Peering Connections Typical Practice

VPC VPC

  • API Reference
    • ACL-Related Interfaces
      • Add ACL rule
      • Delete ACL rules
      • Query ACL rules
      • Query ACL
      • Update ACL rules
    • API function release records
    • API Overview
    • Appendix
    • Common Headers and Error Responses
    • Dedicated Gateway-Related Interfaces
      • Bind physical dedicated line
      • Create dedicated gateway
      • Create health check for dedicated gateway
      • Query dedicated gateway details
      • Query dedicated gateway list
      • Release dedicated gateway
      • Unbind physical dedicated line
      • Update dedicated gateway
    • Elastic Network Interface-Related Interfaces
      • Add intranet IP to elastic network interface in batches
      • Add Secondary IP Address of Elastic Network Interface
      • Create elastic network interface
      • Delete elastic network interface
      • Delete Intranet IP from elastic network interface in batches
      • Delete Secondary IP Address of Elastic Network Interface
      • Elastic network interface binds to EIP
      • Elastic Network Interface Mounts Cloud Product Instance
      • Elastic network interface unbinds from EIP
      • Elastic Network Interface Unmounts Cloud Product Instance
      • Query elastic network interface list
      • Query elastic network interface status
      • Query the specified elastic network interface
      • Update elastic network interface with enterprise security group
      • Update elastic network interface with regular security group
      • Update elastic network interface
    • Gateway Bandwidth Limiting Rule Related Interfaces
      • Create gateway bandwidth limiting rules
      • Delete Gateway Bandwidth Limiting Rule
      • Modify Gateway Bandwidth Limiting Rule
      • View Gateway Bandwidth Limiting Rule
    • General Description
    • High-Availability Virtual IP Address(HAVIP) Related Interfaces
      • Bind EIP to high-availability virtual IP address
      • Bind instance to high-availability virtual IP address
      • Create high-availability virtual IP address
      • Delete high-availability virtual IP address
      • Query high-availability virtual IP address list
      • Query the specified high-availability virtual IP address
      • Unbind EIP from high-availability virtual IP address
      • Unbind instance from high-availability virtual IP address
      • Update high-availability virtual IP address
    • Interface Overview
    • IPv6 Gateway-Related Interfaces
      • Add IPv6 egress-only policy
      • Bandwidth resizing for IPv6 gateway
      • Create IPv6 gateway bandwidth limiting policy
      • Create IPv6 gateway
      • Delete IPv6 gateway bandwidth limiting policy
      • Delete IPv6 Gateway
      • Delete the IPv6 egress-only policy
      • Query IPv6 gateway bandwidth limiting policy list
      • Query IPv6 gateway
      • Query the IPv6 egress-only policy list
      • Update IPv6 gateway bandwidth limiting policy
      • Update the IPv6 gateway release protection switch
    • NAT Gateway-Related Interfaces
      • Bind DNAT EIP to the NAT gateway
      • Bind SNAT EIP to the NAT gateway
      • Create DNAT rules in batches
      • Create DNAT rules
      • Create NAT gateway
      • Create SNAT rules in batches
      • Create SNAT rules
      • Delete DNAT rules
      • Delete SNAT rules
      • NAT Gateway Binds EIP
      • NAT gateway renewal
      • NAT Gateway Resize
      • NAT Gateway Unbinds EIP
      • Query DNAT rules
      • Query NAT gateway details
      • Query NAT gateway list
      • Query SNAT rules
      • Release NAT gateway
      • Unbind DNAT EIP from the NAT gateway
      • Unbind SNAT EIP from the NAT gateway
      • Update DNAT rules
      • Update NAT Delete Protection Switch
      • Update NAT gateway name
      • Update SNAT rules
    • Network Detection Related Interfaces
      • Create Network Probe
      • Delete network probe
      • Query network probe details
      • Query network probe list.
      • Update probe
    • Parameter Template-Related Interfaces
      • Add IP addresses to the IP address family
      • Add IP addresses to the IP address group
      • Create IP address family
      • Create IP address set
      • Delete IP address family
      • Delete IP address from IP address group
      • Delete IP address set
      • Query IP address family list
      • Query IP address group list
      • Query specified IP address family
      • Query specified IP address group
      • Remove IP address group from IP address family
      • Update IP address family
      • Update IP address set
    • Peering Connections-Related Interfaces
      • Application to process the peering connection
      • Bandwidth resizing for peering connections
      • Create peering connections
      • Disable DNS synchronization for the peering connections.
      • Enable DNS synchronization for the peering connections
      • List of peering connections to be queried.
      • Peering connection renewal
      • Release peering connections
      • Update the local API name and remarks for peering connections
      • Update the peering connection release protection switch
      • View details of peering connection
    • Route Table Related Interfaces
      • Create route rules
      • Delete route rules
      • Primary-standby switch
      • Query route table
      • Query routing rules
      • Update route rules
    • Security Group Related Interfaces
      • Enterprise security group
        • Authorize enterprise security group rules
        • Create enterprise security group
        • Delete enterprise security group rules
        • Delete enterprise security group
        • Query enterprise security group list
        • Update enterprise security group rules
      • Regular security group
        • Authorize regular security group rules
        • Create regular security group
        • Delete regular security group rules
        • Delete regular security group
        • Query regular security group list
        • Revoke regular security group rules
        • Update regular security group rules
        • View security group details
    • Service domain
    • Service Network Interface Card (SNIC)-Related Interfaces
      • Create service network interface card
      • Delete service network interface card
      • Query mountable public services
      • Query service network interface card details
      • Query service network interface card list
      • Update regular security group for service network interface card
      • Update service network interface card with enterprise security group
