Network > Peering Gateway > Console User Guide
This guide describes how to use the Peering Gateway service from the console.
Peering
Peering is a feature to connect two different VPCs. Normally, VPCs cannot communicate with each other because they are in different network zones. You can connect them using a floating IP, but it incurs extra charges depending on your network usage. However, the peering feature allows you to connect two VPCs at no additional cost.
- Peering connects two different VPCs. Connecting to another VPC across a VPC is not supported. For example, in the
A <-> B <-> C
connection, A
and C
cannot be connected.
- If you want to connect to a different VPC through a peer VPC, configure the Route settings provided from Peering so that the packets are delivered via VM instances.
[Note] For how to use Route, see "Common Feature > Route" below.
- If the IP address ranges of the two VPCs overlap, they cannot be used.
Each IP address range must not be a subset of the other. Otherwise, peering creation will fail.
- In regions other than the Korea regions, communication with subnets not associated with the Default Routing Table is not possible.
- In the Korea regions, separate routes must be configured in the routing tables of both peered VPCs to enable communication.
- Add the route by entering the IP address range of the counterpart VPC in the route's Target CIDR, and selecting the PEERING entry with the name of the peering from the gateway list.
- Communication is possible only with subnets associated with the routing table to which the route has been added.
- For a routing table other than the default routing table, if the route is added to the routing table, peer communication becomes available on subnets associated with the routing table.
- If you specify a VPC without a subnet when creating a peering, the peering creation fails.
Create a Peering
- Go to Network > Peering Gateway > Peering.
- Click Create Peering.
- Enter a name and select Local VPC, Peer VPC.
Delete a Peering
- Go to Network > Peering Gateway > Peering.
- In the peering list, select the peering you want to delete.
- Click Delete Peering.
Region Peering
Region peering is a feature to connect two VPCs created in different regions. Peering can be used to connect VPCs in the same region, but it cannot be used to connect VPCs in different regions. However, region peering allows you to connect two VPCs in different regions.
- Region peering connects two VPCs in different regions. Connecting to another VPC across a VPC is not supported. For example, in the
A <-> B <-> C
connection, A
and C
cannot be connected.
- If you want to connect to a different VPC through a peer VPC, configure the Route settings provided from Peering so that the packets are delivered via VM instances.
[Note] For how to use route,
- You can connect to the same project, different projects, or both.
- When you create a region peering, it is automatically created in the other connected region.
- When you delete a region peering, it is automatically deleted from the other connected region.
- If the IP address ranges of the two VPCs overlap, they cannot be used.
- You cannot create duplicate VPC connections.
- Communication becomes available after configuring additional routes in the routing tables of both peered VPCs.
- Add the route by entering the IP address range of the counterpart VPC in the route's Target CIDR, and selecting the INTER_REGION_PEERING entry with the name of the region peering from the gateway list.
- Communication is possible only with subnets associated with the routing table to which the route has been added.
- For a routing table other than the default routing table, if the route is added to the routing table, peer communication becomes available on subnets associated with the routing table.
- If you specify a VPC without a subnet when creating a region peering, the region peering creation fails.
Create a Region Peering
[Note]
To create a region peering between different projects, your project's tenant ID and VPC ID must be allowed in the peer project's peering allowed targets. This is not required when creating a region peering within the same project.
Before you can create a region peering between different projects, you must send your tenant ID and VPC ID to the administrator of the peer project and request to register the information with the peering allowed targets.
Once the peer project has registered the information, you can create a project peering according to the following steps.
For how to use the peering allowed targets, see the "Common Feature > Peering Allowed List" .
- Go to Network > Peering Gateway > Region Peering.
- Click Create Region Peering.
- Select a name, local VPC, and peer region.
- Select a peer tenant.
- There is no additional input required when selecting the same tenant.
- When you select a different tenant, you must enter the peer tenant ID.
[Note] Peer tenant ID
For the peer tenant ID, see the "References" section below.
- Enter a peer VPC ID.
[Note] Peer VPC ID
For the peer tenant ID, see the "References" section below.
Delete a Region Peering
- Go to Network > Peering Gateway > Region Peering.
- In the peering list, select the region peering you want to delete.
- Click Delete Region Peering.
Project Peering
Project peering is a feature to connect two VPCs created in different projects. Peering can be used to connect VPCs in the same project, but it cannot be used to connect VPCs in different project. However, the project peering feature allows you to connect two VPCs in different projects.
- Project peering connects two VPCs in different projects. Connecting to another VPC across a VPC is not supported. For example, in the
A <-> B <-> C
connection, A
and C
cannot be connected.
- If you want to connect to a different VPC through a peer VPC, configure the Route settings provided from Peering so that the packets are delivered via VM instances.
[Note] For how to use route, see "Common Feature > Route" below.
- Only two VPCs in different projects in the same region can be connected.
