Creating a Net Peering

You can create a Net peering between one of your Nets and another Net to enable communication between them.

This action sends a request from your Net to connect to another Net, which can belong to you or another account.

The owner of the other Net must accept the request to create the connection. For more information, see Accepting a Net Peering.

Peered Nets must contain at least one virtual machine (VM) each before the creation of the Net peering.

If you use Cockpit to create a Net peering between two Nets that belong to your account, the request is automatically accepted.
A peering connection between two Nets works both ways. If an A-to-B connection is already created and accepted, creating a B-to-A connection is not necessary and would be automatically rejected.

Creating a Net Peering Using Cockpit v2

Before you begin:

Create a Net. For more information, see Creating a Net.
Ensure that you have the ID of the Net you want to peer with.

Peered Nets must not have overlapping CIDR blocks. Otherwise, the connection is automatically in the failed state. For more information, see About Net Peerings.

In the Net Peerings dashboard, click Create Net Peering.
The CREATE NET PEERING dialog box appears.
In the Name field, type a name for the Net peering.

This action adds a Name tag of 255 characters maximum. You can use any character, including accented letters.
From the Source Net list, select the Net you want to send the request from.
If you are peering two Nets in your own account:
1. Leave the My account switch on.
2. From the Target Net list, select the Net you want to connect with.
If you are peering one of your Nets with a Net which belongs to another account:
1. Switch off My account.
2. In the Owner Account ID field, type the account ID of the owner of the Net you want to connect with.
3. In the Target Net field, type the ID of the Net you want to connect with.
Click Create.
The Net peering is created.

Creating a Net Peering Using OSC CLI

Before you begin:

Create a Net. For more information, see Creating a Net.
Ensure that you have the ID of the Net you want to peer with.
If the accepter Net belongs to another account, ensure that you have the account ID of the owner.

The CreateNetPeering command requests a Net peering between a Net you own and a peer Net that belongs to you or another account.
This action creates a Net peering that remains in the pending-acceptance state until it is accepted by the owner of the peer Net. If the owner of the peer Net does not accept the request within 7 days, the state of the Net peering becomes expired. For more information, see AcceptNetPeering.

Peered Nets must contain at least one virtual machine (VM) each before the creation of the Net peering.
The two Nets must not have overlapping IP ranges. Otherwise, the Net peering is in the failed state.
A peering connection between two Nets works both ways. If an A-to-B connection is already created and accepted, creating a B-to-A connection is not necessary and would be automatically rejected.

For more information, see About Net Peerings.

Request sample

$ osc-cli api CreateNetPeering --profile "default" \
    --SourceNetId "vpc-12345678" \
    --AccepterNetId "vpc-87654321" \
    --AccepterOwnerId '"123456789012"'

This command contains the following attributes that you need to specify:

AccepterNetId: The ID of the Net you want to connect with.
AccepterOwnerId: (optional) The account ID of the owner of the Net you want to connect with. By default, the account ID of the owner of the Net from which the peering request is sent.
DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
SourceNetId: The ID of the Net you send the peering request from.

The CreateNetPeering command returns the following elements:

NetPeering: Information about the Net peering.
- AccepterNet: Information about the accepter Net.
  - AccountId: The account ID of the owner of the accepter Net.
  - IpRange: The IP range for the accepter Net, in CIDR notation (for example, 10.0.0.0/16).
  - NetId: The ID of the accepter Net.
- ExpirationDate: The date and time (UTC) at which the Net peerings expire.
- NetPeeringId: The ID of the Net peering.
- SourceNet: Information about the source Net.
  - AccountId: The account ID of the owner of the source Net.
  - IpRange: The IP range for the source Net, in CIDR notation (for example, 10.0.0.0/16).
  - NetId: The ID of the source Net.
- State: Information about the state of the Net peering.
  - Message: Additional information about the state of the Net peering.
  - Name: The state of the Net peering (pending-acceptance | active | rejected | failed | expired | deleted).
- Tags: One or more tags associated with the Net peering.
  - Key: The key of the tag, with a minimum of 1 character.
  - Value: The value of the tag, between 0 and 255 characters.
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "NetPeering": {
    "Tags": [],
    "State": {
      "Name": "pending-acceptance",
      "Message": "Pending acceptance by 123456789012"
    },
    "AccepterNet": {
      "NetId": "vpc-12345678",
      "IpRange": "172.16.0.0/16",
      "AccountId": "123456789012"
    },
    "SourceNet": {
      "NetId": "vpc-12345678",
      "IpRange": "10.0.0.0/16",
      "AccountId": "123456789012"
    },
    "NetPeeringId": "pcx-12345678"
  }
}

Creating a Net Peering Using oapi-cli

Before you begin:

Create a Net. For more information, see Creating a Net.
Ensure that you have the ID of the Net you want to peer with.
If the accepter Net belongs to another account, ensure that you have the account ID of the owner.

Peered Nets must contain at least one virtual machine (VM) each before the creation of the Net peering.
The two Nets must not have overlapping IP ranges. Otherwise, the Net peering is in the failed state.
A peering connection between two Nets works both ways. If an A-to-B connection is already created and accepted, creating a B-to-A connection is not necessary and would be automatically rejected.

