AWS VPC peering, Inter-Region Peering concept, Hands-on Demo

VPC Peering:                     VPC peering is connecting or routing the network connection between two VPC using the private ipv4 addresse...

VPC Peering:

                    VPC peering is connecting or routing the network connection between two VPC using the private ipv4 addresses or ipv6 addresses.

                    Normally we can connect the instances in the same VPC with different subnets but cannot communicate with other VPC resources. but using VPC Peering we can connect different VPC resources.

Edge routing cannot be used while connected using vpc peering.

 

Peering(networking):

               It is a method to directly communicate and connect two different networks free of cost to carry the traffic across the internet. 

               So we can connect two different networks without any intermediate third-party paid services.  Inter-Region Peering: 

                If you want to connect different VPC in a different region, we can connect through the AWS inter-region peering connection.

                It can communicate with ec2, RDS, LAMBDA without needing gateways, VPN connections, separate network appliances.

In the aws vpc peering connection always we need requester and accepter.

Requester:

                 The Requester always requests the new vpc peering connection to the accepted.

Before creating a VPC peering Important one, all we need to know is that requesting VPC can not overlap the CIDR blocks. 

Accepter: 

               The accepter accepts the peering connection and sends back the response to the requester.

                In the VPC peering each requester and accepter must add the routes in the route tables for vpc peering. Same as well need to update the security group,

  If we used the public DNS hostname must update DNS resolution if needed.

VPC connection flow:

Requester ---> initiate the request 

Accepter --> pending acceptance --> can accept , delete, reject 

Else --> failed

1. If the requester got failed it may be available for two hours, after no-long visible.

2. If the accepter has not taken any action with 7 days it will expire,  visible for two days for both requester accepter. 

3. If the request is rejected it will visible to the requester for 2 days and the accepter for 2 hours.

4. If the accepter accepts the request it will move to the next step, which is the provisioning state.

The provisioning state means active state. Once it goes ActiveState, we cannot able to reject it

but we can able to delete the request.

5. If deleting the inter-region VPC peering connections sends a request by either accepter or requester.

Once the delete it, it is visible for 2 hours for deleted party, 2 days for another party.

Important points to know before creating Vpc:

            It is a one-to-one connection between 2 vpc, 

            It is not supported for transitive connections.

scenario 1: 10.0.0.0/16 10.0.0.0/16 it will work

scenario 2: 10.4.0.0/16 10.3.0.0/16 overlapping the IP does not work.

            we can use 50 active vpc peering per vpc, a maximum of 125 connections per vpc.

            we can use 25 outstanding vpc peering connection requests. Cannot be increased.

            The expiry time for an unaccepted vpc peering connection request is one week 168 hours.

            Cannot able to create more than one vpc peering connection between the same two vpc at the same region.

Hands-on Demo:

            To create VPC peering you must need two vpc, subnet along with route table.

1. Go to the VPC services on the left side we can see VPC peering, please click on it and click the create peering connection option,

Once clicked the peering connection option it opens the Vpc peering connection page

In this, we need to do the following steps

1. Give the name for the VPC peering connection which you are going to create now.

2. Choose the Requester VPC ID and CIDR block.

3. Choosing the accepter

    If we want to establish vpc peering with the same region another vpc we need to choose my account and This region options.

    If we want to establish vpc peering with another region vpc we need to choose my account and another region options, in the region option need to choose the region like us-east2,us-west2. so this is inter-region peering.

    If we want to establish vpc peering with other was account choose another account. choose region accordingly.

    After choosing the account and region need to choose accepter VPC.

once all the above steps are completed we are ready to create the vpc peering.

 

Now I am choosing the same region with a different vpc, so either accept the request or reject the request for that click the already created VPC and click options choose to accept the response.

e

Once the peering connection status shows active. we need to add the peering connections details into both vpc's route table. 

Once a peering connection was established we need to check whether can able connect the cross Vpc resources. for that, we need to connect the destination instance from the source instance itself. Connect the source instance and add the destination instance key file inside the source instance and give the permission as 400 and connect using ssh command.

Now, we can able to connect the servers, so that VPC peering connection working fine.

If we want to delete the existing peering connection you need to click that peering connection and go to actions and click the delete peering connections option. using this method you can able to remove the existing peering connection.

-----------------------------------------!!!Happy Learning With Techiev!!!! ---------------------------------------