      • Update the service network interface card
    • Subnet-Related Interfaces
      • Create reserved network segment
      • Create subnet
      • Delete reserved network segment
      • Delete subnet
      • Query specified subnet
      • Query subnet list
      • Query the reserved network segment list
      • Update subnet
    • VPC-Related Interfaces
      • Create VPC
      • Delete VPC
      • Open VPC relay
      • Query IP Usage by Products in VPC
      • Query specified VPC
      • Query VPC intranet IP
      • Query VPC list
      • Shut down VPC relay
      • Update VPC
    • VPN-Related Interfaces
      • Bind EIP
      • Create SSL VPN server
      • Create SSL VPN users in batches
      • Create VPN tunnel
      • Create VPN
      • Delete SSL VPN server
      • Delete SSL VPN user
      • Delete VPN tunnel
      • Query SSL-VPN server
      • Query SSL-VPN user
      • Query VPN details
      • Query VPN List
      • Query VPN tunnels
      • Release VPN
      • Unbind EIP
      • Update SSL VPN server
      • Update SSL VPN user
      • Update VPN release protection switch
      • Update VPN tunnel
      • Update VPN
      • VPN gateway renewal
    • High-Availability Virtual IP Address (HAVIP) Related Interfaces
      • Bind EIP to high-availability virtual IP address
      • Bind instance to high-availability virtual IP address
      • Create high-availability virtual IP address
      • Delete high-availability virtual IP address
      • Query high-availability virtual IP address list
      • Query the specified high-availability virtual IP address
      • Unbind EIP from high-availability virtual IP address
      • Unbind instance from high-availability virtual IP address
      • Update high-availability virtual IP address
  • FAQs
    • Common Questions Overview
    • NAT FAQs
    • Route Table FAQs
    • Service Network Interface Card(SNIC) Common Questions
    • VPC FAQs
    • VPN FAQs
    • Service Network Interface Card (SNIC) Common Questions
  • Function Release Records
  • Operation guide
    • Access control
      • ACL
      • Parameter Template
      • Security group
    • Identity and access management
    • Monitor and Operations
      • NAT Gateway Instance Diagnosis
    • Network Connection
      • Dedicated gateway
      • IPv6 gateway
      • Layer 2 Gateway
      • NAT Gateway
        • Private Network NAT(Network Address Translation) Gateway
        • Public Network NAT(Network Address Translation) Gateway
        • Private Network NAT (Network Address Translation) Gateway
        • Public Network NAT (Network Address Translation) Gateway
      • Peering Connections
      • VPN Gateway
        • GRE VPN Gateway
        • IPsec VPN Gateway
        • SSL VPN Gateway
    • Network Diagnostics
      • Flow log
      • Gateway bandwidth limiting
      • Network probe
      • Path analysis
      • Port verification
      • Traffic monitor
    • Network interface card
      • Elastic network interface
      • High-availability virtual IP address (HAVIP)
      • Service network interface card
    • Network topology
    • Route table
    • Subnet
    • Tag Management
    • Using IPv6
    • VPC
  • Product Description
    • Application scenarios
    • Product advantages
    • Product features
    • Product Introduction
    • Related concepts
    • Usage restrictions
  • Product pricing
  • SDK
    • Go-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Exception handling
      • High-availability virtual IP address (HAVIP)
      • Initialization
      • Install the SDK Package
      • IPv6Gateway
      • NAT
      • Network probe
      • Overview
      • Peering Connections
      • Route
      • Security group
        • Enterprise security group
        • Regular security group
      • Service network interface card
      • Subnet
      • VPC
      • VPN
    • Java-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Enterprise security group
      • High-availability virtual IP address (HAVIP)
      • Install the SDK Package
      • IPv6 gateway
      • NAT
      • Network probe
      • Overview
      • Parameter Template
      • Peering Connections
      • Regular security group
      • Route
      • Service network interface card
      • Subnet
      • Version history
      • vpc
      • VPN
    • PHP-SDK
      • ACL
      • Install the SDK Package
      • NAT
      • Overview
      • Peering Connections
      • Route
      • Security group
      • Subnet
      • Version history
      • vpc
    • Python-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Enterprise security group
      • High-availability virtual IP address (HAVIP)
      • Install the SDK Package
      • IPv6Gateway
      • NAT
      • Network probe
      • Overview
      • Peering Connections
      • Route
      • Security group
      • Service network interface card
      • Subnet
      • Version history
      • VPC
      • VPN
  • Service Level Agreement (SLA)
    • IPv6 Gateway Service Level Agreement SLA
    • NAT(Network Address Translation) Gateway Service Level Agreement SLA
    • Peering Connections Service Level Agreement SLA
    • Service Network Interface Card(SNIC) Service Level Agreement SLA
    • VPN Gateway Service Level Agreement SLA
    • NAT (Network Address Translation) Gateway Service Level Agreement SLA
    • Service Network Interface Card (SNIC) Service Level Agreement SLA
  • Typical Practices
    • Configure Custom Service and Use Service Network Interface Card(SNIC) to Provide Service for Other VPCs
    • HAVIP Combined with Keepalived to Achieve Master-Backup Multi-Machine High Availability
    • Layer 2 Gateway Combined with Dedicated Line Access ET to Build Large Layer 2 Network Between IDC and Cloud VPC
    • Network Layer Security Description
    • Peering Connections Typical Practice
    • Security Group Configuration Practice (Advanced Level)
    • Security Group Configuration Practice (Beginner Level)
    • Typical Practice of Managing Elastic Network Interface Using Terraform
    • Typical Practice of Managing IPsec VPN Gateway Using Terraform
    • Using Keepalived in VPC to Achieve High-Availability Architecture
    • VPC Custom Route Table to Achieve Secure Traffic Mutual Access
    • Windows Using HAVIP to Configure Master-Backup Multi-Machine
    • Configure Custom Service and Use Service Network Interface Card (SNIC) to Provide Service for Other VPCs
  • VPC CLI
    • Configure BCE-CLI
    • Install BCE-CLI
    • Route Table Related Operations
    • Subnet Related Operations
    • Using VPC Service via CLI
    • Version Change Records
    • VPC Related Operations
All documents
menu
No results found, please re-enter

