VPC peering configurations with routes to an entire VPC - Amazon Virtual Private Cloud

VPC peering configurations with routes to an entire VPC

You can configure VPC peering connections so that your route tables have access to the entire CIDR block of the peer VPC. For more information about scenarios in which you might need a specific VPC peering connection configuration, see VPC peering connection networking scenarios. For more information about creating and working with VPC peering connections, see Work with VPC peering connections.

For more information about updating your route tables, see Update your route tables for a VPC peering connection.

Two VPCs peered together

In this configuration, there is a peering connection between VPC A and VPC B (pcx-11112222). The VPCs are in the same AWS account and their CIDR blocks do not overlap.

Two VPCs peered together

You might use this configuration when you have two VPCs that require access to each others' resources. For example, you set up VPC A for your accounting records and VPC B for your financial records, and these each VPC must be able to access resources from the other VPC without restriction.

Single VPC CIDR

Update the route table for each VPC with a route that sends traffic for the CIDR block of the peer VPC to the VPC peering connection.

Route table Destination Target
VPC A VPC A CIDR Local
VPC B CIDR pcx-11112222
VPC B VPC B CIDR Local
VPC A CIDR pcx-11112222
Multiple IPv4 VPC CIDRs

If VPC A and VPC B have multiple associated IPv4 CIDR blocks, you can update the route table for each VPC with routes for some or all of the IPv4 CIDR blocks of the peer VPC.

Route table Destination Target
VPC A VPC A CIDR 1 Local
VPC A CIDR 2 Local
VPC B CIDR 1 pcx-11112222
VPC B CIDR 2 pcx-11112222
VPC B VPC B CIDR 1 Local
VPC B CIDR 2 Local
VPC A CIDR 1 pcx-11112222
VPC A CIDR 2 pcx-11112222
IPv4 and IPv6 VPC CIDRs

If VPC A and VPC B have associated IPv6 CIDR blocks, you can update the route table for each VPC with routes for both the IPv4 and IPv6 CIDR blocks of the peer VPC.

Route table Destination Target
VPC A VPC A IPv4 CIDR Local
VPC A IPv6 CIDR Local
VPC B IPv4 CIDR pcx-11112222
VPC B IPv6 CIDR pcx-11112222
VPC B VPC B IPv4 CIDR Local
VPC B IPv6 CIDR Local
VPC A IPv4 CIDR pcx-11112222
VPC A IPv6 CIDR pcx-11112222

One VPC peered with two VPCs

In this configuration, there is a central VPC (VPC A), a peering connection between VPC A and VPC B (pcx-12121212), and a peering connection between VPC A and VPC C (pcx-23232323). All three VPCs are in the same AWS account and their CIDR blocks do not overlap.

One VPC peered with two VPCs

VPC B and VPC C can't send traffic directly to each other through a VPC A, because VPC peering does not support transitive peering relationships. You can create a VPC peering connection between VPC B and VPC C, as shown in Three VPCs peered together. For more information about unsupported peering scenarios, see VPC peering limitations.

You might use this configuration when you have resources on a central VPC, such as a repository of services, that other VPCs need to access. The other VPCs do not need access to each others' resources; they only need to access resources in the central VPC.

Update the route table for each VPC as follows to implement this configuration using one CIDR block per VPC.

Route table Destination Target
VPC A VPC A CIDR Local
VPC B CIDR pcx-12121212
VPC C CIDR pcx-23232323
VPC B VPC B CIDR Local
VPC A CIDR pcx-12121212
VPC C VPC C CIDR Local
VPC A CIDR pcx-23232323

You can extend this configuration to additional VPCs. For example, VPC A is peered with VPC B through VPC G using both IPv4 and IPv6 CIDRs, but the other VPCs are not peered to each other. In this diagram, the lines represent VPC peering connections.

One VPC peered with two VPCs

Update the route table as follows.

