GCPcloud~5 mins

VPC peering in GCP - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes you have two separate private networks in the cloud and you want them to talk to each other securely without using the public internet. VPC peering connects these networks so they can share resources easily and safely.

When you have two projects with separate networks that need to share data privately.

When you want to connect a development environment network to a production environment network without exposing them publicly.

When you want to allow virtual machines in different networks to communicate directly.

When you want to reduce latency by connecting networks in the same region.

When you want to avoid using VPNs or public IPs for internal communication between networks.

Config File - vpc-peering.yaml

vpc-peering.yaml

resources:
- name: my-vpc-peering-connection
  type: compute.v1.networkPeering
  properties:
    network: projects/my-project/global/networks/my-vpc
    peerNetwork: projects/peer-project/global/networks/peer-vpc
    name: my-vpc-to-peer-vpc
    autoCreateRoutes: true

This YAML file defines a VPC peering connection between two networks.

network: The source VPC network in your project.

peerNetwork: The VPC network in the other project you want to connect to.

name: A name for this peering connection.

autoCreateRoutes: Automatically creates routes so traffic can flow between the networks.

Commands

This command creates a VPC peering connection from your VPC 'my-vpc' to the peer VPC 'peer-vpc' in the 'peer-project'. It also sets up routes automatically so the networks can communicate.

Terminal

gcloud compute networks peerings create my-vpc-to-peer-vpc --network=my-vpc --peer-project=peer-project --peer-network=peer-vpc --auto-create-routes

Expected OutputExpected

Created peering [my-vpc-to-peer-vpc].

→

--network - Specifies the name of your VPC network.

→

--peer-project - Specifies the project ID of the peer network.

→

--peer-network - Specifies the name of the peer VPC network.

→

--auto-create-routes - Automatically creates routes for network communication.

This command lists all VPC peering connections for your VPC 'my-vpc' so you can verify the peering was created successfully.

Terminal

gcloud compute networks peerings list --network=my-vpc

Expected OutputExpected

NAME NETWORK PEER_PROJECT PEER_NETWORK STATE my-vpc-to-peer-vpc my-vpc peer-project peer-vpc ACTIVE

→

--network - Specifies the VPC network to list peerings for.

This command shows detailed information about the specific VPC peering connection named 'my-vpc-to-peer-vpc'.

Terminal

gcloud compute networks peerings describe my-vpc-to-peer-vpc --network=my-vpc

Expected OutputExpected

name: my-vpc-to-peer-vpc network: projects/my-project/global/networks/my-vpc peerNetwork: projects/peer-project/global/networks/peer-vpc state: ACTIVE autoCreateRoutes: true

→

--network - Specifies your VPC network.

Key Concept

If you remember nothing else from this pattern, remember: VPC peering connects two private networks so they can communicate directly and securely without using the public internet.

Common Mistakes

Trying to create a peering connection without specifying the correct peer project or peer network.

The command will fail because it cannot find the target network to connect to.

Always double-check the peer project ID and peer network name before running the peering create command.

Not enabling auto-create-routes flag and forgetting to manually add routes.

Without routes, the networks cannot send traffic to each other even if peering exists.

Use --auto-create-routes to automatically set up routes or manually add routes after peering.

Assuming peering is bi-directional without creating peering from both sides.

In GCP, peering must be created from both VPCs to allow two-way communication.

Create a peering connection from each VPC to the other.

Summary

Use 'gcloud compute networks peerings create' to connect two VPC networks securely.

Verify the peering connection with 'gcloud compute networks peerings list' and 'describe'.

Remember to create peering from both networks and set up routes for communication.