCs in different AWS regions (inter-region peering) • Network Segmentation: Maintain separate VPCs for different environments (dev, staging, production) while allowing controlled communication • Cost Efficiency: Traffic stays on the AWS backbone network, avoiding internet gateway charges • Low Latency: Provides high-bandwidth, low-latency connections between VPCs
How VPC Peering Works
1. Initiation: The owner of the requester VPC sends a peering connection request to the owner of the accepter VPC
2. Acceptance: The owner of the accepter VPC must accept the request for the connection to be activated
3. Route Table Updates: Both VPCs must update their route tables to point traffic destined for the peer VPC CIDR to the peering connection
4. Security Group Configuration: Security groups must be configured to allow traffic from the peered VPC
Key Characteristics and Limitations
• Non-Transitive: VPC peering connections are NOT transitive. If VPC A is peered with VPC B, and VPC B is peered with VPC C, VPC A cannot communicate with VPC C through VPC B
• No Overlapping CIDR Blocks: The CIDR blocks of peered VPCs cannot overlap
• One Peering Connection Per VPC Pair: You can only have one peering connection between any two VPCs
• Cross-Region Support: Inter-region VPC peering is supported with some limitations (no security group referencing across regions)
• No Edge-to-Edge Routing: You cannot use VPC peering to extend your on-premises network through one VPC to another
Configuration Steps
1. Create a VPC peering connection request 2. Accept the VPC peering connection request 3. Update route tables in both VPCs 4. Update security groups to reference the peer VPC or its CIDR 5. Verify connectivity between instances
Common Use Cases
• Shared services VPC (centralized logging, monitoring, authentication) • Connecting development and production environments with controlled access • Multi-account architectures for large organizations • Disaster recovery setups across regions
Exam Tips: Answering Questions on VPC Peering
Remember These Key Points:
• Transitive Peering is NOT Supported: This is the most frequently tested concept. If a question describes a hub-and-spoke model expecting traffic to flow through a central VPC, VPC peering alone will not work
• CIDR Overlap Questions: If two VPCs have overlapping IP ranges, they cannot be peered. Look for this as a troubleshooting scenario
• Route Table Requirements: If connectivity is not working after establishing peering, the answer often involves missing route table entries
• Security Groups: Remember that security groups must allow traffic. In same-region peering, you can reference security groups from the peer VPC
• Cross-Region Limitations: Inter-region peering does not support security group references; you must use CIDR blocks instead
• Edge-to-Edge Routing: VPC peering does not support routing through a VPC to reach on-premises networks, VPN connections, internet gateways, or NAT gateways in the peer VPC
• DNS Resolution: For private DNS hostname resolution across peered VPCs, you must enable DNS resolution settings on the peering connection
• MTU Considerations: Inter-region VPC peering has a maximum MTU of 1500 bytes (jumbo frames not supported)
When to Choose VPC Peering vs Alternatives:
• Choose VPC Peering for simple, point-to-point connections between a small number of VPCs • Choose Transit Gateway when you need to connect many VPCs or require transitive routing • Choose PrivateLink when you want to expose specific services rather than entire VPC connectivity