Configurations with Routes to an Entire CIDR Block

Sharing is caring!

This section demonstrates the configuration for VPC peering connections in which you configure your route tables to access to the entire CIDR block of the peer VPC. For more information about scenarios in which you might need a specific VPC peering connection configuration,

Two VPCs Peered Together

You have a VPC peering connection (pcx-11112222) between VPC A and VPC B, which are in the same AWS account, and do not have overlapping CIDR blocks.

You may want to use this kind of configuration when you have a two VPCs that require access to each others’ resources. For example, you set up VPC A for your accounting records, and VPC B for your financial records, and now you want each VPC to be able to access each others’ resources without restriction.
The route tables for each VPC point to the relevant VPC peering connection to access the entire CIDR block of the peer VPC.

Route Table Destination Target
VPC A 172.16.0.0/16 Local
10.0.0.0/16 pcx-11112222
VPC B 10.0.0.0/16 Local
172.16.0.0/16 pcx-11112222

One VPC Peered with Two VPCs

You have a central VPC (VPC A), and you have a VPC peering connection between VPC A and VPC B (pcx-12121212), and between VPC A and VPC C (pcx-23232323). The VPCs are in the same AWS account, and do not have overlapping CIDR blocks.

You may want to use this ‘flying V’ configuration when you have resources on a central VPC, such as a repository of services, that other VPCs need to access. The other VPCs do not need access to each others’ resources; they only need access to resources on the central VPC.

Note

VPC B and VPC C cannot send traffic directly to each other through VPC A. VPC peering does not support transitive peering relationships, nor edge to edge routing. You must create a VPC peering connection between VPC B and VPC C in order to route traffic directly between them. For more information,

The route tables for each VPC point to the relevant VPC peering connection to access the entire CIDR block of the peer VPC.

Route Table Destination Target
VPC A 172.16.0.0/16 Local
10.0.0.0/16 pcx-12121212
192.168.0.0/16 pcx-23232323
VPC B 10.0.0.0/16 Local
172.16.0.0/16 pcx-12121212
VPC C 192.168.0.0/16 Local
172.16.0.0/16 pcx-23232323

Three VPCs Peered Together

You have peered three VPCs together in a full mesh configuration. The VPCs are in the same AWS account and do not have overlapping CIDR blocks:

  • VPC A is peered to VPC B through VPC peering connection pcx-aaaabbbb
  • VPC A is peered to VPC C through VPC peering connection pcx-aaaacccc
  • VPC B is peered to VPC C through VPC peering connection pcx-bbbbcccc

You may want to use this full mesh configuration when you have separate VPCs that need to share resources with each other without restriction; for example, as a file sharing system.
The route tables for each VPC point to the relevant VPC peering connection to access the entire CIDR block of the peer VPCs.

Route Tables Destination Target
VPC A 172.16.0.0/16 Local
10.0.0.0/16 pcx-aaaabbbb
192.168.0.0/16 pcx-aaaacccc
VPC B 10.0.0.0/16 Local
172.16.0.0/16 pcx-aaaabbbb
192.168.0.0/16 pcx-bbbbcccc
VPC C 192.168.0.0/16 Local
172.16.0.0/16 pcx-aaaacccc
10.0.0.0/16 pcx-bbbbcccc

One VPC Peered with Multiple VPCs

You have a central VPC (VPC A) that’s peered to the following VPCs:

  • VPC B through pcx-aaaabbbb
  • VPC C through pcx-aaaacccc
  • VPC D through pcx-aaaadddd
  • VPC E through pcx-aaaaeeee
  • VPC F through pcx-aaaaffff
  • VPC G through pcx-aaaagggg

VPC A is peered with all other VPCs, but the other VPCs are not peered to each other. The VPCs are in the same AWS account and do not have overlapping CIDR blocks.

Note

None of the other VPCs can send traffic directly to each other through VPC A. VPC peering does not support transitive peering relationships, nor edge to edge routing. You must create a VPC peering connection between the other VPCs in order to route traffic between them.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.