All Products
Search

This Product

    :Why do VPCs within different Alibaba Cloud accounts fail to access each other after the required authorization is completed?

    Document Center

    :Why do VPCs within different Alibaba Cloud accounts fail to access each other after the required authorization is completed?

    Last Updated:Jun 14, 2023

    Issue

    After a virtual private cloud (VPC1) within Account A is authorized to communicate with VPC2 within Account B, VPC1 and VPC2 fail to communicate with each other.

    Possible causes

    Check for the following possible causes:

    • Check whether VPC1 and VPC2 are attached to a CEN instance. If not, VPC1 and VPC2 cannot communicate with each other even if the authorization is completed.

    • Check whether VPC1 and VPC2 are attached to the same CEN instance.

    • Check whether the CIDR blocks of the vSwitches in VPC1 and VPC2 overlap with each other.

    • Check whether the CIDR blocks of the VPCs overlap with each other.

    • Check whether VPC1 and VPC2 are deployed in the same region. If not, an inter-region connection must be established between them.

    Solutions

    1. Attach the VPCs to a CEN instance.

      Attach the VPCs that need to communicate with each other to a CEN instance. Otherwise, communication between the VPCs cannot be established. For more information, see Create a VPC connection.

    2. Attach the VPCs to the same CEN instance. Attach the VPCs that need to communicate with each other to the same CEN instance even if the VPCs belong to different Alibaba Cloud accounts.

    3. If the VPCs are attached to the same CEN instance but the problem persists, check whether the CIDR blocks of the vSwitches in the VPCs overlap with each other. Overlapping CIDR blocks cause network connectivity errors.

      If overlapping CIDR blocks exist, fix them. For more information, see Plan networks. For more information about overlapping vSwitch CIDR blocks, see Overlapping vSwitch CIDR blocks.

    4. Make sure that the CIDR blocks of the VPCs do not overlap with each other.

    5. Check whether the VPCs are deployed in the same region.

      If not, establish an inter-region connection between the regions. For more information, see Use Basic Edition transit routers to connect VPCs across regions and Use Enterprise Edition transit routers to connect VPCs across regions and accounts.

    Overlapping vSwitch CIDR blocks

    Assume that VPC1 within Account A has two vSwitches whose CIDR blocks are 192.168.1.0/24 and 192.168.2.0/24, and that VPC2 within Account B has two vSwitches whose CIDR blocks are 192.168.2.0/24 and 192.168.3.0/24. After VPC1 and VPC2 are attached to the same CEN instance, only the 192.168.1.0/24 and 192.168.3.0/24 CIDR blocks can communicate with each other because 192.168.2.0/24 is an overlapping CIDR block between VPC1 and VPC2.

    Applicable scope

    • CEN