If you’re building and managing applications in public cloud providers like GCP or AWS, chances are you’ve heard of VPC peering. This blog post explains what VPC peering is, why you’d want to use it, and, if you’re using CockroachCloud today, how you can get started with our new VPC peering functionality.
What is a VPC and what is VPC peering?
First thing’s first - a virtual private cloud (VPC) is a logically isolated, virtual network within a cloud provider. A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. VPC peering allows you to deploy cloud resources in a virtual network that you have defined. Instances in either VPC can communicate with each other as if they were within the same network. Data can be transferred across these resources with more security.
What are the benefits of using VPC peering?
- Improve security. VPC peering comes with the major benefit of improving security by enabling private connectivity between two or more VPC networks, isolating traffic from the public Internet. Because your traffic never leaves the cloud provider’s network, you reduce a whole class of risks for your stack.
- Save money on network costs. With VPC peering, you save on network transit costs and benefit from improved network latency. Because peering traffic does not leave your cloud provider’s network, that reduces public IP latency. And since peered networks use internal IPs to communicate, transferring data over the cloud provider’s network is cheaper than over the public Internet.
- Get more flexibility for services that don’t need to connect to the Internet. Another reason to use VPC peering is when your instances do not require a public IP address or a network address translation (NAT) configuration to the public Internet. This can be desirable for backend services, where a user wants to block all egress traffic to the public Internet from their instances.
VPC peering in CockroachCloud
Since releasing CockroachCloud, our database-as-a-service, a year ago, we’ve continued to add new features and functionality. With the most recent update, CockroachCloud now provides you with the ability to directly peer your GCP VPCs with your CockroachCloud cluster’s VPC.
Before, CockroachCloud required you to authorize networks that could access the cluster, typically including your application server’s network in a production environment, as well as your local machine’s network in a development environment. This process was clunky and also had some limitations when running applications in Kubernetes.
Now, VPC peering gives you a faster and smoother user experience. You can sidestep the old requirement of allowlisting IP addresses within CockroachCloud before you’re able to connect (though that IP allowlist option is always available if the need arises).
Follow these three steps to set up VPC peering in GCP:
- At the moment of creating a cluster, you can specify an IP address range (in CIDR notation) for your CockroachCloud cluster’s network. That range should not overlap with the IP ranges in your application’s network.
- Once your cluster is configured, you kickoff the VPC peering request by adding your GCP project ID and GCP VPC network name.
- CockroachCloud will provide you a handy gcloud command line to run which will allow GCP to accept the new VPC peering request.
What about AWS?
If you are running on AWS, hang tight. The ability to securely connect AWS VPCs with CockroachCloud via AWS PrivateLink is coming soon.
Learn more about VPC peering in CockroachCloud
With VPC peering, you can securely connect your GCP applications with your CockroachCloud clusters. You can learn more in our VPC peering documentation and sign up here to get started. And if you have any questions, feel free to swing by our community Slack Channel.
We’re excited to see what you build with CockroachCloud!