AWS VPC peering, Inter-Region Peering concept, Hands-on Demo

VPC Peering:                     VPC peering connects or routes the network connection between two VPCs using the private IPv4 or IPv6 addre...

VPC Peering:

                    VPC peering connects or routes the network connection between two VPCs using the private IPv4 or IPv6 addresses.

                    Normally we can connect the instances in the same VPC with different subnets but cannot communicate with other VPC resources. but using VPC Peering we can connect different VPC resources.

Edge routing cannot be used while connected using vpc peering.

 

Peering(networking):

               It is a method to directly communicate and connect two different networks free of cost to carry the traffic across the internet. 

               So we can connect two different networks without any intermediate third-party paid services.  Inter-Region Peering: 

                If you want to connect different VPC in a different region, we can connect through the AWS inter-region peering connection.

                It can communicate with ec2, RDS, and LAMBDA without needing gateways, VPN connections, or separate network appliances.

In the aws vpc peering connection always, we need a requester and accepter.

Requester:

                 The Requester always requests the new vpc peering connection to the accepted.

Before creating a VPC peering Important one, all we need to know is that requesting VPC can not overlap the CIDR blocks. 

Accepter: 

               The accepter accepts the peering connection and sends back the response to the requester.

                In the VPC peering each requester and accepter must add the routes in the route tables for vpc peering. Same as well need to update the security group,

  If we use the public DNS hostname, we must update the DNS resolution if needed.

VPC connection flow:

Requester ---> initiate the request 

Accepter --> pending acceptance --> can accept, delete, reject 

Else --> failed

1. If the requester fails it may be available for two hours, after no-long visible.

2. If the accepter has not taken any action within 7 days it will expire,  visible for two days for both requester accepter. 

3. If the request is rejected it will be visible to the requester for 2 days and the accepter for 2 hours.

4. If the accepter accepts the request it will move to the next step, which is the provisioning state.

The provisioning state means active state. Once it goes ActiveState, we cannot able to reject it

but we can able to delete the request.

5. If deleting the inter-region VPC peering connections sends a request by either accepter or requester.

Once you delete it, it is visible for 2 hours for the deleted party and 2 days for another party.

Important points to know before creating Vpc:

            It is a one-to-one connection between 2 vpc, 

            It is not supported for transitive connections.

scenario 1: 10.0.0.0/16 10.0.0.0/16 it will work

scenario 2: 10.4.0.0/16 10.3.0.0/16 overlapping the IP does not work.

            we can use 50 active vpc peering per vpc, a maximum of 125 connections per vpc.

            we can use 25 outstanding vpc peering connection requests. Cannot be increased.

            The expiry time for an unaccepted vpc peering connection request is one week 168 hours.

            Cannot able to create more than one vpc peering connection between the same two vpc at the same region.

Hands-on Demo:

            To create VPC peering you must need two vpcs, a subnet along with route table.

1. Go to the VPC services on the left side we can see VPC peering, please click on it and click the create peering connection option,

Once the peering connection option it opens the Vpc peering connection page

In this, we need to do the following steps

1. Give the name of the VPC peering connection that you are going to create now.

2. Choose the Requester VPC ID and CIDR block

3. Choosing the accepter

    If we want to establish vpc peering with the same region another vpc we need to choose my account and This region options.

    If we want to establish vpc peering with another region vpc we need to choose my account and another region options, in the region option need to choose the region like us-east2, or us-west2. so this is inter-region peering.

    If we want to establish vpc peering with another account choose another account. choose region accordingly.

    After choosing the account and region need to choose accepter VPC.

once all the above steps are completed we are ready to create the vpc peering.
    Now I am choosing the same region with a different vpc, so either accept the request or reject the request click the already created VPC, and click options to choose to accept the response.

Once the peering connection status shows active. we need to add the peering connections details into both vpc's route tables.

Once a peering connection is established, we need to check whether we can connect the cross Vpc resources. for that, we need to connect the destination instance from the source instance itself. Connect the source instance and add the destination instance key file inside the source instance give the permission as 400 and connect using the ssh.

Now, we can connect the servers, so that the VPC peering connection works fine.

If we want to delete the existing peering connection you need to click that peering connection go to actions and click the delete peering connections option. using this method you can able to remove the existing peering connection.

----------------------------------------!!!! Happy Learning with Techiev !!!!!!!!-------------------------------- -------------------------Subscribe our Youtube Channel by clicking the below link------------------- ----------------------------!!https://www.youtube.com/@techieview729!!---------------------