VPC VPC

  • API Reference
    • ACL-Related Interfaces
      • Add ACL rule
      • Delete ACL rules
      • Query ACL rules
      • Query ACL
      • Update ACL rules
    • API function release records
    • API Overview
    • Appendix
    • Common Headers and Error Responses
    • Dedicated Gateway-Related Interfaces
      • Bind physical dedicated line
      • Create dedicated gateway
      • Create health check for dedicated gateway
      • Query dedicated gateway details
      • Query dedicated gateway list
      • Release dedicated gateway
      • Unbind physical dedicated line
      • Update dedicated gateway
    • Elastic Network Interface-Related Interfaces
      • Add intranet IP to elastic network interface in batches
      • Add Secondary IP Address of Elastic Network Interface
      • Create elastic network interface
      • Delete elastic network interface
      • Delete Intranet IP from elastic network interface in batches
      • Delete Secondary IP Address of Elastic Network Interface
      • Elastic network interface binds to EIP
      • Elastic Network Interface Mounts Cloud Product Instance
      • Elastic network interface unbinds from EIP
      • Elastic Network Interface Unmounts Cloud Product Instance
      • Query elastic network interface list
      • Query elastic network interface status
      • Query the specified elastic network interface
      • Update elastic network interface with enterprise security group
      • Update elastic network interface with regular security group
      • Update elastic network interface
    • Gateway Bandwidth Limiting Rule Related Interfaces
      • Create gateway bandwidth limiting rules
      • Delete Gateway Bandwidth Limiting Rule
      • Modify Gateway Bandwidth Limiting Rule
      • View Gateway Bandwidth Limiting Rule
    • General Description
    • High-Availability Virtual IP Address(HAVIP) Related Interfaces
      • Bind EIP to high-availability virtual IP address
      • Bind instance to high-availability virtual IP address
      • Create high-availability virtual IP address
      • Delete high-availability virtual IP address
      • Query high-availability virtual IP address list
      • Query the specified high-availability virtual IP address
      • Unbind EIP from high-availability virtual IP address
      • Unbind instance from high-availability virtual IP address
      • Update high-availability virtual IP address
    • Interface Overview
    • IPv6 Gateway-Related Interfaces
      • Add IPv6 egress-only policy
      • Bandwidth resizing for IPv6 gateway
      • Create IPv6 gateway bandwidth limiting policy
      • Create IPv6 gateway
      • Delete IPv6 gateway bandwidth limiting policy
      • Delete IPv6 Gateway
      • Delete the IPv6 egress-only policy
      • Query IPv6 gateway bandwidth limiting policy list
      • Query IPv6 gateway
      • Query the IPv6 egress-only policy list
      • Update IPv6 gateway bandwidth limiting policy
      • Update the IPv6 gateway release protection switch
    • NAT Gateway-Related Interfaces
      • Bind DNAT EIP to the NAT gateway
      • Bind SNAT EIP to the NAT gateway
      • Create DNAT rules in batches
      • Create DNAT rules
      • Create NAT gateway
      • Create SNAT rules in batches
      • Create SNAT rules
      • Delete DNAT rules
      • Delete SNAT rules
      • NAT Gateway Binds EIP
      • NAT gateway renewal
      • NAT Gateway Resize
      • NAT Gateway Unbinds EIP
      • Query DNAT rules
      • Query NAT gateway details
      • Query NAT gateway list
      • Query SNAT rules
      • Release NAT gateway
      • Unbind DNAT EIP from the NAT gateway
      • Unbind SNAT EIP from the NAT gateway
      • Update DNAT rules
      • Update NAT Delete Protection Switch
      • Update NAT gateway name
      • Update SNAT rules
    • Network Detection Related Interfaces
      • Create Network Probe
      • Delete network probe
      • Query network probe details
      • Query network probe list.
      • Update probe
    • Parameter Template-Related Interfaces
      • Add IP addresses to the IP address family
      • Add IP addresses to the IP address group
      • Create IP address family
      • Create IP address set
      • Delete IP address family
      • Delete IP address from IP address group
      • Delete IP address set
      • Query IP address family list
      • Query IP address group list
      • Query specified IP address family
      • Query specified IP address group
      • Remove IP address group from IP address family
      • Update IP address family
      • Update IP address set
    • Peering Connections-Related Interfaces
      • Application to process the peering connection