Route table Destination Target
VPC A VPC A IPv4 CIDR Local
VPC A IPv6 CIDR Local
VPC B IPv4 CIDR pcx-aaaabbbb
VPC B IPv6 CIDR pcx-aaaabbbb
VPC C IPv4 CIDR pcx-aaaacccc
VPC C IPv6 CIDR pcx-aaaacccc
VPC D IPv4 CIDR pcx-aaaadddd
VPC D IPv6 CIDR pcx-aaaadddd
VPC E IPv4 CIDR pcx-aaaaeeee
VPC E IPv6 CIDR pcx-aaaaeeee
VPC F IPv4 CIDR pcx-aaaaffff
VPC F IPv6 CIDR pcx-aaaaffff
VPC G IPv4 CIDR pcx-aaaagggg
VPC G IPv6 CIDR pcx-aaaagggg
VPC B VPC B IPv4 CIDR Local
VPC B IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaabbbb
VPC A IPv6 CIDR pcx-aaaabbbb
VPC C VPC C IPv4 CIDR Local
VPC C IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaacccc
VPC A IPv6 CIDR pcx-aaaacccc
VPC D VPC D IPv4 CIDR Local
VPC D IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaadddd
VPC A IPv6 CIDR pcx-aaaadddd
VPC E VPC E IPv4 CIDR Local
VPC E IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaaeeee
VPC A IPv6 CIDR pcx-aaaaeeee
VPC F VPC F IPv4 CIDR Local
VPC F IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaaffff
VPC A IPv6 CIDR pcx-aaaaffff
VPC G VPC G IPv4 CIDR Local
VPC G IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaagggg
VPC A IPv6 CIDR pcx-aaaagggg

Three VPCs peered together

In this configuration, there are three VPCs in the same AWS account with CIDR blocks that do not overlap. The VPCs are peered in a full mesh as follows:

  • VPC A is peered to VPC B through VPC peering connection pcx-aaaabbbb

  • VPC A is peered to VPC C through VPC peering connection pcx-aaaacccc

  • VPC B is peered to VPC C through VPC peering connection pcx-bbbbcccc

Three VPCs peered together

You might use this configuration when you have VPCs that need to share resources with each other without restriction. For example, as a file sharing system.

Update the route table for each VPC as follows to implement this configuration.

Route table Destination Target
VPC A VPC A CIDR Local
VPC B CIDR pcx-aaaabbbb
VPC C CIDR pcx-aaaacccc
VPC B VPC B CIDR Local
VPC A CIDR pcx-aaaabbbb
VPC C CIDR pcx-bbbbcccc
VPC C VPC C CIDR Local
VPC A CIDR pcx-aaaacccc
VPC B CIDR pcx-bbbbcccc

If VPC A and VPC B have both IPv4 and IPv6 CIDR blocks, but VPC C does not have an IPv6 CIDR block, update the route tables as follows. Resources in VPC A and VPC B can communicate using IPv6 over the VPC peering connection. However, VPC C cannot communicate with either VPC A or VPC B using IPv6.

Route tables Destination Target
VPC A VPC A IPv4 CIDR Local
VPC A IPv6 CIDR Local
VPC B IPv4 CIDR pcx-aaaabbbb
VPC B IPv6 CIDR pcx-aaaabbbb
VPC C IPv4 CIDR pcx-aaaacccc
VPC B VPC B IPv4 CIDR Local
VPC B IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaabbbb
VPC A IPv6 CIDR pcx-aaaabbbb
VPC C IPv4 CIDR pcx-bbbbcccc
VPC C VPC C IPv4 CIDR Local
VPC A IPv4 CIDR pcx-aaaacccc
VPC B IPv4 CIDR pcx-bbbbcccc

Multiple VPCs peered together

In this configuration, there are seven VPCs peered in a full mesh configuration. The VPCs are in the same AWS account and their CIDR blocks do not overlap.

VPC VPC VPC peering connection
A B pcx-aaaabbbb
A C pcx-aaaacccc
A D pcx-aaaadddd
A E pcx-aaaaeeee
A F pcx-aaaaffff
A G pcx-aaaagggg
B C pcx-bbbbcccc
B D pcx-bbbbdddd
B E pcx-bbbbeeee
B F pcx-bbbbffff
B G pcx-bbbbgggg
C D pcx-ccccdddd
C E pcx-cccceeee
C F pcx-ccccffff
C G pcx-ccccgggg
D E pcx-ddddeeee
D F pcx-ddddffff
D G pcx-ddddgggg
E F pcx-eeeeffff
E G pcx-eeeegggg
F G pcx-ffffgggg

You might use this configuration when you have multiple VPCs that must be able to access each others' resources without restriction. For example, as a file sharing network. In this diagram, the lines represent VPC peering connections.

