BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Inter-Region Virtual Private Cloud Peering in AWS

Inter-Region Virtual Private Cloud Peering in AWS

This item in japanese

Bookmarks

In a recent post on the AWS News Blog Jeff Barr, chief evangelist for AWS, explained the new Inter-Region Virtual Private Cloud (VPC) peering feature. At the recent AWS re:Invent conference, held in Las Vegas, USA, Amazon announced the support for Inter-Region VPC peering. With this feature, AWS customers can establish communication between their VPC peered resources running in different regions without the need for additional gateways, VPN connections or separate network appliances.

Since 2014 customers can create peering between VPCs within the same region and now they can choose between regions. Jon Topper, CTO and co-CEO at The Scale Factory, shared his thoughts after re:Invent 2017 in an ITProPortal article on the advantages of Inter-Region Peering:

Until now, when working with customers who require a presence in multiple regions, we have to build and configure VPN networking infrastructure to support it, which also needs monitoring, patching and so forth. With inter-region VPC peering, all that goes away: we’ll be able just to configure a relationship between two VPCs in different regions, and Amazon will take care of the networking for us, handling both security and availability themselves.

A VPC-peering connection leverages existing AWS infrastructure and does not require gateways, VPN connections or separate network appliances. A peering connection between regions enables customers to share resources between VPCs, or centralize resources in one VPC and make them available to other VPCs. Moreover, Inter-region VPC peering offers a high degree of isolation between AWS regions, and as such customers can choose geographic locations for compute and storage resources to comply with regulatory requirements and other constraints.  

Image resource: https://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/Welcome.html

A typical setup for Inter-region peering begins with configuring a VPC in a region, and creating a peering connection with another region using either the AWS Management Console, the VPC APIs, the AWS Command Line Interface (CLI), or the AWS Tools for Windows PowerShell. 
 
Image source: https://aws.amazon.com/blogs/aws/new-almost-inter-region-vpc-peering/

After a peering connection is created, a request is sent to the other region, where it can be accepted. The next step involves creating route table entries in each region to route IPv4 traffic between them. Data traveling between VPCs over the AWS global network is encrypted. Jeff Barr explained the data encryption on the news blog:

The data is encrypted in AEAD fashion using a modern algorithm and AWS-supplied keys that are managed and rotated automatically. The same key is used to encrypt traffic for all peering connections; this makes all traffic, regardless of the customer, look the same. This anonymity provides additional protection in situations where your inter-VPC traffic is intermittent.

Inter-Region VPC Peering is available in the US East (Northern Virginia), US East (Ohio), US West (Oregon), and EU (Ireland) Regions and for IPv4 traffic. More information on Inter-Region VPC Peering is available at the AWS Documentation website.
 

Rate this Article

Adoption
Style

BT