      • Bandwidth resizing for peering connections
      • Create peering connections
      • Disable DNS synchronization for the peering connections.
      • Enable DNS synchronization for the peering connections
      • List of peering connections to be queried.
      • Peering connection renewal
      • Release peering connections
      • Update the local API name and remarks for peering connections
      • Update the peering connection release protection switch
      • View details of peering connection
    • Route Table Related Interfaces
      • Create route rules
      • Delete route rules
      • Primary-standby switch
      • Query route table
      • Query routing rules
      • Update route rules
    • Security Group Related Interfaces
      • Enterprise security group
        • Authorize enterprise security group rules
        • Create enterprise security group
        • Delete enterprise security group rules
        • Delete enterprise security group
        • Query enterprise security group list
        • Update enterprise security group rules
      • Regular security group
        • Authorize regular security group rules
        • Create regular security group
        • Delete regular security group rules
        • Delete regular security group
        • Query regular security group list
        • Revoke regular security group rules
        • Update regular security group rules
        • View security group details
    • Service domain
    • Service Network Interface Card (SNIC)-Related Interfaces
      • Create service network interface card
      • Delete service network interface card
      • Query mountable public services
      • Query service network interface card details
      • Query service network interface card list
      • Update regular security group for service network interface card
      • Update service network interface card with enterprise security group
      • Update the service network interface card
    • Subnet-Related Interfaces
      • Create reserved network segment
      • Create subnet
      • Delete reserved network segment
      • Delete subnet
      • Query specified subnet
      • Query subnet list
      • Query the reserved network segment list
      • Update subnet
    • VPC-Related Interfaces
      • Create VPC
      • Delete VPC
      • Open VPC relay
      • Query IP Usage by Products in VPC
      • Query specified VPC
      • Query VPC intranet IP
      • Query VPC list
      • Shut down VPC relay
      • Update VPC
    • VPN-Related Interfaces
      • Bind EIP
      • Create SSL VPN server
      • Create SSL VPN users in batches
      • Create VPN tunnel
      • Create VPN
      • Delete SSL VPN server
      • Delete SSL VPN user
      • Delete VPN tunnel
      • Query SSL-VPN server
      • Query SSL-VPN user
      • Query VPN details
      • Query VPN List
      • Query VPN tunnels
      • Release VPN
      • Unbind EIP
      • Update SSL VPN server
      • Update SSL VPN user
      • Update VPN release protection switch
      • Update VPN tunnel
      • Update VPN
      • VPN gateway renewal
    • High-Availability Virtual IP Address (HAVIP) Related Interfaces
      • Bind EIP to high-availability virtual IP address
      • Bind instance to high-availability virtual IP address
      • Create high-availability virtual IP address
      • Delete high-availability virtual IP address
      • Query high-availability virtual IP address list
      • Query the specified high-availability virtual IP address
      • Unbind EIP from high-availability virtual IP address
      • Unbind instance from high-availability virtual IP address
      • Update high-availability virtual IP address
  • FAQs
    • Common Questions Overview
    • NAT FAQs
    • Route Table FAQs
    • Service Network Interface Card(SNIC) Common Questions
    • VPC FAQs
    • VPN FAQs
    • Service Network Interface Card (SNIC) Common Questions
  • Function Release Records
  • Operation guide
    • Access control
      • ACL
      • Parameter Template
      • Security group
    • Identity and access management
    • Monitor and Operations
      • NAT Gateway Instance Diagnosis
    • Network Connection
      • Dedicated gateway
      • IPv6 gateway
      • Layer 2 Gateway
      • NAT Gateway
        • Private Network NAT(Network Address Translation) Gateway
        • Public Network NAT(Network Address Translation) Gateway
        • Private Network NAT (Network Address Translation) Gateway
        • Public Network NAT (Network Address Translation) Gateway
      • Peering Connections
      • VPN Gateway
        • GRE VPN Gateway
        • IPsec VPN Gateway
        • SSL VPN Gateway
    • Network Diagnostics
      • Flow log
      • Gateway bandwidth limiting
