If you’re building and managing applications in public cloud providers like GCP or AWS, chances are you’ve heard of VPC peering. This blog post explains what VPC peering is, why you’d want to use it, and, if you’re using CockroachDB Dedicated today, how you can get started with our new VPC peering functionality.
What is a VPC and what is VPC peering?
First thing’s first - a virtual private cloud (VPC) is a logically isolated, virtual network within a cloud provider. A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. VPC peering allows you to deploy cloud resources in a virtual network that you have defined. Instances in either VPC can communicate with each other as if they were within the same network. Data can be transferred across these resources with more security.
What are the benefits of using VPC peering?
- Improve security. VPC peering comes with the major benefit of improving security by enabling private connectivity between two or more VPC networks, isolating traffic from the public Internet. Because your traffic never leaves the cloud provider’s network, you reduce a whole class of risks for your stack.
- Save money on network costs. With VPC peering, you save on network transit costs and benefit from improved network latency. Because peering traffic does not leave your cloud provider’s network, that reduces public IP latency. And since peered networks use internal IPs to communicate, transferring data over the cloud provider’s network is cheaper than over the public Internet.
- Get more flexibility for services that don’t need to connect to the Internet. Another reason to use VPC peering is when your instances do not require a public IP address or a network address translation (NAT) configuration to the public Internet. This can be desirable for backend services, where a user wants to block all egress traffic to the public Internet from their instances.
VPC peering in CockroachDB Dedicated
Since releasing CockroachDB Dedicated, our database-as-a-service, a year ago, we’ve continued to add new features and functionality. With the most recent update, CockroachDB Dedicated now provides you with the ability to directly peer your GCP VPCs with your CockroachDB Dedicated cluster’s VPC.
Before, CockroachDB Dedicated required you to authorize networks that could access the cluster, typically including your application server’s network in a production environment, as well as your local machine’s network in a development environment. This process was clunky and also had some limitations when running applications in Kubernetes.
Now, VPC peering gives you a faster and smoother user experience. You can sidestep the old requirement of allowlisting IP addresses within CockroachDB Dedicated before you’re able to connect (though that IP allowlist option is always available if the need arises).
How to set up VPC peering in GCP in 3 steps:
- At the moment of creating a cluster, you can specify an IP address range (in CIDR notation) for your CockroachDB Dedicated cluster’s network. That range should not overlap with the IP ranges in your application’s network.
- Once your cluster is configured, you kickoff the VPC peering request by adding your GCP project ID and GCP VPC network name.
- CockroachDB Dedicated will provide you a handy gcloud command line to run which will allow GCP to accept the new VPC peering request.
What about VPC peering in AWS?
If you are running on AWS, hang tight. The ability to securely connect AWS VPCs with CockroachDB Dedicated via AWS PrivateLink is coming soon.
Learn more about VPC peering in CockroachDB Dedicated
With VPC peering, you can securely connect your GCP applications with your CockroachDB Dedicated clusters. You can learn more in our VPC peering documentation and sign up here to get started. And if you have any questions, feel free to swing by our community Slack Channel.
We’re excited to see what you build with CockroachDB Dedicated!