- When you create a project peering, it is automatically created in the other connected project.
- When you delete a project peering, it is automatically deleted from the other connected project.
- If the IP address ranges of the two VPCs overlap, they cannot be used.
- You cannot create duplicate VPC connections.
- Communication becomes available after configuring additional routes in the routing tables of both peered VPCs.
- Add the route by entering the IP address range of the counterpart VPC in the route's Target CIDR, and selecting the INTER_PROJECT_PEERING entry with the name of the project peering from the gateway list.
- Communication is possible only with subnets associated with the routing table to which the route has been added.
- For a routing table other than the default routing table, if the route is added to the routing table, peer communication becomes available on subnets associated with the routing table.
- If you specify a VPC without a subnet when creating a project peering, the project peering creation fails.
Create a Project Peering
[Note]
To create a project peering, your project's tenant ID and VPC ID must be allowed in the peering allowed targets of the peer project.
Before you can create a project peering, you must send your tenant ID and VPC ID to the administrator of the peer project and request to register the information with the peering allowed targets.
Once the peer project has registered the information, you can create a project peering according to the following steps.
For how to use the peering allowed targets, see the "Common Feature > Manage Peering Allowed Targets" .
- Go to Network > Peering Gateway > Project Peering.
- Click Create Project Peering.
- Enter Name, Local VPC, Peer Region, Peer Tenant ID, and Peer VPC ID.
[Note] Peer Tenant ID, Peer VPC ID
See the "Other Considerations" section below for information on how to determine the peer tenant ID and peer VPC ID.
Delete a Project Peering
- Go to Network > Peering Gateway > Project Peering.
- In the peering list, select the project peering you want to delete.
- Click Delete Project Peering.
Common Feature
Describes the common feature provided by peering (peering, region peering, and project peering).
Manage Peering Allowed Targets
The Region Peering, Project Peering page submenu allows you to set up a peering connection request between different projects on the receiving end. Enter the peer tenant ID of the VPC sending the request and the peer VPC ID to add it to the peering allowed VPCs and allow the peer to accept the request.
Add an Peering Allowed Target
- Go to*Network >* Peering*Gateway > Region Peering* or Network > Peering Gateway > Project Peering.
- Click Manage Peering Allowed Targets.
- Click Add Peering Allowed VPC.
- Enter Name, Peer Tenant ID and Peer VPC ID and click Confirm.
[Note] Peer Tenant ID, Peer VPC ID
To find out the peer tenant ID and peer VPC ID, see the References section below.
Delete a Peering Allowed Target
- Go to*Network >* Peering*Gateway > Region Peering* or Network > Peering Gateway > Project Peering.
- Click Manage Peering Allowed Targets.
- In the Peering Allowed VPCs, click Delete for the target you want to delete.
Route
The Route settings provided from Peering allows you to make a configuration where traffic is delivered to a different VPC via VM instances of a peer VPC. The peering's route allows you to specify and configure a VM instance's port and virtual IP port that processes all incoming traffic from the peering. By deploying Network Virtual Appliance VM in a VM instance that serves as the route's gateway, you can control traffic in the VM instance and deliver it to a different peering.
* If you want to configure a Hub and Spoke VPC connection through peering and control all traffic with Network Virtual Appliance located in the Hub VPC, you can use the routing feature of Peering.
Create Route
- Select a peering to configure Route
- Select Route at the bottom tab
- Select Change Route
[Note] For peering, there are two buttons. Change Peer Route means adding a route to the Peer VPC selected when creating a peering, and Change Local Route means the location for Local VPC.
- Click the + button.
- Enter the target CIDR.
- Select a gateway.
> [Note] For gateway, only instances and virtual IPs can be seleted.
- Click the Confirm button.
Delete Route
- Select a peering for which you want to delete the route settings.
- Select a route at the bottom tab.
- Click the Change Route button.
> [Note] For peering, there are two buttons. Change Peer Route means adding a route to the Peer VPC selected when creating a peering, and Change Local Route means the location for Local VPC.
- Click the - button for the route to delete.
- Click the Confirm button.
Other Considerations
How to check peer VPC ID
Check the VPC ID according to the following steps.
[Note] If you don't have access to the project that the peer VPC belongs to, ask the administrator of the peer project to provide you with the VPC ID.
- Access the console screen of the peer project.
- Go to Network > VPC > Management.
- Choose the peering target VPC.
- Copy the UUID value shown in Basic Information > VPC Name.
How to check the peer tenant ID
Check the Tenant ID according to the following steps.
[Note] If you do not have access to the peer project, obtain a tenant ID from the administrator of the peer project.
- Access the console screen of the peer project.
- Go to Network > VPC > Management.
- Select one of the peering targets or any of the VPCs shown on the screen.
- Copy the ID value shown in **Basic Information > Tenant ID.