By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

VPC Peering not working as expected

0

Hi, I have created a VPC peering connection between 2 VPCs within the same region. Both VPCs have 1 public subnet each. I configured the required routes for both VPCs that should go through peering connection however I can't ping the EC2 instances in each VPC public subnet.

I tried another VPC setup, 2 VPC (VPC A and VPC B) with 1 public and 1 private subnet in each VPC, and then created a peering connection. Further added required routes. In this setup, I can ping successfully as below: Public instance (VPC A) to Private Instance (VPC B) Private instance (VPC A) to Private Instance (VPC B) Public instance (VPC B) to Private Instance (VPC A) Private instance (VPC B) to Private Instance (VPC A)

The following pings don't work: Public instance (VPC A) to Public Instance (VPC B) Private instance (VPC A) to Public instance (VPC B) Public instance (VPC B) to Public Instance (VPC A) Private instance (VPC B) to Public instance (VPC A)

Can someone have a look and confirm if this is as expected or there is some additional configuration required? I tried all possible configs and even tried to analyze through Network Analyzer but didn't get any solution to make this work.

Any suggestion or guidance would be appreciated.

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Networking & Content DeliveryAWS PrivateLinkAWS Transit Gateway
Language
English
AWS-User-msharma
asked 2 years ago1026 views
3 Answers
1

Hi!

I've tested your configuration and it works for me, I can ping between both instances that are located in public subnets.

  • Make sure that the route tables you mention above are associated with the subnets.
  • Which IPs are you using to do the ping? From your SG configuration, if the ICMP packets come from the public IP, the connection is going to be blocked.
AWS
Pablo_S
answered 2 years ago
  • AWS-User-msharma
    2 years ago

    I'm connecting to my EC2 instance in VPC A via RDP (from my IP) and from this EC2 instance trying to ping the private IP address of the EC2 instance in VPC B. The request gets timed out.

0

Did you allow ICMP in the Security Group of the instances? It is not allowed by default, even if you select ALL TRAFFIC in the SG. What do the rules in your SG look like and what does your route table look like would be the most helpful info here.

profile pictureAWS
EXPERT
Rob_H
answered 2 years ago
  • AWS-User-msharma
    2 years ago

    Hi Rob_H, Thanks for your response. My route table and SG look like below for scenario 1 where I have 2 VPCs with 1 public subnet each and the Peering connection is active.

    Route table-VPC A 10.1.0.0/16 local Active No 10.2.0.0/16 pcx-015122633fa67e3ed Active No 0.0.0.0/0 igw-0038ed6b1eb6d3147 Active No

    Route Table - VPC B 10.1.0.0/16 pcx-015122633fa67e3ed Active No 10.2.0.0/16 local Active No 0.0.0.0/0 igw-003f895ba0c3a7e99 Active No

    Security Group - EC2 in VPC A sgr-022181b29d6b1f157 IPv4 RDP TCP 3389 MyIP sgr-05c87bcdea0a3f5c7 IPv4 All ICMP - IPv4 ICMP All 10.2.0.0/16

    Security Group – EC2 in VPC B sgr-0dbb629719cf3fd9f IPv4 RDP TCP 3389 MyIP sgr-0f8941aad43b7c19f IPv4 All ICMP - IPv4 ICMP All 10.1.0.0/16

0

Also, make sure the NACLs on the subnets are allowing this traffic.

profile pictureAWS
EXPERT
kentrad
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content