By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

VPC Peering not working as expected

0

I have several VPCs in my environment and right now I am looking doing VPC Peering instead of using a Transit Gateway for cost optimization reasons. I have instances in one VPC that is not able to communicate to instances in another VPC. I must be missing something easy here. Can you please point me in the right direction? Thanks

Topics
Networking & Content Delivery
Tags
Networking & Content Delivery
Language
English
cjimenez
asked 10 months ago855 views
4 Answers
1
Accepted Answer

Hi Mr Jimenez,

For starters I imagine you have multiple VPCs that you are trying to peer together. In that case you must configure them in a fully meshed configuration. VPC peering is not transitive. You need to peer them all together. Here is an example: Enter image description here

You have 7 different VPCs and you want to access all the resources in each VPC without restriction. After you create and accept all the peering connections, you need to ensure you update each VPC's route tables with the destination route (CIDR block or potion of the CIDR block) to the peer VPC and the target which is the ID of the VPC peering connection. Please see this link for examples (link).

Just a couple of things to consider as well:

  • If you have overlapping or matching CIDR blocks, please ensure your route tables are configured to avoid sending the response traffic from the source VPC to the incorrect VPC.
  • You account does have a quota for the number of entries per route table. If that becomes an issue there are a couple different workarounds that might work. Please open a support ticket if you need help with this.

If you have further questions regarding architecting your peering connections I would reach out to your account Solutions Architect and work with them. They should be able to help or engage a Networking specialist if needed.

Hope this helps.

profile pictureAWS
Mike Manuele
answered 10 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed 10 months ago
profile picture
EXPERT
Gary Mclean
reviewed 10 months ago
1

After creating the VPC peering connection, you need to add routes in the route tables of both the peered VPCs with destination IP blocks of the other VPC and with the peering connection (starting with pcx-...) as the next hop.

EXPERT
Leo K
answered 10 months ago
profile picture
EXPERT
Gary Mclean
reviewed 10 months ago
0

This could be several reasons

  1. VPC peering isnt transitive. It means you cant hop via 1 VPC to another to another.
  2. You have to add routes to your route tables in each VPC to route traffic between VPCs
  3. VPC CIDR Ranges have to be different and cant overlap
  4. Security groups on resources need to allow traffic from the other VPC
  5. Network Access Control Lists on subnets need to allow traffic from the other VPC
  6. If you are using DNS resolution you have to enable Cross VPC DNS resoultion in the DNS settings of the Peer once accepted

Useful Doc https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html

profile picture
EXPERT
Gary Mclean
answered 10 months ago
profile pictureAWS
EXPERT
Tushar_J
reviewed 10 months ago
0

Like other mentions but I wanted to add that you can create a "transit" vpc to route your traffic to. Essentially an unmanaged Transit Gateway but you'll have to be more hands-on

Dzung Pham
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content