PUBLIC CLOUD > Networks > VPC Network - Peering > Requirements for creating peering routes

1.3 Requirements for creating peering routes

Configure security groups

To allow data traffic to pass through a peering route, you must configure a security group for each of the networks involved in the peering: within each security group, create inbound and outbound rules that allow communication with the other network's address.
Once you assign the created security groups to the Cloud Servers, they will be able to communicate via the peering route.
  • Assume the following subnets for the two VPC Networks:
    • 10.0.0.0/16 for the SOURCE VPC Network
    • 192.168.0.0/16 for the DESTINATION VPC Network
  • Make sure the two security groups for the two VPC Networks do not overlap.
  • Check that the Cloud Servers (in the two VPC Networks) are correctly attached to the security groups of their respective VPC Networks:
    • In the security group of the SOURCE VPC Network (10.0.0.0/16) add:
      • inbound rule: 192.168.0.0/16
      • outbound rule: 192.168.0.0/16
    • in the security group of the DESTINATION VPC Network (192.168.0.0/16) add:
      • inbound rule: 10.0.0.0/16
      • outbound rule: 10.0.0.0/16
    In a production environment, it is advisable to limit protocols and ports strictly to those necessary to increase security.
     
    If the Cloud Servers (in the VPC Networks) already have associated security groups, check that the inbound and outbound rules allow communication between the two VPC Networks.
  • Check that the peering service between the two VPC Networks is working correctly.

Create a peering

  • The IP address ranges of the two subnets (source and destination) in the two VPC Networks must be unique not only relative to each other but also within the two VPC Networks you are connecting via peering. We recommend not using automatically created subnets; create dedicated ones instead.
  • Create a peering link between the two VPC Networks involved;
  • check that the peering status is Active;
  • make sure the CIDRs of the two VPC Networks do not overlap;
  • before configuring peering between two VPC Networks, it is essential to ensure that the subnet IP spaces do not overlap. If there is overlap, network traffic cannot be routed correctly because the system would not know which network to direct the traffic to:
    • Example of overlap (not allowed)
      • 10.0.0.0/16 for SOURCE VPC Network
      • 10.0.0.0/24 for DESTINATION VPC Network
      • In this case, the subnet of the DESTINATION VPC Network (10.0.1.0/24) is contained within the subnet of the SOURCE VPC Network (10.0.0.0/16), causing an overlap;
    • Correct example (allowed)
      • 10.0.0.0/16 for SOURCE VPC Network
      • 192.168.0.0/16 for DESTINATION VPC Network
      • In this case, the IP spaces are distinct and the peering can be created successfully.


 

Not found the answers you are looking for?
GET SUPPORT

Not a customer? Get the voucher code and take a test drive.
START NOW