3回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
You do not need intermediate(VPN) VPC between Customer VPC and Service VPC to solve IP overlap issue.
High-level steps
Service VPC
- Configure targets(Instances, IPs, or ALB) for NLB
- Configure internal NLB with target groups with TCP listener
- Configure service endpoint and associate NLB to the endpoint service
- Optionally associate a private DNS name with endpoint service, then service consumers can enable private DNS names for their interface endpoints
Customer/Consumer VPC
- Configure interface endpoint in customer VPC with option "Other endpoint services". Configure interface endpoints in multiple AZ for redundancy
- Optionally, update SG applied to interface endpoint to restrict traffic as required
- Modify routes in customer VPC subnet route-table pointing to newly created "vpce" next-hop
https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html
Hop this helps.
回答済み 4ヶ月前
1
Hi,
This blog post proposes a full solution to your exact question: https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/
A common situation we see in customer networks is when there are resources with overlapping
IP address ranges that must communicate with each other. Frequently this occurs when companies
are acquired and have used the same private (RFC1918) address ranges. However, it can also occur
when a service provider with a unique IP range must provide access to two different customers that
each have the same IP range.
Network overlaps can also occur unintentionally. Some AWS services, such as Amazon SageMaker
and AWS Cloud9, automatically reserve particular IP ranges. Furthermore, some third-party products,
such as Docker, do the same thing. Make sure that you check the documentation of services and
applications when building your VPCs in order to avoid conflicts with predefined IP addresses.
This post discusses some ways in which you can overcome this particular obstacle for IPv4-based
networks. Customers that are using IPv6 aren’t expected to experience this problem given the size
of the address space.
Best,
Didier
0
- You need to create a network load balancer in the destination Service VPC which points to your ALB or other resources.
- You then create a NLB Shared service https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html
- In the Customer VPC, you connect to the Service via VPC Endpoint you have shared from the Service VPC
The traffic from the customer VPC does NOT route via VPN, it uses the Native AWS backbone
関連するコンテンツ
- 質問済み 6年前
- AWS公式更新しました 2年前
- AWS公式更新しました 2年前