Connectivity Options for AWS VPC (Part-1)

Sep 30, 2023

Amazon Virtual Private Cloud (VPC) is one of the most popular services where AWS provides us our virtual environment which is logically isolated. Within VPC we can have our compute services our servers, database etc. Companies require multiple VPC for security, billing purposes, requirement of multiple availability zone and regions. So, understanding different options which AWS provides for VPC connectivity and selecting the best one for our architecture design is very important. Here in this article, we will go through different VPC connectivity options.

Start a Substack

VPC Peering

It is the most basic option for VPC connectivity provided by AWS. Two VPC if connected by VPC peering can communicate with each other using there private IP address. VPC peering can be created among VPC within a single account or among VPC of different accounts or within multiple regions. One more benefit of VPC Peering is high security as it stays on global AWS backbone and never uses public internet. AWS uses its existing infrastructure to setup this peering connection and so bandwidth and latency issue is also shorted out. And cherry on the top, AWS does not charge anything for availing this service only traffic cost are charged.

But the only drawback with VPC peering is that it does not support transitive communication. This means VPC A can’t communicate with VPC B without having direct VPC Peering connection among VPC A and VPC B as shown in figure below. VPC A and VPC B can’t communicate via VPC C. This is non-transitive !

So, if there is requirement of multiple VPC connectivity we will have to create mesh topology by connecting each and every VPC with each other as shown in figure below.

Now the formula to calculate the count of peering connection is
No. of connectivity = [(no. of VPC -1)*no. of VPC] /2
Hence there will be 15 Peering connection for 6 VPC, 66 peering connection for 12 VPC and so on. Managing such a big number of connectivity is a big task. So to provide the solution of this problem AWS came with Transit Gateway service in 2018.
Transit Gateway
AWS Transit Gateway (TGW) is an AWS managed service, so we don’t need to think about its availability and scalability. AWS TGW provides an interconnect between the multiple VPC and on premises network. A Transit Gateway maintains route table whose target could be any TGW attachment. It can be attached with multiple VPC, SD-WAN, AWS Direct connect, Peering connection with other TGW and VPN connection.
In comparison with VPC Peering connection, Transit Gateway hub-and-spoke structure minimizes the network complexity.

Transit gateway supports up to 5000 connections and 50 Gbps bandwidth and details can be checked at Transit Gateway Quotas
One more difference between VPC Peering and AWS Transit Gateway which should be kept in mind while opting among these services are the baseline cost for using this service. Unlike VPC peering connection, Transit Gateway is not a free service. In parallel with the traffic cost there is some baseline cost incurred with this TGW service which is charged per hour, details can be checked at Transit Gateway pricing
So, Transit gateway has minimized the complexity but it is costly in comparison with VPC peering connection. That’s the reason we generally see a mix of these services are getting used by companies.

There are other options for VPC connectivity like Private link and VPN which will be discussed in next part of the article.

PS:

· Stay tuned for more Cloud computing and Networking post in future.

Please leave your questions, comments and feedback to enhance this and future contribution. Thank you !!!Start writing today. Use the button below to create your Substack and connect your publication with Dibya’s Substack

Dibya Bharti

Discussion about this post