VPC Peering
This article explains how to route traffic between Vultr VPCs. This feature is called VPC Peering.
What Is a Vultr VPC?
A Vultr Virtual Private Cloud (VPC) is a private network that connects two or more cloud servers in the same Vultr location.
Here's an example scenario:
Alice is a Vultr customer that needs to replicate data between two web servers. She prefers to do this through a VPC for privacy and to reduce her bandwidth charges.
- She set up two web servers, and connected them to the internet and a Vultr VPC.
- She used RFC1918 addresses on the private VPC interface. (10.1.0.0/20)
- She used publicly-routable IP addresses on the public interface.
Alice also has two database servers with similar requirements, so she set up a second VPC for her database servers. She named her VPCs LAX1 and LAX2. Her network now looks like this:
VPCs are entirely private, even from each other. Neither of Alice's VPCs can see the other's traffic, so her web and database servers must connect over the public internet. This isn't ideal for privacy or bandwidth.
What Is VPC Peering?
VPC peering routes traffic between two VPCs. You can establish VPC peering within the same account or between accounts.
VPC Peering within an Account
Because both of Alice's VPCs are in the same location, she can use VPC peering to connect them like this:
Now her web servers can communicate with the databases privately without any risk of bandwidth overage charges.
VPC Peering between Accounts
Bob wants to connect his web servers to Alice's databases. They have different accounts, but they are both in Los Angeles.
- Alice creates a VPC named LAX3.
- Bob creates a VPC named LAX4.
They exchange their network information and create a VPC peering connection like this:
Vultr's VPC peering creates some exciting new capabilities. Now that we've demonstrated the high-level concepts, let's learn how it works.
VPC Peering Requirements
- You need two Vultr VPCs in the same location. See the Vultr VPC documentation to learn how to create a VPC.
- The VPCs can be in the same account or different accounts.
- The IP subnets in each VPC must not overlap.
- VPC peering is a one-to-one relationship. You can't connect one VPC to multiple VPCs.
The subnets in both VPCs must be compatible with RFC1918. The valid IP ranges are:
- From 10.0.0.0 through 10.255.255.255 (10/8 prefix)
- From 172.16.0.0 through 172.31.255.255 (172.16/12 prefix)
- From 192.168.0.0 through 192.168.255.255 (192.168/16 prefix)
When you create a VPC, you can accept an automatic IP range or configure it manually. You'll find a helpful link to our subnet calculator if you choose manual configuration.
VPC Peering within the Same Account
When you create a VPC peering connection, a requester initiates the connection request to an accepter, who approves or denies the request. When you set up a VPC peering within the same account, you are the accepter and the requester.
Here's how Alice creates the connection between LAX1 and LAX2, step-by-step.
- Alice navigates to the VPC Peering page in her account and clicks Add Connection.
She enters the VPC connection request by filling out this form.
- She selects the LAX1 VPC network in Your VPC.
- She enters a description.
- She selects My Account for Connect To:
- She chooses the LAX2 VPC network from My Account.
Alice clicks Request Connection to start the process, which puts the VPC peering connection in Pending status.
Alice clicks the edit icon to view the request. It looks like a pencil. Because Alice is both the requester and the accepter, she sees both sides of the request.
If Alice decides to cancel the request, she can click either Cancel Request or Deny. In this case, they both mean the same thing.
Because Alice wants to proceed, she clicks Accept, and the connection begins provisioning. In a couple of minutes the status changes to Active, and the process is complete.
Remove the VPC Peer
When Alice wants to end the peering connection, she navigates back to the connection page and clicks Close this Connection.
VPC Peering between Accounts
To create a VPC peering connection between accounts, the requester account initiates a request to the accepter account, who can approve or deny the request.
Here's how Alice and Bob create their VPC peering connection, step-by-step.
- Alice sends the VPC UUID for LAX3 to Bob through email or some other method.
- Bob navigates to his VPC Peering page and clicks Add Connection.
Bob enters the VPC connection request:
- He selects LAX4 in Your VPC.
- He enters a description.
- He chooses Other Account for Connect To:
- He enters the UUID that Alice sent him. This UUID is an example, yours will be different.
Bob clicks Request Connection, which puts the VPC peering connection in Pending status until Alice accepts the request.
While waiting for Alice to accept, Bob has the option to cancel the request.
Alice can Accept or Deny the request.
Alice clicks Accept, and the connection begins provisioning. In a couple of minutes the status changes to Active, and the process is complete.
Remove a VPC Peering Connection
Either Alice or Bob can end VPC peering by clicking Close this Connection.
How to Configure Network Routing on your Instance for VPC Peering
If your operating system uses the latest cloud-init, you do not need any manual configuration when attaching a server to your VPC. Vultr pre-loads the newest version of cloud-init for these operating systems:
- AlmaLinux 8
- CentOS 8
- CentOS Stream 8
- Debian 11
- Fedora 34
- Fedora 35
- Rocky Linux 8
- Ubuntu 20.04
- Ubuntu 21.04
- Ubuntu 21.10
- VzLinux 8
If you use a different operating system, you must add a persistent route that forwards your subnet's traffic to the VPC's gateway.
The VPC gateway is always the
.1IP address of your VPC subnet.
For example, if your VPC's subnet is10.10.10.0/20, then your gateway is10.10.10.1.
If you need to add routes manually, please see the documentation for your operating system. You may also find these articles helpful:
- How to Create a Vultr Virtual Private Cloud (VPC)
- How to Find the Network Adapter Names for a Vultr Cloud Server