VPC Peering not working as expected

0

I have several VPCs in my environment and right now I am looking doing VPC Peering instead of using a Transit Gateway for cost optimization reasons. I have instances in one VPC that is not able to communicate to instances in another VPC. I must be missing something easy here. Can you please point me in the right direction? Thanks

已提问 1 个月前409 查看次数
4 回答
1
已接受的回答

Hi Mr Jimenez,

For starters I imagine you have multiple VPCs that you are trying to peer together. In that case you must configure them in a fully meshed configuration. VPC peering is not transitive. You need to peer them all together. Here is an example: Enter image description here

You have 7 different VPCs and you want to access all the resources in each VPC without restriction. After you create and accept all the peering connections, you need to ensure you update each VPC's route tables with the destination route (CIDR block or potion of the CIDR block) to the peer VPC and the target which is the ID of the VPC peering connection. Please see this link for examples (link).

Just a couple of things to consider as well:

  • If you have overlapping or matching CIDR blocks, please ensure your route tables are configured to avoid sending the response traffic from the source VPC to the incorrect VPC.
  • You account does have a quota for the number of entries per route table. If that becomes an issue there are a couple different workarounds that might work. Please open a support ticket if you need help with this.

If you have further questions regarding architecting your peering connections I would reach out to your account Solutions Architect and work with them. They should be able to help or engage a Networking specialist if needed.

Hope this helps.

profile pictureAWS
已回答 1 个月前
profile picture
专家
已审核 1 个月前
profile picture
专家
已审核 1 个月前
1

After creating the VPC peering connection, you need to add routes in the route tables of both the peered VPCs with destination IP blocks of the other VPC and with the peering connection (starting with pcx-...) as the next hop.

专家
Leo K
已回答 1 个月前
profile picture
专家
已审核 1 个月前
0

This could be several reasons

  1. VPC peering isnt transitive. It means you cant hop via 1 VPC to another to another.
  2. You have to add routes to your route tables in each VPC to route traffic between VPCs
  3. VPC CIDR Ranges have to be different and cant overlap
  4. Security groups on resources need to allow traffic from the other VPC
  5. Network Access Control Lists on subnets need to allow traffic from the other VPC
  6. If you are using DNS resolution you have to enable Cross VPC DNS resoultion in the DNS settings of the Peer once accepted

Useful Doc https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html

profile picture
专家
已回答 1 个月前
profile pictureAWS
专家
已审核 1 个月前
-1

Like other mentions but I wanted to add that you can create a "transit" vpc to route your traffic to. Essentially an unmanaged Transit Gateway but you'll have to be more hands-on

已回答 1 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则