VPC peering is a technique for securely connecting two or more virtual private clouds, or VPCs.
In modern network architectures that include multiple clouds, VPC peering offers important security and performance benefits. However, it’s important to ensure that you properly observe and manage VPC peering configurations in order to avoid potential network performance issues.
A VPC is an isolated environment within a public cloud that allows organizations to host resources in that cloud without directly exposing them to the public Internet. As such, a VPC lets you set up a private network within a public cloud. By isolating workloads on a private network, VPCs provide an added layer of security.
If all of your workloads run within a single cloud, you can use just one VPC to host any resources that require private connectivity.
But what if you use multiple clouds, and have a VPC (or multiple VPCs) set up in each one of them? That’s where VPC peering comes in. With VPC peering, you can establish private connections between two or more VPCs.
When you set up VPC peering between clouds, resources running in different public clouds can communicate with each other as if they were hosted in the same cloud and running on the same private network.
VPC peering offers several important advantages.
Perhaps the most obvious benefit of VPC peering is security. Without VPC peering, workloads running in distinct clouds would have to communicate over the public internet. This requirement would significantly increase their exposure to potential attack or abuse. With VPC peering, however, private network communications between VPCs are never exposed to the internet.
VPC peering can also reduce network latency by eliminating the need to route traffic across the internet in order to enable communications between clouds. In this way, VPC peering may enhance network performance.
Finally, because public cloud providers often charge lower egress fees for data that is transferred within VPC peering connections as compared to data that is transported across public internet connections, VPC peering can help reduce your cloud data egress bills.
While VPC peering can help boost the security and performance of modern networks, it adds another layer of complexity to network architectures. Organizations must take steps to manage this complexity through network observability in order to ensure that issues with VPC peering configurations don’t disrupt network availability or performance.
A number of challenges could potentially arise within VPC peering, and pinpointing the source of a problem can be difficult. Manually configured routes could lead to traffic flow problems, for example, or a service degradation in one cloud provider’s network could increase latency across all VPCs that are peered with that provider’s VPCs.
To make matters more complicated, cloud providers themselves offer users relatively little ability to track and manage the performance of VPC peering connections. Each cloud provider focuses on helping customers manage the performance only of network resources running within its own cloud. AWS tooling will not help you troubleshoot problems with a peered VPC running in Azure, for example. AWS only tracks the performance of VPCs running within AWS.
This means that, if your team sets up VPC peering, the burden is on you to identify and manage any potential issues that arise. Network observability platforms allow you to do this by ingesting network telemetry data from multiple sources, then correlating and contextualizing that data so that you can answer questions about the state of all of your VPCs.
In other words, by analyzing data sources such as flow logs, latency metrics and synthetic performance tests from across all of the cloud environments that host your VPCs, network observability tools make it possible to identify, understand and resolve performance issues that may arise within the context of VPC peering. You can trace a problem with peered VPC connections to the specific cloud or configuration that triggers them.
In turn, you can take action to ensure that your VPC peering connections fully deliver on the security, performance and cost benefits that VPC peering stands to offer.