Virtual Private Cloud:Create and manage a VPC peering connection

Prerequisites

Two VPCs between which you want to create a VPC peering connection are created. You can also create a cross-account VPC peering connection. In this case, you must create the VPCs by using different Alibaba Cloud accounts. For more information, see Create and manage a VPC.

Create a VPC peering connection

1. Log on to the VPC console.
2. In the left-side navigation pane, click VPC Peering Connection.
3. Optional:If this is your first time using VPC peering connections, click Activate CDT on the VPC Peering Connection page. Then, click Activate in the dialog box that appears.
   If you want to create a cross-account VPC peering connection, you must activate Cloud Data Transfer (CDT) for the Alibaba Cloud account of the accepter VPC.
4. On the VPC Peering Connection page, click Create VPC Peering Connection.
5. On the Create VPC Peering Connection page, set the following parameters and click OK.
   You can create VPC peering connections of the following types: same-account and intra-region, same-account and inter-region, cross-account and intra-region, and cross-account and inter-region.

   The following table describes the parameters that are required when you create different types of VPC peering connections.

   Parameter	Description
   Peering Connection Name	Enter a name for the VPC peering connection.
   Initiator	You can select a VPC as the requester by using one of the following methods: Enter a VPC name or ID in the drop-down list to perform fuzzy search. Select a VPC from the drop-down list.
   Acceptor Account Type	Select whether the requester VPC and accepter VPC belong to the same Alibaba Cloud account. Valid values: Same-Account: The requester VPC and accepter VPC belong to the same Alibaba Cloud account. After you initiate a connection request from the requester VPC, the VPC peering connection is automatically established. You do not need to accept the request on the accepter VPC. Cross-Account: The requester VPC and accepter VPC belong to different Alibaba Cloud accounts. After you initiate a connection request from the requester VPC, you can accept or reject the request on the accepter VPC to establish or deny the VPC peering connection. If you select Cross-Account, enter the ID of the Alibaba Cloud account to which the accepter VPC belongs in the accepter Account ID field.
   Acceptor Region Type	Select whether the requester VPC and accepter VPC belong to the same region. Valid values: Intra-Region: The requester VPC and accepter VPC belong to the same region. Inter-Region: The requester VPC and accepter VPC belong to different regions. If you select Inter-Region, select the region where the accepter VPC is deployed from the accepter Region drop-down list.
   Acceptor	You can select a VPC as the accepter by using one of the following methods: Enter a VPC name or ID in the drop-down list to perform fuzzy search. Select a VPC from the drop-down list.

6. If you create a cross-account VPC peering connection, you must accept or reject the request on the accepter VPC after you initiate a request.
   1. Log on to the VPC console. You must use the Alibaba Cloud account of the accepter VPC to perform this step.
   2. In the left-side navigation pane, click VPC Peering Connection.
   3. On the VPC Peering Connection page, find the VPC peering connection and perform the following operations:

      After you initiate a request, the VPC peering connection is in the Accepting state.

      • To accept the request, click Accept in the Actions column.

        Then, the state of the VPC peering connection changes from Accepting to Updating. After the VPC peering connection is activated, it enters the Activated state and is ready for use.

      • To reject the request, click Reject in the Actions column.

        Then, the state of the VPC peering connection changes from Accepting to Rejected.

        A VPC peering connection in the Rejected state is unavailable. You can delete the VPC peering connection on the requester VPC or accepter VPC.

      Note If you do not accept or reject the request within seven days, the VPC peering connection enters the Expired state.
7. On the VPC Peering Connection page, view the information about a VPC peering connection.
   • An activated VPC peering connection is in the Activated state and is ready for use.
   • You can view the following information about the requester VPC and accepter VPC: the VPC ID, region, CIDR block, and owner Alibaba Cloud account.

Configure routes

After you create a VPC peering connection, you must add a route that points to the peer VPC for both the acceptor VPC and requester VPC.

1. Log on to the VPC console.
2. In the left-side navigation pane, click VPC Peering Connection.
3. On the VPC Peering Connection page, find the VPC peering connection that you want to manage and perform the following operations.
   • Configure a route for the requester VPC
     1. In the Initiator column, click Configure Route.
     2. In the Configure Route dialog box, set the following parameters and click OK.