Seven VPCs in a full mesh configuration.

Update the route table for each VPC as follows to implement this configuration.

Route table Destination Target
VPC A VPC A CIDR Local
VPC B CIDR pcx-aaaabbbb
VPC C CIDR pcx-aaaacccc
VPC D CIDR pcx-aaaadddd
VPC E CIDR pcx-aaaaeeee
VPC F CIDR pcx-aaaaffff
VPC G CIDR pcx-aaaagggg
VPC B VPC B CIDR Local
VPC A CIDR pcx-aaaabbbb
VPC C CIDR pcx-bbbbcccc
VPC D CIDR pcx-bbbbdddd
VPC E CIDR pcx-bbbbeeee
VPC F CIDR pcx-bbbbffff
VPC G CIDR pcx-bbbbgggg
VPC C VPC C CIDR Local
VPC A CIDR pcx-aaaacccc
VPC B CIDR pcx-bbbbcccc
VPC D CIDR pcx-ccccdddd
VPC E CIDR pcx-cccceeee
VPC F CIDR pcx-ccccffff
VPC G CIDR pcx-ccccgggg
VPC D VPC D CIDR Local
VPC A CIDR pcx-aaaadddd
VPC B CIDR pcx-bbbbdddd
VPC C CIDR pcx-ccccdddd
VPC E CIDR pcx-ddddeeee
VPC F CIDR pcx-ddddffff
VPC G CIDR pcx-ddddgggg
VPC E VPC E CIDR Local
VPC A CIDR pcx-aaaaeeee
VPC B CIDR pcx-bbbbeeee
VPC C CIDR pcx-cccceeee
VPC D CIDR pcx-ddddeeee
VPC F CIDR pcx-eeeeffff
VPC G CIDR pcx-eeeegggg
VPC F VPC F CIDR Local
VPC A CIDR pcx-aaaaffff
VPC B CIDR pcx-bbbbffff
VPC C CIDR pcx-ccccffff
VPC D CIDR pcx-ddddffff
VPC E CIDR pcx-eeeeffff
VPC G CIDR pcx-ffffgggg
VPC G VPC G CIDR Local
VPC A CIDR pcx-aaaagggg
VPC B CIDR pcx-bbbbgggg
VPC C CIDR pcx-ccccgggg
VPC D CIDR pcx-ddddgggg
VPC E CIDR pcx-eeeegggg
VPC F CIDR pcx-ffffgggg

If all VPCs have associated IPv6 CIDR blocks, update the route tables as follows.

