# VPC Peering

## Introduction

VPC Peering enables encrypted communication between isolated networks using secure tunnels. It facilitates seamless communication between VPCs without exposing traffic to the public internet. This ensures low-latency, high-bandwidth communication while maintaining strong security boundaries. Ideal for scaling applications, managing multi-environment deployments, and ensuring network segmentation within accounts.

### What is Tunnel?
The term "tunnel" refers to a secure communication channel established between two endpoints — in our case, the gateways of two VPCs. This tunnel uses shared secrets (pre-shared keys) for authentication and encryption. All data transferred through this channel is encrypted, ensuring it cannot be intercepted or read during transit. 

Users can create tunnels between:
1. Two VPCs within the same project
2. VPCs across different projects
3. VPCs in different regions
<br/>
:::tip note
Currently, we support VPC peering within a single CRN
:::

## Working with VPC Peering
The following sections explain how to use VPC Peering.


### Create VPCs

* Click on the **VPC** sub-menu available under the Network section.
* Click on the **Get Started** button.
* You will be redirected to the **Create Virtual Private Cloud** page and create 2 VPCs.

![VPC Peering](../network/vpc_peering_images/create_vpc.png)

For more information on creating a VPC -> [Click here](https://docs.e2enetworks.com/docs/myaccount/network/vpc/#working-with-vpc)
### Create Peering Connection 

The following table demonstrates how two nodes (VMs) in different VPCs can communicate after VPC peering.

| Node Name | VPC Name | IP Address   | Can Ping Other Node |
|-----------|----------|--------------|----------------------|
| Node A    | VPC A    | ```10.0.0.2```     | Yes (Node B: ```10.1.0.2```) |
| Node B    | VPC B    | ```10.1.0.2```     | Yes (Node A: ```10.0.0.2```) |

* Select the desired VPC, then go to its actions and click on **Create VPC Peering**.
<br/>
![VPC Peering](../network/vpc_peering_images/peering_action.png)

* Select the VPC you want to connect to (the Acceptor VPC). You can apply filters by region and project, and the VPCs matching the selected criteria will be displayed.
<br/>
![VPC Peering](../network/vpc_peering_images/slider-vpcpeering.png)

* Select the vpc with status **Select** and click on **Create Peering Connection**. 
<br/>
![VPC Peering](../network/vpc_peering_images/slider2-vpcpeering.png)
* The established VPC connection will be listed under the Peering Connections tab. Initially, the tunnel status is shown as **Creating**. Once the tunnel is successfully created, the status changes to **Active** and if the creation fails, the status will be **Failed**.
<br/>
![VPC Peering](../network/vpc_peering_images/peered-connection.png)
### Actions of Peering Connection

* **Pause**: You can pause the tunnel at any time using the pause action, which will temporarily stop its operation and status of tunnel changes to **Inactive**. Pause button will be enabled only when tunnel is in active status.
<br/>
![VPC Peering](../network/vpc_peering_images/pause-action.png)
* **Restart**: If the tunnel is Inactive or Paused, you can use the restart action to bring it back up and make it active again.

![VPC Peering](../network/vpc_peering_images/restart-action.png)
* **Show Commands**: This action provides the required commands to configure routes on your resources so that VPCs can communicate through the tunnel.

:::info
Consider two VPCs connected through a tunnel:
        * VPC A with Node A
        * VPC B with Node B
        
        Add routes to both nodes to enable communication via the tunnel. 

        **ip route add < 2nd vpc cidr > via < 1st vpc gateway ip>**
:::
<br/>
![VPC Peering](../network/vpc_peering_images/show-command-action.png)
<br/>
![VPC Peering](../network/vpc_peering_images/configure_routes.png)
* **Delete Connection**: Use the delete action to permanently remove the tunnel.
<br/>
![VPC Peering](../network/vpc_peering_images/delete-connection.png)
<br/>
![VPC Peering](../network/vpc_peering_images/delete-2-action.png)

### Monitoring of Peering Connections

The Monitoring section displays three types of graphs related to the peering connection:
<br/>
![VPC Peering](../network/vpc_peering_images/graphs.png)
1. **Inbound Traffic** graph
<br/>
![VPC Peering](../network/vpc_peering_images/inbound.png)
<br/>
2. **Outbound Traffic** graph
<br/>
![VPC Peering](../network/vpc_peering_images/outbound.png)
<br/>
3. **Tunnel Activity** graph : where 1 on the y-axis indicates the tunnel is Active, and 0 indicates it is In-active.
<br/>
![VPC Peering](../network/vpc_peering_images/tunnel-activity.png)

### Security Groups for Peering Connection

:::info
The tunnel cannot be created if any restrictive security group is applied on the VPC gateways. Tunnel can be created in either of these two ways:

* By manually attaching the **Allow All Traffic** security group on both VPC gateways. 
* By keeping default settings for security groups. 

:::
* Users can attach security groups to their VPC gateways to control which traffic is allowed through the tunnel. 

![VPC Peering](../network/vpc_peering_images/attach-sg.png)
<br/>
![VPC Peering](../network/vpc_peering_images/show-attached-sg.png)

* If the tunnel goes down at any point, apply a security group > **Allows All Traffic**.
<br/>
![VPC Peering](../network/vpc_peering_images/allow-all-traffic.png)
<br/>

* Users can **detach** a security group from a VPC gateway at any time.
<br/>
![VPC Peering](../network/vpc_peering_images/detach-sg.png)


---