        Parameter	Description
        VPC	The system automatically displays the requester VPC.
        Route Table	Select a route table associated with the VPC from the drop-down list.
        Name	Enter a name for the route.
        Destination CIDR Block	Enter the CIDR block of the accepter VPC.
        Next Hop	The system automatically displays the next hop.

   • Configure a route for the accepter VPC that belongs to the same Alibaba Cloud account
     1. Click Configure Route in the Acceptor column.
     2. In the Configure Route dialog box, set the following parameters and click OK.

        Parameter	Description
        VPC	The system automatically displays the accepter VPC.
        Route Table	Select a route table associated with the VPC from the drop-down list.
        Name	Enter a name for the route.
        Destination CIDR Block	Enter the CIDR block of the requester VPC.
        Next Hop	The system automatically displays the next hop.

   • Configure a route for the accepter VPC that belongs to a different Alibaba Cloud account
     1. Log on to the VPC console. You must use the Alibaba Cloud account of the accepter VPC to perform this step.
     2. In the left-side navigation pane, click VPC Peering Connection.
     3. On the VPC Peering Connection page, find the VPC peering connection and click Configure Route in the Acceptor column.
     4. The subsequent operations are the same as the operations that you perform to configure a route for the VPC that belongs to the same Alibaba Cloud account.
   After you configure the routes, you can click the ID of the VPC peering connection on the VPC Peering Connection page to view the information about the routes in the Route Entry List section.

Test the connectivity

Before you test the connectivity, make sure that Elastic Compute Service (ECS) instances are created in both the requester VPC and acceptor VPC. In addition, the security group rules of the ECS instances allow access to each other. Perform the following operation to test the connectivity.

1. Log on to an ECS instance in the requester VPC. For more information, see Connection methods.
2. Run the ping command to ping the private IP address of an ECS instance in the acceptor VPC.

   If you can receive echo reply packets, it indicates that the requester VPC can access the acceptor VPC.

3. Log on to an ECS instance in the acceptor VPC.
4. Run the ping command to ping the private IP address of an ECS instance in the requester VPC.

   If you can receive echo reply packets, it indicates that the acceptor VPC can access the requester VPC.

   After you verify the connectivity, you can deploy your services in the VPCs.

Delete a VPC peering connection

1. Log on to the VPC console.
2. On the VPC Peering Connection page, find the VPC peering connection that you want to delete and click Delete in the Actions column.
3. In the message that appears, click OK.
   To forcefully delete a VPC peering connection, select I confirm that my services will not be affected and want to delete all the preceding VPC peering connections and routes. in the dialog box.

More

Modify the bandwidth of an inter-region VPC peering connection

1. On the VPC Peering Connection page, find the VPC peering connection that you want to modify and click its ID.
2. On the details page of the VPC peering connection, click Edit on the right side of Name in the Information section.
3. In the dialog box that appears, enter a new name and click OK.
4. On the details page of the VPC peering connection, click Edit on the right side of Bandwidth (Mbit/s) in the Information section.
5. In the dialog box that appears, enter a new bandwidth value and click OK.
   The bandwidth value must be an integer greater than 0. The maximum bandwidth value is 1024.

Modify the name or description of a VPC peering connection

1. On the VPC Peering Connection page, find the VPC peering connection that you want to manage and click its ID.
2. On the details page of the VPC peering connection, click Edit on the right side of Name in the Information section.
3. In the dialog box that appears, enter a new name and click OK.
4. On the details page of the VPC peering connection, click Edit on the right side of Description in the Information section.
5. In the dialog box that appears, enter a new description and click OK.

References

• CreateVpcPeerConnection: creates a VPC peering connection.
• AcceptVpcPeerConnection: accepts a connection request from a requester VPC.
• RejectVpcPeerConnection: rejects a connection request from a requester VPC.
• GetVpcPeerConnectionAttribute: queries the details of a VPC peering connection.
• CreateRouteEntry: adds a custom route.
• DeleteRouteEntry: deletes a custom route.
• DeleteVpcPeerConnection: deletes a VPC peering connection.
• ModifyVpcPeerConnection: modifies the name or description of a VPC peering connection.