Setting up VPC Peering
This guide shows you how to set up VPC peering in Thalassa Cloud. VPC peering lets resources in different VPCs talk to each other as if they were on the same network.
Prerequisites
Before you start, you need:
- Access to your Thalassa Cloud organisation
- Two VPCs with different CIDR blocks (they must not overlap)
- Permissions to create and accept peering connections
- The VPC IDs for both VPCs
If you’re peering across organisations, you also need:
- Access to both organisations
- The target organisation ID
How VPC Peering Works
VPC peering connects two VPCs together. Resources in one VPC can talk to resources in the other VPC. The process has three steps:
- Create a peering connection request from one VPC
- Accept the connection from the other VPC (automatic for same organisation, manual for cross-organisation)
- Configure route tables in both VPCs so traffic can flow
Step 1: Create the Peering Connection
Step 1: Gather Required Information
Get the VPC IDs for both VPCs. Check that the CIDR blocks are different. For example, use 10.0.0.0/16 for one VPC and 10.1.0.0/16 for the other. If peering across organisations, you also need the accepter organisation ID. Find this information in the VPC details page in the console.
Step 2: Navigate to VPC Peering
- Navigate to IaaS → Networking → VPC Peering in your Thalassa Cloud Console
- Click “Create Peering Connection” or “Add Peering Connection”
Step 3: Configure Peering Connection
Give the connection a name like peering-production-to-staging. Add a description if needed. Select your VPC as the requester and the target VPC as the accepter. For cross-organisation peering, enter the accepter organisation ID.
Set auto-accept:
truefor same organisation and same region (activates immediately)falsefor cross-organisation (needs manual acceptance)
Step 4: Create and Wait for Acceptance
- Click “Create Peering Connection”
- The connection will be in
pendingstatus until accepted (ifauto_acceptis false) - For same organisation/region with
auto_accept: true, the connection becomesactiveimmediately
Step 2: Accept the Peering Connection (If Required)
For cross-organisation peering or when auto_accept is disabled, the accepter organisation must accept the request.
Step 1: View Pending Requests
- Navigate to IaaS → Networking → VPC Peering in the Thalassa Cloud Console
- View pending peering requests in your organisation
- Review the peering connection details, including the requester organisation and VPC information
Step 2: Verify the Request
Before accepting, check:
- The requester organisation and VPC details are correct
- The CIDR blocks don’t overlap with your VPC
- You need this connection for your work
This helps prevent accidental connections.
Step 3: Accept the Connection
Accept the peering connection. The connection status will change from pending to active once accepted.
Step 3: Configure Route Tables
After the peering connection becomes active, both VPCs must configure route tables to enable traffic flow. Routes can only be created after the peering connection is in an active status.
Step 1: Navigate to Route Tables
- Navigate to IaaS → Networking → Route Tables in your Thalassa Cloud Console
- Select the route table you want to configure (typically the default route table for each VPC)
Step 2: Add Route in Requester VPC
In the requester VPC’s route table:
- Click “Add Route” or “Create Route”
- Configure:
- Destination CIDR: The accepter VPC’s CIDR block (e.g.,
10.1.0.0/16) - Target: Select the VPC peering connection
- Click “Create Route”
- Destination CIDR: The accepter VPC’s CIDR block (e.g.,
Step 3: Add Route in Accepter VPC
In the accepter VPC’s route table:
- Click “Add Route” or “Create Route”
- Configure:
- Destination CIDR: The requester VPC’s CIDR block (e.g.,
10.0.0.0/16) - Target: Select the VPC peering connection
- Click “Create Route”
- Destination CIDR: The requester VPC’s CIDR block (e.g.,
Step 4: Verify Connectivity
After configuring routes, test connectivity between resources in the peered VPCs:
- From a resource in the requester VPC, try to reach a resource in the accepter VPC
- Verify both directions work (bidirectional communication)
Troubleshooting
Peering Connection Remains Pending
If the connection stays pending:
- Check that the accepter organisation accepted it (for cross-organisation peering)
- Verify both VPCs are in the same region
- Check the
accepter_organisation_idis correct
Traffic Not Flowing After Acceptance
If traffic doesn’t flow:
- Check routes are set up in both VPCs
- Verify routes point to the correct peering connection ID
- Check destination CIDRs match the peer VPC’s CIDR blocks
- Verify security groups allow traffic between the VPCs
- Test connectivity with
ping,telnet, orcurl
CIDR Overlap Issues
Overlapping CIDR blocks cause routing problems. If your VPCs have overlapping CIDRs, you cannot peer them. Use NAT gateways or VPN instead.
Best Practices
Plan your VPC CIDR blocks to avoid overlaps. This helps with future peering needs. Always set up security groups before testing. Only allow traffic that you actually need between VPCs. Add clear descriptions to peering connections for easier maintenance.
Review your peering connections regularly. Check if they’re still needed and properly configured. Centralize route table management when possible. After setting up peering, test connectivity to make sure everything works.
Related Documentation
- VPC Peering Overview: Understanding VPC peering capabilities
- Route Tables: Learn about route table configuration
- Security Groups: Secure traffic through peering connections
- VPCs: Learn about Virtual Private Clouds