AWS Vpc Peering Certification Key Topics

VPC Peering Overview

  • A VPC peering connection is a networking connection between two VPCs that enables routing of traffic between them using private IP addresses.
  • Instances in either VPC can communicate with each other as if they are within the same network
  • VPC peering connection can be established between your own VPCs, or with a VPC in another AWS account in a single different region.
  • AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware.
  • There is no single point of failure for communication or a bandwidth bottleneck

VPC Peering Rules & Limitations

  1. VPC peering connection cannot be created between VPCs that have matching or overlapping CIDR blocks.
  2. VPC peering connection cannot be created between VPCs in different regions. (NOTE - VPC Peering is now supported inter-region.)
  3. VPC peering connection are limited on the number active and pending VPC peering connections that you can have per VPC.
  4. VPC peering does not support transitive peering relationships. In a VPC peering connection, the VPC does not have access to any other VPCs that the peer VPC may be peered with even if established entirely within your own AWS account
  5. VPC peering does not support Edge to Edge Routing Through a Gateway or Private Connection
  6. In a VPC peering connection, the VPC does not have access to any other connection that the peer VPC may have and vice versa. Connections that the peer VPC can include
    1. A VPN connection or an AWS Direct Connect connection to a corporate network
    2. An Internet connection through an Internet gateway
    3. An Internet connection in a private subnet through a NAT device
    4. A ClassicLink connection to an EC2-Classic instance
    5. A VPC endpoint to an AWS service; for example, an endpoint to S3.
  7. Only one VPC peering connection can be established between the same two VPCs at the same time
  8. Maximum Transmission Unit (MTU) across a VPC peering connection is 1500 bytes.
  9. A placement group can span peered VPCs that are in the same region; however, you do not get full-bisection bandwidth between instances in peered VPCs
  10. Any tags created for the VPC peering connection are only applied in the account or region in which they were created
  11. Unicast reverse path forwarding in VPC peering connections is not supported
  12. Instance's public DNS hostname does not resolve to its private IP address across peered VPCs.
  13. Circa July 2016, Instance's Public DNS can now be resolved to its private IP address across peered VPCs

VPC Peering Architecture

AWS VPC Architecture
  • VPC Peering can be applied to create shared services or perform authentication with an on-premises instance
  • This would help creating a single point of contact, as well limiting the VPN connections to a single account or VPC
Loading... Please wait
Buy me a coffeeBuy me a coffee
<