VPC Peering Connection (same cloud)¶
Note
For VPC Peering between zCompute VPCs in the same Zadara Edge Cloud, use zCompute’s built-in VPC Peering Connection (same cloud) solution.
For VPC Peering between zCompute VPCs in different Zadara Edge Clouds, or zCompute VPC to customer on-premises peering, use the VPC Peering for multiple Zadara Edge Clouds solution that leverages open-source pfSense software.
Introduction¶
VPC peering lets users create direct IP connectivity between any two VPCs. Direct connectivity between VPCs means that servers in a VPC can be reached from the other VPC without the need for elastic IPs or traffic flowing through the edge network.
VPC peering is simply L3 connectivity realized using routing tables and IP connectivity.
VPC peering can only be achieved between VPCs that do not have an address overlap (as the connectivity is based solely on routing).
VPC peering is between exactly two VPCs in one Zadara region.
VPC peering is subject to the Zadara Cloud Services permission scheme. This means that to create a peering connection, a user must have permissions in both VPCs.
Unlike VPC peering in AWS, the Zadara Cloud Services implementation does not require the two ends of the peering connection to consent.
A peer VPC can be referenced in a security group only by the peer’s CIDR.
The VPC peering functionality can be used in a star topology with one central VPC and 3 peered VPCs.
VPC peering implementation in zCompute¶
VPC peering is an additional router that lies between the peer VPCs.
This peering router is populated with the two VPCs’ addresses (CIDRs).
Important
VPC peering does not support transitive routing from one VPC through another VPC to another network, whether it’s the Internet (for IGW sharing) or routing to an on-prem network through a direct subnet etc.
Creating a Peering Connection¶
To create a peering connection:
Navigate to Networking > Peering Connections.
From the top toolbar, click Peer VPC and enter the following fields:
Name - name of peering connection.
Description - description of peering connection.
Requester - select requester VPC from pull down list.
Accepter - select accepter VPC from pull down list or by entering VPC ID shown in detailed VPC view in Networking > VPCs.
Click OK. The peering connection will appear in the list with status Pending-Acceptance.
To accept the peering request, click the status Pending-Acceptance and select Accept from top toolbar. The status should change to Active.
To allow traffic to flow, you must create routes in the relevant route tables. A route can be to the entire VPC or to specific subnets. The target of the route is the peering connection.
To create a route:
Navigate to Networking > Route Tables.
From top toolbar, select Create and enter the following fields:
Name - name of route table.
Description - description of route table.
VPC - VPC for one of the requester VPC.
Click OK. The route table is created.
Select the new route table from the displayed list, and from the lower toolbar, select the Routes tab and click Create.
In the Create Route dialog, select Target Type = Peering Connections and then select CIDR in the accepter VPC.
Click OK.
To confirm that a VPC peering connection is working, ping between two VM instances in two different VPCs that have a VPC peering connection.