Transitive VPC peering on Huawei Cloud

Photo by Chad Madden on Unsplash

In this article here, I will explain how to build a simple transitive VPC peering between 3 VPCs. on Huawei cloud.

VPC: The Virtual Private Cloud (VPC) service enables you to provision logically isolated, configurable, and manageable virtual networks for cloud servers, cloud containers, and cloud databases, improving cloud service security and simplifying network deployment.

VPC Peering: VPC Peering allows two VPCs in the same region to communicate with each other using private IP addresses.

How to build a transitive VPC peering?

By default VPC peering are not transitive, that means, say if we have three VPCs A, B and C, and we have peering connections between A-B and A-C, then by default B-C can’t communicate with each other.

To build a setup where B-C communicate with other, we need setup extra routes while creating peering-1 and peering-2 allow destination CIDR ranges of B, C to send traffic between each other.

These are the steps to create a transitive VPC peering.

1. For suppose CIDR ranges for VPCs A are 10.10.0.0/16, B are 10.20.0.0/16 and C are 10.30.0.0/16, and assume A as our hub and B, C are our spokes.
2. Create a VPC peering connection peering-1 between A-B
3. Go to the VPC service section and select VPC peering
4. Create VPC peering, provide values of the hub/Local VPC i.e A and peer connection i.e B
5. Now update the peering route table, in local route of peering-1 provide VPC B’s CIDR range i.e 10.20.0.0/16 as destination and select next hop type as VPC peering connection, and select peering-1 as the next hop, add description.
6. Update peer route, we need to add two peer routes here:
7. One peer route for VPC A, i.e 10.10.0.0/16 and next hop type as VPC peering connection and select peering-1 as the next hop, add description.
8. Second peer route for VPC C, i.e 10.30.0.0/16 and next hop type as VPC peering connection and select peering-1 as the next hop, add description.
9. Now we will create VPC peering peering-2 between A-C.
10. Go to the VPC service section and select VPC peering
11. Create VPC peering, provide values of the hub/Local VPC i.e A and peer connection i.e C
12. Now update the peering route table, in local route of peering-1 provide VPC C’s CIDR range i.e 10.30.0.0/16 as destination and select next hop type as VPC peering connection, and select peering-1 as the next hop, add description.
13. Update peer route, we need to add two peer routes here:
14. One peer route for VPC A, i.e 10.10.0.0/16 and next hop type as VPC peering connection and select peering-1 as the next hop, add description.
15. Second peer route for VPC B, i.e 10.20.0.0/16 and next hop type as VPC peering connection and select peering-1 as the next hop, add description.
16. To test this setup, create an ECS instance in each VPC subnet, and create one security group for each ECS instance allow ICMP, telnet protocols from each CIDR range of A,B,C.
17. To further reduce the number of IPs which can access this transitive VPC setup, we can add individual subnet CIDR or instance IPs to the route.

Transitive VPC peering topology

Thanks ….