      • Network probe
      • Path analysis
      • Port verification
      • Traffic monitor
    • Network interface card
      • Elastic network interface
      • High-availability virtual IP address (HAVIP)
      • Service network interface card
    • Network topology
    • Route table
    • Subnet
    • Tag Management
    • Using IPv6
    • VPC
  • Product Description
    • Application scenarios
    • Product advantages
    • Product features
    • Product Introduction
    • Related concepts
    • Usage restrictions
  • Product pricing
  • SDK
    • Go-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Exception handling
      • High-availability virtual IP address (HAVIP)
      • Initialization
      • Install the SDK Package
      • IPv6Gateway
      • NAT
      • Network probe
      • Overview
      • Peering Connections
      • Route
      • Security group
        • Enterprise security group
        • Regular security group
      • Service network interface card
      • Subnet
      • VPC
      • VPN
    • Java-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Enterprise security group
      • High-availability virtual IP address (HAVIP)
      • Install the SDK Package
      • IPv6 gateway
      • NAT
      • Network probe
      • Overview
      • Parameter Template
      • Peering Connections
      • Regular security group
      • Route
      • Service network interface card
      • Subnet
      • Version history
      • vpc
      • VPN
    • PHP-SDK
      • ACL
      • Install the SDK Package
      • NAT
      • Overview
      • Peering Connections
      • Route
      • Security group
      • Subnet
      • Version history
      • vpc
    • Python-SDK
      • ACL
      • Dedicated gateway
      • Elastic network interface
      • Enterprise security group
      • High-availability virtual IP address (HAVIP)
      • Install the SDK Package
      • IPv6Gateway
      • NAT
      • Network probe
      • Overview
      • Peering Connections
      • Route
      • Security group
      • Service network interface card
      • Subnet
      • Version history
      • VPC
      • VPN
  • Service Level Agreement (SLA)
    • IPv6 Gateway Service Level Agreement SLA
    • NAT(Network Address Translation) Gateway Service Level Agreement SLA
    • Peering Connections Service Level Agreement SLA
    • Service Network Interface Card(SNIC) Service Level Agreement SLA
    • VPN Gateway Service Level Agreement SLA
    • NAT (Network Address Translation) Gateway Service Level Agreement SLA
    • Service Network Interface Card (SNIC) Service Level Agreement SLA
  • Typical Practices
    • Configure Custom Service and Use Service Network Interface Card(SNIC) to Provide Service for Other VPCs
    • HAVIP Combined with Keepalived to Achieve Master-Backup Multi-Machine High Availability
    • Layer 2 Gateway Combined with Dedicated Line Access ET to Build Large Layer 2 Network Between IDC and Cloud VPC
    • Network Layer Security Description
    • Peering Connections Typical Practice
    • Security Group Configuration Practice (Advanced Level)
    • Security Group Configuration Practice (Beginner Level)
    • Typical Practice of Managing Elastic Network Interface Using Terraform
    • Typical Practice of Managing IPsec VPN Gateway Using Terraform
    • Using Keepalived in VPC to Achieve High-Availability Architecture
    • VPC Custom Route Table to Achieve Secure Traffic Mutual Access
    • Windows Using HAVIP to Configure Master-Backup Multi-Machine
    • Configure Custom Service and Use Service Network Interface Card (SNIC) to Provide Service for Other VPCs
  • VPC CLI
    • Configure BCE-CLI
    • Install BCE-CLI
    • Route Table Related Operations
    • Subnet Related Operations
    • Using VPC Service via CLI
    • Version Change Records
    • VPC Related Operations
  • Document center
  • arrow
  • VPCVPC
  • arrow
  • Typical Practices
  • arrow
  • Peering Connections Typical Practice
Table of contents on this page
  • Overview
  • Requirement scenarios
  • Two VPC peering connections
  • Establish peering connections between one VPC and multiple VPCs
  • Multiple VPCs are interconnected via peering connections
  • Advanced scenarios
  • Two subnets within one VPC are each connected via peering connections to two separate VPCs
  • Specific subnets in two VPCs establish peering connections with the same VPC
  • Multiple instances in one VPC establish peering connections with instances in two other VPCs respectively
  • Implement peering connections between one VPC and two VPCs by adopting the longest prefix matching
  • Complex topology cases
  • Peering Connection Transitivity
  • CIDR block overlap
  • Unsupported cases
  • Multi-hop cases
  • Related products

