By default, virtual private clouds (VPCs) are isolated from each other. To enable communication between instances in different VPCs, you can use either VPC Peering Connection or Cloud Enterprise Network (CEN). Choosing the right method depends on your network scale, performance requirements, and cost consideration.
Choose the right connection method
Consider the following factors when deciding between VPC peering and CEN:
Scale: Use VPC peering connection for small networks (2-3 VPCs) and CEN for large ones (>3 VPCs).
Features: To use multicast, service chaining, or cross-region QoS, or to automatically configure routes, use CEN.
Cost: If the VPCs to be connected are in the same region, use VPC peering connection. No fees are charged for connections within the same region.
Bandwidth: If high bandwidth is required for intra-region connections, use VPC peering connection. No bandwidth limit is imposed on intra-region connections.
Key differences:
Item
VPC peering connection
CEN
Connection mode
Full-mesh: direct connections between each pair of VPCs
Hub-spoke: VPCs attach to a central Transit Router (TR)
Number of VPCs
Up to 10 VPCs in the same region
Up to 20 across regions
A single TR supports up to 1,000 VPCs
Route configuration
Manual configuration required for each VPC
Routes can be automatically configured using route learning and route synchronization.
Scalability
Low
Each new VPC requires manual setup and routing
High
Add a new VPC by attaching it to the TR, no manual routing needed
Bandwidth
Intra-region: unlimited
Inter-region: default limit 1,024 Mbps
Intra-region: see Maximum bandwidth supported by connections.
Inter-region: pay-as-you-go (quota-limited) or allocated from a bandwidth plan
Billing
Intra-region: free
Inter-region: outbound traffic fees via Cloud Data Transfer (CDT).
Intra-region: connection and processing fees
Inter-region: connection, traffic, and bandwidth fees; see CEN billing
Use case examples
1. Connect two VPCs
To connect two Elastic Compute Service (ECS) instances in different VPCs, VPC peering connection is ideal.
Advantage: Intra-region communication via VPC peering is free of charge.
2. Connect multiple VPCs
For more than two VPCs, using peering connections requires:
A direct connection between every pair of VPCs (full mesh)
Manual route configuration for each connection
This becomes operationally complex as the number of VPCs grows.
CEN simplifies this:
Attach all VPCs to a TR
Full-mesh connectivity is established automatically
Routes are synchronized without manual intervention
Reduce costs in complex network architectures
In complex multi-region deployments, a hybrid approach combining VPC peering and CEN can optimize cost, performance, and control.
Example scenario
A company has VPCs deployed across multiple regions and wants to:
Connect VPCs across regions
Control routing policies
Minimize costs
Recommended solution
Inter-region connections:
Use inter-region VPC peering connection for cost sensitive links (such as between VPC A and VPC C) with no additional cost.
For high-bandwidth or dedicated connections, use CEN with bandwidth plans.
Centralized routing:
Connect transit VPCs to CEN to enable inter-region connectivity with granular routing control.
This hybrid model balances cost efficiency and network agility.
