Vipul Pathak

VPC Peering ….. Quick Facts


VPC Peering (VPCP) is possible between two Private Clouds of same or different accounts. Connecting two cloud environments make it possible to use each other’s resources. Peering two VPCs can be essentially comparable with connecting two large networks that allow connecting to each other’s resources over non-public IP addresses, yet it is possible to put Security Groups and NACLs between them.

VPC Peering (VPCP) between different regions was not possible before 2018 but now it is a reality. Peering between two VPCs is a one to one relationship, meaning that the Peering connection can’t be setup between more than two VPCs.

Multiple VPCs may have Peering setup with each other, but all pairs will use separate Peering connection, i.e. VPC ‘a’ and VPC ‘b’ are peers, same as VPC ‘b’ and VPC ‘c are peers. But that doesn’t make VPC ‘a’ and VPC ‘c’ peers, viz. peering is not Transitive. Also, Peering do not allow edge-to-edge connectivity, meaning that if VPC ‘b’ is connected with it’s On-Prem network and also peered with VPC ‘a’, then A cannot reach B’s On-Prem network through peering connection.

The only condition to meet for VPC Peering between two VPCs is that their CIDR block must not overlap.

When Peering is setup between VPCs of two separate regions, the traffic between them is encrypted.

For Inter-Region Peering, the traffic between them passes through AWS backbone (not through Internet). Also, it cost money as AWS charges Inter-Region data transfer charges.

VPC Peering is a networking connection between two VPCs over IPv4 or IPv6 and there can be only one peering between any two VPCs.

The Peering connectivity is –

  • fault tolerant and highly available
  • not a single point of failure
  • low bottleneck and highly redundant

VPC Peering request is initiated by one VPC and accepted by another in order to be enabled. Until Peering request is accepted, the state of the request is marked as ‘Pending Acceptance’.

Initiated Peering Connection between CIDR 172.31.0.0/16 (Originator) and CIDR 200.200.0.0/16 must be accepted by Acceptor VPC, on their VPC Console (Action Menu)

There is a soft limit of maximum 50 peering connection for any VPC with other networks (VPCs or data centers). While setting up peering, there cannot be more than 25 ‘Pending Accept’ state.

Since VPCP is a networking connection, both VPC’s routing tables need to include routes to other VPC’s CIDR blocks.

Vipul Pathak
, , , ,
, , ,

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Instagram / TikTok / X

Designed with WordPress