Peering Connections Typical Practice

Updated at:2025-10-16

Overview

Peering connections provide users with VPC-level network interconnection services, enabling traffic exchange between different virtual networks for a stable, high-speed connection, whether within the same or different regions, or between the same or different users. After establishing the peering connections, configure routes to control traffic at both the global and subnet levels. Additionally, set up security group and ACL security policies to ensure secure service access.

Usage restrictions:

  • A single VPC can create up to 10 peering connection instances, and a single user is allowed to create a maximum of 10 such instances.
  • Only one peering connection can exist between any two VPCs at the same time.

For detailed steps, refer to the peering connections Operation guide.

Requirement scenarios

Two VPC peering connections

This configuration is applicable when two VPCs need to access each other's resources.

Example case

Create a peering connection between VPC A and VPC B.

Configure routes

Source network segment Destination segment Route type Next-hop instance
VPC A 172.17.0.0/16 Peering connections int-atob
VPC B 192.168.0.0/16 Peering connections int-btoa

Establish peering connections between one VPC and multiple VPCs

This configuration can be used when other VPCs need to access resources in the central VPC without requiring mutual access.

Example case

VPC A functions as the central VPC, connecting to VPC B, VPC C, and VPC D through peering connections.

  • VPC A is connected VPC B via peering connections;
  • VPC A is connected VPC C via peering connections;
  • VPC A is connected to VPC D using peering connections.

Configure routes

Source network segment Destination segment Route type Next-hop instance
VPC A 172.16.0.0/16 Peering connections int-atob
VPC A 172.17.0.0/16 Peering connections int-atoc
VPC A 10.0.0.0/16 Peering connections int-atod
VPC B 192.168.0.0/16 Peering connections int-btoa
VPC C 192.168.0.0/16 Peering connections int-ctoa
VPC D 192.168.0.0/16 Peering connections int-dtoa

Multiple VPCs are interconnected via peering connections

When multiple VPCs require unrestricted access to each other's resources (such as in File Sharing networks), this setup can be applied.

Example case

Four VPCs are interconnected via full-mesh peering connections. All VPCs are under the same Baidu AI Cloud account and have no overlapping CIDR blocks:

  • VPC A is connected VPC B via peering connections;
  • VPC A is connected VPC C via peering connections;
  • VPC A is connected VPC D via peering connections;
  • VPC B is connected VPC C via peering connections;
  • VPC B is connected VPC D via peering connections;
  • VPC C is connected to VPC D through peering connections.

