Kentik - Network Observability
What is VPC Peering?

What is VPC Peering?

There’s a good probability that you’ve heard about VPC peering if you build and manage apps on public clouds like GCP or AWS. This article explains what VPC peering is, how it works, and how Kentik’s network observability platform may be used to reduce the complicated problems that may arise when using VPC peering.

VPC peering is a technique for securely connecting two or more virtual private clouds, or VPCs. According to Amazon, a VPC peering connection is “a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses”. Once connected by a VPC peering connection, instances in either VPC can communicate with each other just as if they were on the same network.

In modern network architectures that include multiple clouds, VPC peering offers important security and performance benefits. However, it’s important to ensure that you properly observe and manage VPC peering configurations in order to avoid potential network performance issues.

How VPC Peering Works: Multi-VPC Connections

VPC Peering

A VPC is an isolated environment within a public cloud that allows organizations to host resources in that cloud without directly exposing them to the public Internet. As such, a VPC lets you set up a private network within a public cloud. By isolating workloads on a private network, VPCs provide an added layer of security.

If all of your workloads run within a single cloud, you can use just one VPC to host any resources that require private connectivity.

But what if you use multiple clouds, and have a VPC (or multiple VPCs) set up in each one of them? That’s where VPC peering comes in. With VPC peering, you can establish private connections between two or more VPCs.

When you set up VPC peering between clouds, resources running in different public clouds can communicate with each other as if they were hosted in the same cloud and running on the same private network.

The Advantages of VPC Peering

VPC peering offers several important advantages.

1. Enhanced Security: Perhaps the most obvious benefit of VPC peering is security. Without VPC peering, workloads running in distinct clouds would have to communicate over the public internet. This requirement would significantly increase their exposure to potential attack or abuse. With VPC peering, however, private network communications between VPCs are never exposed to the internet.

2. Reduced Network Latency: VPC peering can also reduce network latency by eliminating the need to route traffic across the internet in order to enable communications between clouds. In this way, VPC peering may enhance network performance.

3. Decreased Costs of Network Expenses: Finally, because public cloud providers often charge lower egress fees for data that is transferred within VPC peering connections as compared to data that is transported across public internet connections, VPC peering can help reduce your cloud data egress bills.

VPC Peering and Network Observability

While VPC peering can help boost the security and performance of modern networks, it adds another layer of complexity to network architectures. Organizations must take steps to manage this complexity through network observability in order to ensure that issues with VPC peering configurations don’t disrupt network availability or performance.

A number of challenges could potentially arise within VPC peering, and pinpointing the source of a problem can be difficult. Manually configured routes could lead to traffic flow problems, for example, or a service degradation in one cloud provider’s network could increase latency across all VPCs that are peered with that provider’s VPCs.

To make matters more complicated, cloud providers themselves offer users relatively little ability to track and manage the performance of VPC peering connections. Each cloud provider focuses on helping customers manage the performance only of network resources running within its own cloud. AWS tooling will not help you troubleshoot problems with a peered VPC running in Azure, for example. AWS only tracks the performance of VPCs running within AWS.

This means that, if your team sets up VPC peering, the burden is on you to identify and manage any potential issues that arise. Network observability platforms allow you to do this by ingesting network telemetry data from multiple sources, then correlating and contextualizing that data so that you can answer questions about the state of all of your VPCs. Kentik’s network observability platform, for example, can be used to manage VPC communications in and between AWS, Google Cloud, IBM Cloud, and Microsoft Azure cloud environments.

In other words, by analyzing data sources such as flow logs, latency metrics and synthetic performance tests from across all of the cloud environments that host your VPCs, network observability tools make it possible to identify, understand and resolve performance issues that may arise within the context of VPC peering. You can trace a problem with peered VPC connections to the specific cloud or configuration that triggers them.

In turn, you can take action to ensure that your VPC peering connections fully deliver on the security, performance and cost benefits that VPC peering stands to offer.

To see how Kentik can help boost the security and performance of your organization with VPC peering, request a demo or sign up for a free trial today.

Frequently Asked Questions: VPC Peering

Q: What is a VPC?

A: A VPC (virtual private cloud) is a virtual network hosted in a public cloud environment. Though hosted remotely, VPCs resemble traditional networks that are operated in a private data center. Network resources are allocated between different users/organizations sharing the resources of the public cloud vendor which also provides some degree of isolation between the different users. In other words, a VPC lets you set up a private network within a public cloud.

Q: What is a VPC peering connection?

A: A VPC peering connection is a networking connection between two VPCs that enables network traffic to be routed between them using private IP addresses. Once connected by a VPC peering connection, instances in either VPC can communicate with each other just as if they were on the same network.

Q: How does VPC peering differ from internet/BGP peering?

A: VPC peering connects two VPC as if they were on the same network, using private IP addresses. Traditional internet peering allows for similar functionality. Internet peering is a connection between two IP networks that allows traffic to flow from sources in either of the networks to destinations in the other without allowing the traffic to travel via the internet. This sort of peering is configured using BGP (Border Gateway Protocol) which exchanges routing information between two systems. The configuration of BGP on both sides of the connection determines whether the connection is a “peering” or an “internet access/transit” type of connection. For a deeper discussion of this topic, see “What is Internet Peering?”.

Updated: August 31, 2022
We use cookies to deliver our services.
By using our website, you agree to the use of cookies as described in our Privacy Policy.