Want To Connect Overlapping VPC
Hello Folks,
I want to configure overlapping vpc via aws private link if any one please share me documentation of regarding this which will help me. Thank you in advance. I am following this link "https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/" in the document mentioned second option of I am trying to configure aws private link. In my aws infrastructure is a three VPC's one customer vpc which is same CIDR of my service vpc. That's the reason I configured inbeetween vpn vpc which is not overlap but I am confused inbetween how to do the routing for network traffic passing through my customer vpc via site-to-site configured vpn vpc to aws private link to connect service vpc.
- Newest
- Most votes
- Most comments
You do not need intermediate(VPN) VPC between Customer VPC and Service VPC to solve IP overlap issue.
High-level steps
Service VPC
- Configure targets(Instances, IPs, or ALB) for NLB
- Configure internal NLB with target groups with TCP listener
- Configure service endpoint and associate NLB to the endpoint service
- Optionally associate a private DNS name with endpoint service, then service consumers can enable private DNS names for their interface endpoints
Customer/Consumer VPC
- Configure interface endpoint in customer VPC with option "Other endpoint services". Configure interface endpoints in multiple AZ for redundancy
- Optionally, update SG applied to interface endpoint to restrict traffic as required
- Modify routes in customer VPC subnet route-table pointing to newly created "vpce" next-hop
https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html
Hop this helps.
Hi,
This blog post proposes a full solution to your exact question: https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/
A common situation we see in customer networks is when there are resources with overlapping
IP address ranges that must communicate with each other. Frequently this occurs when companies
are acquired and have used the same private (RFC1918) address ranges. However, it can also occur
when a service provider with a unique IP range must provide access to two different customers that
each have the same IP range.
Network overlaps can also occur unintentionally. Some AWS services, such as Amazon SageMaker
and AWS Cloud9, automatically reserve particular IP ranges. Furthermore, some third-party products,
such as Docker, do the same thing. Make sure that you check the documentation of services and
applications when building your VPCs in order to avoid conflicts with predefined IP addresses.
This post discusses some ways in which you can overcome this particular obstacle for IPv4-based
networks. Customers that are using IPv6 aren’t expected to experience this problem given the size
of the address space.
Best,
Didier
- You need to create a network load balancer in the destination Service VPC which points to your ALB or other resources.
- You then create a NLB Shared service https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html
- In the Customer VPC, you connect to the Service via VPC Endpoint you have shared from the Service VPC
The traffic from the customer VPC does NOT route via VPN, it uses the Native AWS backbone
Relevant content
- asked 8 months ago
- asked a year ago
- asked 8 months ago
- How can I configure my Amazon VPC to privately connect to my S3 bucket without using authentication?
AWS OFFICIALUpdated 2 years ago - AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