Configure routes

Source network segment Destination segment Route type Next-hop instance
VPC A 172.16.0.0/16 Peering connections int-atob
VPC A 172.17.0.0/16 Peering connections int-atoc
VPC A 10.0.0.0/16 Peering connections int-atod
VPC B 192.168.0.0/16 Peering connections int-btoa
VPC B 172.17.0.0/16 Peering connections int-btoc
VPC B 10.0.0.0/16 Peering connections int-btod
VPC C 192.168.0.0/16 Peering connections int-ctoa
VPC C 172.16.0.0/16 Peering connections int-ctob
VPC C 10.0.0.0/16 Peering connections int-ctod
VPC D 192.168.0.0/16 Peering connections int-dtoa
VPC D 172.16.0.0/16 Peering connections int-dtob
VPC D 172.17.0.0/16 Peering connections int-dtoc

Advanced scenarios

Two subnets within one VPC are each connected via peering connections to two separate VPCs

This configuration can be applied when separate resource collections exist in different subnets of the central VPC, and other VPCs need selective access to these resources.

Example case

VPC A is the central VPC, containing two subnets—subnet X and subnet Y—that are connected to VPC B and VPC C via peering connections, respectively.

  • VPC A is connected VPC B via peering connections;
  • VPC A is connected to VPC C through peering connections.

Configure routes

Source network segment Destination segment Route type Next-hop instance
Subnet X in VPC A 10.0.0.0/16 Peering connections int-atob
Subnet Y in VPC A 10.0.0.0/16 Peering connections int-atoc
VPC B 172.16.0.0/24 Peering connections int-btoa
VPC C 172.16.1.0/24 Peering connections int-ctoa

Specific subnets in two VPCs establish peering connections with the same VPC

When a central VPC hosts a set of resources that do not require full access to peer-connected VPCs (e.g., for active directory services), this configuration can be utilized.

Example case

VPC A serves as the central VPC with a single subnet, while VPC B and VPC C have two subnets each, with only one subnet in each VPC dedicated to peering connections with VPC A.

  • VPC A is connected VPC B via peering connections;
  • VPC A is connected to VPC C through peering connections.

Configure routes

Source network segment Destination segment Route type Next-hop instance
VPC A 10.0.0.0/24 Peering connections int-atob
VPC A 10.0.1.0/24 Peering connections int-atoc
Subnet X in VPC B 172.16.0.0/24 Peering connections int-btoa
Subnet Y in VPC C 172.16.0.0/24 Peering connections int-btoc

Multiple instances in one VPC establish peering connections with instances in two other VPCs respectively

This configuration is suitable if peering connection traffic needs to be restricted to specific instances.

Example case

VPC A is a central VPC with a single subnet containing two instances that are interconnected via peering connections to instances in VPC B and VPC C. As an example, BCC is used.

  • VPC A is connected VPC B via peering connections;
  • VPC A is connected to VPC C through peering connections.

Configure routes

Source network segment Destination segment Route type Next-hop instance
Instance 172.16.0.88/32 in VPC A 10.0.0.44/32 Peering connections int-atob
Instance 172.16.0.99/32 in VPC A 10.0.0.55/32 Peering connections int-atoc
Instance 10.0.0.44/32 in VPC B 172.16.0.88/32 Peering connections int-btoa
Instance 10.0.0.55/32 in VPC C 172.16.0.99/32 Peering connections int-ctoa

Implement peering connections between one VPC and two VPCs by adopting the longest prefix matching

A VPC with peering connections to two VPCs within the same network segment can implement the longest prefix matching.

Example case

VPC A is a central VPC with a single subnet connected to VPC B and VPC C via peering connections. VPC B and VPC C have overlapping CIDR blocks. Specific instances in VPC A and VPC B are linked through peer connections, while other traffic targeting the 10.0.0.0/16 IP range is routed to VPC C. The instance is exemplified by Baidu Cloud Compute.

  • VPC A is connected VPC B via peering connections;
  • VPC A is connected to VPC C through peering connections.

Configure routes

Source network segment Destination segment Route type Next-hop instance
VPC A 10.0.0.77/32 Peering connections int-atob
VPC A 10.0.0.0/16 Peering connections int-atoc
VPC B 172.16.0.0/16 Peering connections int-btoa
VPC C 172.16.0.0/16 Peering connections int-ctoa

Note: If VPC A sends traffic to an instance in VPC B other than 10.0.0.77/32, the traffic will be routed to VPC C instead of VPC B.

Complex topology cases

This configuration is recommended for complex topologies involving multiple VPC peering connections with partially overlapping CIDR blocks.