Route table Destination Target
VPC A VPC A IPv4 CIDR Local
VPC A IPv6 CIDR Local
VPC B IPv4 CIDR pcx-aaaabbbb
VPC B IPv6 CIDR pcx-aaaabbbb
VPC C IPv4 CIDR pcx-aaaacccc
VPC C IPv6 CIDR pcx-aaaacccc
VPC D IPv4 CIDR pcx-aaaadddd
VPC D IPv6 CIDR pcx-aaaadddd
VPC E IPv4 CIDR pcx-aaaaeeee
VPC E IPv6 CIDR pcx-aaaaeeee
VPC F IPv4 CIDR pcx-aaaaffff
VPC F IPv6 CIDR pcx-aaaaffff
VPC G IPv4 CIDR pcx-aaaagggg
VPC G IPv6 CIDR pcx-aaaagggg
VPC B VPC B IPv4 CIDR Local
VPC B IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaabbbb
VPC A IPv6 CIDR pcx-aaaabbbb
VPC C IPv4 CIDR pcx-bbbbcccc
VPC C IPv6 CIDR pcx-bbbbcccc
VPC D IPv4 CIDR pcx-bbbbdddd
VPC D IPv6 CIDR pcx-bbbbdddd
VPC E IPv4 CIDR pcx-bbbbeeee
VPC E IPv6 CIDR pcx-bbbbeeee
VPC F IPv4 CIDR pcx-bbbbffff
VPC F IPv6 CIDR pcx-bbbbffff
VPC G IPv4 CIDR pcx-bbbbgggg
VPC G IPv6 CIDR pcx-bbbbgggg
VPC C VPC C IPv4 CIDR Local
VPC C IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaacccc
VPC A IPv6 CIDR pcx-aaaacccc
VPC B IPv4 CIDR pcx-bbbbcccc
VPC B IPv6 CIDR pcx-bbbbcccc
VPC D IPv4 CIDR pcx-ccccdddd
VPC D IPv6 CIDR pcx-ccccdddd
VPC E IPv4 CIDR pcx-cccceeee
VPC E IPv6 CIDR pcx-cccceeee
VPC F IPv4 CIDR pcx-ccccffff
VPC F IPv6 CIDR pcx-ccccffff
VPC G IPv4 CIDR pcx-ccccgggg
VPC G IPv6 CIDR pcx-ccccgggg
VPC D VPC D IPv4 CIDR Local
VPC D IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaadddd
VPC A IPv6 CIDR pcx-aaaadddd
VPC B IPv4 CIDR pcx-bbbbdddd
VPC B IPv6 CIDR pcx-bbbbdddd
VPC C IPv4 CIDR pcx-ccccdddd
VPC C IPv6 CIDR pcx-ccccdddd
VPC E IPv4 CIDR pcx-ddddeeee
VPC E IPv6 CIDR pcx-ddddeeee
VPC F IPv4 CIDR pcx-ddddffff
VPC F IPv6 CIDR pcx-ddddffff
VPC G IPv4 CIDR pcx-ddddgggg
VPC G IPv6 CIDR pcx-ddddgggg
VPC E VPC E IPv4 CIDR Local
VPC E IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaaeeee
VPC A IPv6 CIDR pcx-aaaaeeee
VPC B IPv4 CIDR pcx-bbbbeeee
VPC B IPv6 CIDR pcx-bbbbeeee
VPC C IPv4 CIDR pcx-cccceeee
VPC C IPv6 CIDR pcx-cccceeee
VPC D IPv4 CIDR pcx-ddddeeee
VPC D IPv6 CIDR pcx-ddddeeee
VPC F IPv4 CIDR pcx-eeeeffff
VPC F IPv6 CIDR pcx-eeeeffff
VPC G IPv4 CIDR pcx-eeeegggg
VPC G IPv6 CIDR pcx-eeeegggg
VPC F VPC F IPv4 CIDR Local
VPC F IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaaffff
VPC A IPv6 CIDR pcx-aaaaffff
VPC B IPv4 CIDR pcx-bbbbffff
VPC B IPv6 CIDR pcx-bbbbffff
VPC C IPv4 CIDR pcx-ccccffff
VPC C IPv6 CIDR pcx-ccccffff
VPC D IPv4 CIDR pcx-ddddffff
VPC D IPv6 CIDR pcx-ddddffff
VPC E IPv4 CIDR pcx-eeeeffff
VPC E IPv6 CIDR pcx-eeeeffff
VPC G IPv4 CIDR pcx-ffffgggg
VPC G IPv6 CIDR pcx-ffffgggg
VPC G VPC G IPv4 CIDR Local
VPC G IPv6 CIDR Local
VPC A IPv4 CIDR pcx-aaaagggg
VPC A IPv6 CIDR pcx-aaaagggg
VPC B IPv4 CIDR pcx-bbbbgggg
VPC B IPv6 CIDR pcx-bbbbgggg
VPC C IPv4 CIDR pcx-ccccgggg
VPC C IPv6 CIDR pcx-ccccgggg
VPC D IPv4 CIDR pcx-ddddgggg
VPC D IPv6 CIDR pcx-ddddgggg
VPC E IPv4 CIDR pcx-eeeegggg
VPC E IPv6 CIDR pcx-eeeegggg
VPC F IPv4 CIDR pcx-ffffgggg
VPC F IPv6 CIDR pcx-ffffgggg