Connecting
multiple VPC’S using Peering connection
What is a peering connection?
- VPC peering is used to connect between multiple vpc’s using a peering connection, it enables route traffic between two or more vpc’s privately
- Example: there is an IT company, for suppose the company has an inventory department and IT department the work of the inventory department is they need to store the equipment which is used by other departments. IT department assign the equipment to the other departments the data is shared between both the departments so they can check whether the equipment is available or not
1. VPC
a. Subnets
b. Routing table
c. Internet
gateway
d. Vpc
e. Peering
connection
2. Security
groups
3. Ec2
instance
4. Putty
5. Putty gen
Introduction on components
1. What is a VPC?
VPC is a
virtual private cloud that helps us to connect multiple instances or servers at
a time in a hub. VPC is mostly used for internal communications and it
does not use public IP.
a. What is a subnet?
subnet can be simply
said as range of IP address
/8 - 255.0.0.0
/9 - 255.128.0.0
/10 - 255.192.0.0
/16 - 255.255.0.0
/24 - 255.255.255.0
b. What is a routing table?
Routing tables
consist set of rules which allow network traffic from subnets or gateway to desired endpoints and this will be
discussed further.
c. What is an internet gateway?
· The Internet gateway is used to provide an access point for routing table allows internet and perform network address translation (NAT)
· IPv4-it is a 32bit number which consists less range than IPv6
· IPv6-it is a 128 bit and it is bigger than IPv4. it can have many no of IP ranges which will never end, or the user doesn’t require that large range.
2. What is Security groups?
security group is a firewall that controls incoming and outgoing traffic. Security groups have rules that you can specify rules and you can separate rules for inbound and outbound. For each instance, we can use the existing security group or create a new security group.
3. What is Ec2 instance?Amazon Ec2 instance is elastic cloud compute which provide virtual computer or servers that are secured, resizable compute in the Amazon web services. It is used in diverse ranges from small to large scales. The ec2 instance is implemented within a fraction of seconds.
4. What is putty?
Putty is used to connecting the instances using SSH or SCP. it is in the command line interface which is more like a terminal.
5. What is puttygen?
1. no overlapping IP, each VPC should be in different range.
2. There is no transit, this is one to one connectivity. it should be a dedicated peering connection.
Process of
connecting VPC’S Peering connection
Create orange VPC under VPC in aws
In IPv4 IP address as 172.16.0.0/16 and click on create VPC
Create another green VPC as the same above process for
peering connection
use IP address as given above and it should be unique. Enable DNS hostnames for both the VPC for connecting to the instance later
Now create subnets according to VPC as givenCreate an orange subnet using IPv4 address as 172.16.1.0/24
Now create another subnet as green as following above
but with different IP as 10.1.1.0/24
Modify auto-assign IPv4 for both the subnets
Enable auto-assign IPv4
Do the Same for the orange subnet enable auto-assign IPv4 address
Next, we need to create routing tables for both the subnets like green and orange and add subnets into the subnets association
Now under subnet associations add orange subnet
Add green subnet
Edit routes under routes in the routing table
Add destination as 0.0.0.0/0 and select green internet
gateway
Do the same for the orange routing table (routes) add
orange gateway and save routes
Now add internet gateway to both VPC’s
Attach internet gateway to VPC using the below process
Create another internet gateway for green VPC as same
above process
Create and add VPC to the internet gateway
Now create the same entire process in another region named as blue
Create a VPC name as blue VPC
Give IPv4 address as 192.168.0.0/16, go subnet and create a subnet
Modify auto-assign IP settings and enable IPv4
auto-assign
Create a routing table and add a blue subnet to the
subnet association
Enable DNS hostname to the VPC
Add internet gateway to the VPC
Now attach the internet gateway to the VPC
Now coming to the next task, we need to create
instances for every VPC according to the names
Follow below process
First, we will start with green, orange and blue
Now scroll down and under the network interface set
Primary IP as 10.1.1.100
Add storage
which defaults no change and click on add tags, add the name as given above
green
add all traffic rule in rules and source to anywhere these just for demonstration but in real life, we should give this
Launch the instance
Now create new
key pairs for the instance and save the key pairs in your desktop
Create another
instance for orange VPC using same above process but in network interface
change the VPC to orange VPC and network interface primary IP address
Under the network
interface give Primary IP as 172.16.1.100
And do the same
process as done in creating in green instance you can give the same keypairs or
different key pairs for orange instance and launch the instance
Now we need to go to the actual task that is to create a peering connection between orange VPC and green VPC using peering connections so instances can communicate
Create a peering connection in the region after that we need to accept the peering connection
Go to the routing
table and edit as routing as shown below to add a connection between the VPC’s
First, select any one of the routes either green or orange
Give
destination as 172.16.0.0/16
it is orange VPC
Do the same for the orange routing table but with the destination as 10.1.0.0/16
Now ping
between two instances using putty as shown below
For conversion of PEM files into PPK follow below steps
Select the PEM file and open
It will as for password protect avoid that by just clicking yes
Now open putty.exe and copy the public DNS hostname which is in the instance menu and place it in putty
Type as ec2-user@ec2-100-27-33-212.compute-1.amazonaws.com
Now SSH and Auth then select
your PPK file
Browser PPK and then open
Now ping to the
orange server IP address as 172.16.1.100
The peering
connection was successfully established
Now we will try
to connect another region N.California which is a blue server
First, we need
to create an instance for blue VPC instance creation is already done in the
above green and orange VPC follow the same process with different IP
 |
Under the network
interface give the primary IP-address as 192.168.1.100
Next, add
storage and add tags and then security groups
Launch the
instance and create new key pairs as shown above
Create peering connection between green to blue and orange to blue using peering connections in VPC
copy the VPC-id
of green VPC and place in VPC accepter in shown below
Create a peering
connection and accept the peering connection in green VPC in another region
We need to edit
routes for the blue routing table and green routing table first we will do for
blue routing table and then green
Edit routes and
IP address of green VPC and save routes
Do the same for
the green routing table but add the IP address of blur VPC
Now open putty and
ping between these two servers
Open blue
instance by following above given methods for opening green instance follow
those methods to open putty under blue instance after that ping to green
private IP address
Successfully
established the connection between green VPC to blue VPC
Now do the same
process for orange VPC to blue VPC
Create peering
connection in blue VPC
Create a peering
connection and accept the connection in orange VPC and edit routes in the orange
routing table
Now edit
routing tables in both orange and blue routing table we will start with the blue
routing table
Do the same for
the orange routing table with IP address of 192.168.0.0/16
Save routes open
blue instance using putty and ping to the orange instance, opening putty is
shown above for opening green instance follow above the same process and start
doing ping
A connection successfully
established between orange to blue VPC
No comments:
Post a Comment