Example case

In this scenario, central VPC A is peered with multiple VPCs. VPC E connects to VPC F via peering. VPC A and VPC F share overlapping CIDR blocks, so peering traffic between VPC A and VPC E is restricted to a specific subnet (Subnet X) within VPC E. This ensures that if VPC E receives a request from VPC A or VPC F, the response traffic is sent to the correct VPC. Currently, Baidu AI Cloud does not support unicast reverse path forwarding in VPC peering and verifies the source IP of packets to route reply packets correctly.

Similarly, VPC E and VPC H share overlapping CIDR blocks. Peering traffic between VPC F and VPC E is limited to Subnet Y within VPC E, while peering traffic between VPC F and VPC H is restricted to Subnet X within VPC H. This ensures that if VPC F receives traffic from VPC E or VPC H, it can send response traffic to the appropriate VPC.

The route tables for VPCs B, D, E, F, and G are configured to direct traffic through relevant peering connections to access the full CIDR block of VPC A. Meanwhile, VPC A's route table is configured to connect with VPCs B, C, and D to access their respective CIDR blocks. For the peering connection int-aaaaeeee, VPC A's route table limits traffic to Subnet X (192.168.0.0/24) in VPC E, while Subnet X's route table in VPC E routes traffic to VPC A's full CIDR block.

The route table for VPC G directs traffic through the appropriate peering connections to access the complete CIDR blocks of VPC F and VPC H, while the route table for VPC H directs traffic through the relevant peering connections to access the full CIDR block of VPC G. Additionally, the route table for subnet X in VPC H is configured to access the full CIDR block of VPC F via the corresponding peering connection. The route table for VPC F enables connectivity to subnet Y in VPC E and subnet X in VPC H through designated peering connections.

  • VPC A is connected VPC B via peering connections;
  • VPC A is connected VPC C via peering connections;
  • VPC A is connected VPC D via peering connections;
  • VPC A is connected VPC E via peering connections;
  • VPC E is connected VPC F via peering connections;
  • VPC F is connected VPC G via peering connections;
  • VPC F is connected VPC H via peering connections;
  • VPC G has established a peering connection with VPC H.


Peering Connection Transitivity

A VPC that forms peering connections with multiple VPCs can enable cross-VPC communication through proper route table configurations, making this setup straightforward. This configuration involves using a relay VPC.

Example case

All VPCs belong to the same Baidu AI Cloud account. VPC B serves as the relay VPC and connects to both VPC A and VPC C in a star topology via peering connections. Route configurations are required to establish communication between VPC A and VPC C through VPC B.

  • VPC A is connected VPC B via peering connections;

  • VPC B is connected to VPC C using peering connections.

    Notes In this case, the route relay for VPC B must be enabled. Please refer to the [Relay VPC Operation Guide](VPC/Operation guide/VPC.md#Relay VPC).

Configure routes

Source network segment Destination segment Route type Next-hop instance
VPC A 172.16.0.0/16 Peering connections int-atob
VPC A 10.0.0.0/16 Peering connections int-atob
VPC B 192.168.0.0/16 Peering connections int-btoa
VPC B 10.0.0.0/16 Peering connections int-btoc
VPC A 10.0.0.0/16 Peering connections int-btoc
VPC C 192.168.0.0/16 Peering connections int-btoa
VPC C 192.168.0.0/16 Peering connections int-ctob
VPC C 172.16.0.0/16 Peering connections int-ctob

Additionally, Baidu AI Cloud supports enabling connection propagation for peering connections using dedicated lines or VPNs by configuring route tables.

CIDR block overlap

Peering connections allow two VPCs with overlapping CIDR blocks to interconnect.

Example case

VPC A and VPC B share the same CIDR block, each containing two subnets. They are connected through peering connections, and route table configurations enable communication between the subnets in each VPC.

Configure routes

Source network segment Destination segment Route type Next-hop instance
Subnet X in VPC A 192.168.2.0/24 Peering connections int-atob
Subnet Y in VPC A 192.168.4.0/24 Peering connections int-atob
Subnet X in VPC B 192.168.1.0/24 Peering connections int-btoa
Subnet Y in VPC B 192.168.3.0/24 Peering connections int-btoa

Note: In this case, the subnet CIDRs at both ends must not overlap when configuring the route.

Unsupported cases

Multi-hop cases

The transitivity of peering connections is limited to one VPC.

Example case

VPC A is connected to VPC B, VPC B is connected to VPC C, and VPC C is connected to VPC D. However, direct connectivity between VPC A and VPC D is not supported. Switching from a linear topology to a star topology is recommended.

Related products

Peering Connections, Virtual Private Cloud

Previous
Network Layer Security Description
Next
Security Group Configuration Practice (Advanced Level)