Want To Connect Overlapping VPC


Hello Folks,

I want to configure overlapping vpc via aws private link if any one please share me documentation of regarding this which will help me. Thank you in advance. I am following this link "https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/" in the document mentioned second option of I am trying to configure aws private link. In my aws infrastructure is a three VPC's one customer vpc which is same CIDR of my service vpc. That's the reason I configured inbeetween vpn vpc which is not overlap but I am confused inbetween how to do the routing for network traffic passing through my customer vpc via site-to-site configured vpn vpc to aws private link to connect service vpc.

3 Answers

You do not need intermediate(VPN) VPC between Customer VPC and Service VPC to solve IP overlap issue.

High-level steps

Service VPC

  • Configure targets(Instances, IPs, or ALB) for NLB
  • Configure internal NLB with target groups with TCP listener
  • Configure service endpoint and associate NLB to the endpoint service
  • Optionally associate a private DNS name with endpoint service, then service consumers can enable private DNS names for their interface endpoints

Customer/Consumer VPC

  • Configure interface endpoint in customer VPC with option "Other endpoint services". Configure interface endpoints in multiple AZ for redundancy
  • Optionally, update SG applied to interface endpoint to restrict traffic as required
  • Modify routes in customer VPC subnet route-table pointing to newly created "vpce" next-hop


Hop this helps.

profile pictureAWS
answered 2 months ago


This blog post proposes a full solution to your exact question: https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-ranges/

A common situation we see in customer networks is when there are resources with overlapping
 IP address ranges that must communicate with each other. Frequently this occurs when companies 
are acquired and have used the same private (RFC1918) address ranges. However, it can also occur 
when a service provider with a unique IP range must provide access to two different customers that 
each have the same IP range.

Network overlaps can also occur unintentionally. Some AWS services, such as Amazon SageMaker 
and AWS Cloud9, automatically reserve particular IP ranges. Furthermore, some third-party products, 
such as Docker, do the same thing. Make sure that you check the documentation of services and
 applications when building your VPCs in order to avoid conflicts with predefined IP addresses.

This post discusses some ways in which you can overcome this particular obstacle for IPv4-based 
networks. Customers that are using IPv6 aren’t expected to experience this problem given the size 
of the address space.



profile pictureAWS
answered 2 months ago
  1. You need to create a network load balancer in the destination Service VPC which points to your ALB or other resources.
  2. You then create a NLB Shared service https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-share-your-services.html
  3. In the Customer VPC, you connect to the Service via VPC Endpoint you have shared from the Service VPC

The traffic from the customer VPC does NOT route via VPN, it uses the Native AWS backbone

profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions