VPC Peering not working as expected

0

I have several VPCs in my environment and right now I am looking doing VPC Peering instead of using a Transit Gateway for cost optimization reasons. I have instances in one VPC that is not able to communicate to instances in another VPC. I must be missing something easy here. Can you please point me in the right direction? Thanks

demandé il y a un mois408 vues
4 réponses
1
Réponse acceptée

Hi Mr Jimenez,

For starters I imagine you have multiple VPCs that you are trying to peer together. In that case you must configure them in a fully meshed configuration. VPC peering is not transitive. You need to peer them all together. Here is an example: Enter image description here

You have 7 different VPCs and you want to access all the resources in each VPC without restriction. After you create and accept all the peering connections, you need to ensure you update each VPC's route tables with the destination route (CIDR block or potion of the CIDR block) to the peer VPC and the target which is the ID of the VPC peering connection. Please see this link for examples (link).

Just a couple of things to consider as well:

  • If you have overlapping or matching CIDR blocks, please ensure your route tables are configured to avoid sending the response traffic from the source VPC to the incorrect VPC.
  • You account does have a quota for the number of entries per route table. If that becomes an issue there are a couple different workarounds that might work. Please open a support ticket if you need help with this.

If you have further questions regarding architecting your peering connections I would reach out to your account Solutions Architect and work with them. They should be able to help or engage a Networking specialist if needed.

Hope this helps.

profile pictureAWS
répondu il y a un mois
profile picture
EXPERT
vérifié il y a un mois
profile picture
EXPERT
vérifié il y a un mois
1

After creating the VPC peering connection, you need to add routes in the route tables of both the peered VPCs with destination IP blocks of the other VPC and with the peering connection (starting with pcx-...) as the next hop.

EXPERT
Leo K
répondu il y a un mois
profile picture
EXPERT
vérifié il y a un mois
0

This could be several reasons

  1. VPC peering isnt transitive. It means you cant hop via 1 VPC to another to another.
  2. You have to add routes to your route tables in each VPC to route traffic between VPCs
  3. VPC CIDR Ranges have to be different and cant overlap
  4. Security groups on resources need to allow traffic from the other VPC
  5. Network Access Control Lists on subnets need to allow traffic from the other VPC
  6. If you are using DNS resolution you have to enable Cross VPC DNS resoultion in the DNS settings of the Peer once accepted

Useful Doc https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html

profile picture
EXPERT
répondu il y a un mois
profile pictureAWS
EXPERT
vérifié il y a un mois
-1

Like other mentions but I wanted to add that you can create a "transit" vpc to route your traffic to. Essentially an unmanaged Transit Gateway but you'll have to be more hands-on

répondu il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions