██FR█████ █INTELL███████████

A Comprehensive Guide to VPC Peering in GCP and Azure


This content originally appeared on DEV Community and was authored by Daberechi

Introduction

VPC peering is a powerful networking feature that enables private communication between two Virtual Private Clouds (VPCs) within or across cloud providers. This guide covers:

  • What VPC peering is
  • Key benefits
  • Step-by-step setup in GCP and Azure -Best practices and considerations
  1. What is VPC Peering?

VPC peering (or VNet peering in Azure) establishes a direct, private connection between two VPCs using internal IP addresses. Traffic stays within the cloud provider’s backbone, avoiding public internet exposure.

GCP: Called VPC Network Peering.

Azure: Called Virtual Network (VNet) Peering.

  1. Advantages of VPC Peering

i. Secure & Private: No public internet exposure.
ii. Low Latency: Traffic routes through the cloud provider’s internal network.
iii. Cost-Efficient: Avoids data transfer fees over public networks.
iv. Simplified Architecture: No need for VPNs or NAT gateways.
V. Global Reach (GCP): Supports cross-region peering.

Now, let’s dive into creating our VPC peering

Step 1: Creating of Projects
We are going to create two projects in our GCP because we want to peer VMs across different GCP projects.

  • Login to your Google console
  • Navigate to Resources Group
  • Click on manage resources
  • Click on new project

Image description

  • Let’s name it project-a
  • Create
  • Create another project by following the above steps and name it project-b

Step 2: Set Up VPC Networks & Subnets

  • Go to your project-a and click it
  • Search VPC network and click it

Image description

  • Click on create VPC
  • Let’s name it vpc-a
  • under subnets, let’s name the subnet subnet-a
  • Choose your region
  • Under IP stack, choose IPV4 (single stack)
  • Put the IP address (10.0.0.0/24)

  • Then create

  • Go to your project-b

  • Search VPC network and click on it

  • Click create VPC

  • Let’s name it vpc-b

  • Subnet section, let’s name the subnet subnet-b

  • Choose your region

  • Under IP stack, choose IPV4 (single stack)

  • Put the IP address (192.168.0.0/24)
    Then create
    Note: Ensure that the two VPC and subnets must not have the same IP address to avoid overlap

Step 3: Launch VMs in Each VPC

  • Go to your project-a and click on it
  • Search compute engine
  • Click on create instance

Image description

  • Let’s name it VM-a
  • Choose your region and zone
  • Scroll down to boot disk
  • Click on change
  • Under operating system, select the OS you want. I will be using Ubuntu
  • Click on select
  • Click on advance
  • Click on network
  • Click on vpc-a
  • Click on create

Create VM for project-b
Follow the above steps

  • Name it VM-b
  • Network is vpc-b

Step 4: Configure Firewall Rules

  • Go to your project-a, search VPC network and click on it
  • Click on firewalls
  • Click on create firewalls rule
  • Let’s name it allow-vpc-peering
  • Scroll down to target, select all instance in the network
  • Under source filter, leave it at IPV4 range
  • Under source IP, put 192.168.0.0/24 ( Project-b’s subnet)
  • Under protocol and port, put Allow all (for testing) or if you want to restrict, select TCP, then put 22 (SSH)

Image description

  • Click on other, and type ICMP

-Go to your project-b and repeat the above steps

  • Name it allow-vpc-peering
  • Source IP, put 10.0.0.0/24 (project-a subnet)

Step 5: Establish VPC Peering

  • Go to your project-a
  • Search VPC network
  • Click on vpc-a peering
  • Click create VPC connection
  • Click continue

Image description

  • Let’s name it peer-a-to-b
  • In VPC network, select your vpc-a
  • In peer VPC network, select “in another project”
  • Go to your project-b, click it and copy the ID
  • Paste it under “in peer VPC network” in your project-a

Image description

  • Type vpc-b in VPC network name
  • Configure Routes by enabling ” Export custom routes” and “Import custom routes”
  • Create

Go to your project-b

  • search VPC network, then click VPC peering
  • Click on create connection
  • Click continue
  • Let’s name it peer-b-to-a
  • Your VPC network, choose vpc-a
  • Choose another network
  • Then put the ID of project-a
  • Then put vpc-a under name of vpc network
  • Configure Routes by enabling “Export custom routes” and “Import custom routes”
  • Click create

Step 6: Test Connectivity

  • Go to your project-a
  • Search compute engine
  • Click VM instance
  • Click on SSH
  • Ping VM-b internal IP by typing ping 192.168.0.2

  • Test SSH by typing ssh @192.168.0.2

  • Go to your project-b

  • Search compute engine

  • Click on VM instance

  • Click on SSH

  • Ping VM-a internal IP by typing ping 10.0.0.2

  • Test SSH by typing ssh @10.0.0.2

Now that we are done with GCP, let’s move on to Azure peering

Step 1: Firstly, create a Resource group

Step 2: Create two Vnet ( Virtual Network)

  • Go to your Azure portal
  • Search and click on virtual networks
  • Click on create

Image description

  • Choose your resource group
  • Let’s name our Vnet Vnet-a
  • Choose your region
  • click on IP address
  • Delete the default IP address and click on add subnet
  • Let’s name the subnet subnet-a
  • Click on review+create
  • Create

Create another Virtual Network

  • Choose the same resources group
  • Let’s name it Vnet-b
  • Maintain the same region
  • Click on security and enable encryption
  • Click on IP address
  • Put an IP address (192.168.0.0/16)
  • Choose /16 in the next space
  • Delete the default IP address and click on add subnet
  • Let’s name the subnet subnet-b
  • Click on review+create
  • Then create

Steps 3: Let’s deploy VMs

  • Go to your Azure portal
  • Search and click on virtual machine
  • Click on create

Image description

  • Choose your resource group
  • Let’s name our VM VM-a
  • Under image, I will select Ubuntu 20.04
  • Enable _x64
  • Under authentication type, use SSH key
  • Give your VM a username
  • Open powershell and create SSH key (ssh-keygen -t rsa -b 4096)
  • Copy the public SSH key
  • Go back to your VM creation page
  • Click on the drop-down button in ssh public key source and select use existing public key
  • Paste the SSH public key you copied
  • Go to network
  • Select your Vnet-a in virtual networks section
  • Scroll down and enable delete public IP and NIC when VM is deleted
  • Click review+create
  • Create

Create another Virtual Machine for Vnet-b
Repeat the above steps

Step 3: Creating ICMP and SSH firewall rules in the two vms to allow pinging

  • Click on VM-a
  • Click on network settings
  • Click on port rule
  • Click on inbound port rule
  • In destination, click ICMP
  • Put Allow in Action
  • Then click add

  • Do it again for SSH

  • Click on VM-b
    Repeat the above steps and configure the rules for VM-b

Steps 4: Create VNet Peering

  • On your Azure portal, search and click on virtual networks
  • Click on Vnet-a
  • Click on settings and click on peering
  • Click on add
  • Let’s name it vnet-a-to-vnet-b

Image description

  • Select Vnet-b in virtual networks
  • Under local virtual networks summary, peering link name, put vnet-a-to-vnet-b
  • Then add Do the same for VM-b

Step 5: Test the Connection

  • Open your mobaxterm
  • Copy the public IP address of any of the VM, put it in your mobaxterm (where you see host IP)
  • Put your private SSH key
  • Click ok
  • Once you have successfully login, type sudo apt update
  • then type hostname

Image description

  • ping the public IP address of VM-b if you are logged in VM-a

Conclusion

We have come to the end of today’s section where we learn how to peer VMs in GCP and Azure.
Please try this steps and give me a feedback.
I am open to corrections and questions.

From your favorite girl
Dabbie✌


This content originally appeared on DEV Community and was authored by Daberechi