For more information, see About Net Peerings.

Request sample

$ oapi-cli --profile "default" CreateNetPeering \
    --SourceNetId "vpc-12345678" \
    --AccepterNetId "vpc-87654321" \
    --AccepterOwnerId "123456789012"

This command contains the following attributes that you need to specify:

AccepterNetId: The ID of the Net you want to connect with.
AccepterOwnerId: (optional) The account ID of the owner of the Net you want to connect with. By default, the account ID of the owner of the Net from which the peering request is sent.
DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
SourceNetId: The ID of the Net you send the peering request from.

The CreateNetPeering command returns the following elements:

NetPeering: Information about the Net peering.
- AccepterNet: Information about the accepter Net.
  - AccountId: The account ID of the owner of the accepter Net.
  - IpRange: The IP range for the accepter Net, in CIDR notation (for example, 10.0.0.0/16).
  - NetId: The ID of the accepter Net.
- ExpirationDate: The date and time (UTC) at which the Net peerings expire.
- NetPeeringId: The ID of the Net peering.
- SourceNet: Information about the source Net.
  - AccountId: The account ID of the owner of the source Net.
  - IpRange: The IP range for the source Net, in CIDR notation (for example, 10.0.0.0/16).
  - NetId: The ID of the source Net.
- State: Information about the state of the Net peering.
  - Message: Additional information about the state of the Net peering.
  - Name: The state of the Net peering (pending-acceptance | active | rejected | failed | expired | deleted).
- Tags: One or more tags associated with the Net peering.
  - Key: The key of the tag, with a minimum of 1 character.
  - Value: The value of the tag, between 0 and 255 characters.
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "NetPeering": {
    "Tags": [],
    "State": {
      "Name": "pending-acceptance",
      "Message": "Pending acceptance by 123456789012"
    },
    "AccepterNet": {
      "NetId": "vpc-12345678",
      "IpRange": "172.16.0.0/16",
      "AccountId": "123456789012"
    },
    "SourceNet": {
      "NetId": "vpc-12345678",
      "IpRange": "10.0.0.0/16",
      "AccountId": "123456789012"
    },
    "NetPeeringId": "pcx-12345678"
  }
}

Creating a VPC Peering Connection Using AWS CLI

Before you begin:

Install and configure AWS CLI. For more information, see Installing and Configuring AWS CLI.
Create a VPC. For more information, see Creating a Net.
Ensure that you have the ID of the VPC you want to peer with.
If the accepter VPC belongs to another account, ensure that you have the account ID of the owner.

To create a VPC peering connection, use the create-vpc-peering-connection command following this syntax:

Request sample

$ aws ec2 create-vpc-peering-connection \
    --profile YOUR_PROFILE \
    --vpc-id vpc-1a2b3c4d \
    --peer-vpc-id vpc-11122233 \
    --peer-owner-id 888877776666 \
    --endpoint https://fcu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

(optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
vpc-id: The ID of the VPC you send the request from.
peer-vpc-id: The ID of the VPC you want to connect with.

Peered Nets must not have overlapping CIDR blocks. Otherwise, the connection is automatically in the failed state. For more information, see About Net Peerings.
(optional) peer-owner-id: The account ID of the owner of the VPC you want to connect with. By default, your account ID.
endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The create-vpc-peering-connection command returns the following elements:

VpcPeeringConnection: Information about the VPC peering connection you requested. This element contains the following information:
- AccepterVpcInfo: Information about the VPC you want to connect with. This element contains the following information:
  - CidrBlock: The range of IPs of the VPC, in CIDR notation.
  - OwnerId: The account ID of the owner of the VPC.
  - VpcId: The ID of the VPC.
- RequesterVpcInfo: Information about the VPC you send the request from. This element contains the following information:
  - CidrBlock: The range of IPs of the VPC, in CIDR notation.
  - OwnerId: The account ID of the owner of the VPC.
  - VpcId: The ID of the VPC.
- Status: Information about the state of the VPC peering connection. This element contains the following information:
  - Code: The state of the VPC peering connection (pending-acceptance | failed). For more information, see About VPC Peering Connections > Lifecycle.
  - Message: Additional information about the state of the VPC peering connection.
- Tags: One or more tags associated with the VPC peering connection. This element contains the following information:
  - Key: The key of the tag.
  - Value: The value of the tag.
- VpcPeeringConnectionId: The ID of the VPC peering connection.

Result sample

{
    "VpcPeeringConnection": {
        "AccepterVpcInfo": {
            "CidrBlock": "172.16.0.0/28",
            "OwnerId": "888877776666",
            "VpcId": "vpc-11122233"
        },
        "RequesterVpcInfo": {
            "CidrBlock": "10.0.0.0/28",
            "OwnerId": "444455556666",
            "VpcId": "vpc-1a2b3c4d"
        },
        "Status": {
            "Code": "pending-acceptance",
            "Message": "Pending acceptance by 888877776666"
        },
        "Tags": [],
        "VpcPeeringConnectionId": "pcx-111aaa11"
    }
}

A connection request is sent from your VPC to the accepter VPC.

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.