In real-world cloud projects, you often need to connect two isolated VPC networks so their resources can communicate securely over internal IPsโwithout exposing them to the internet.
This is where VPC Network Peering comes in. It provides low-latency, private communication between VPCs while keeping them administratively separate.
In this demo, weโll set up two VPCs, create subnets and VM instances, test connectivity, and then enable VPC Peering to allow secure internal communication.
๐น Step 01: Introduction
We will:
- Create two VPCs (vpc1 and vpc2)
- Create subnets in each (vpc1subnet, vpc2subnet)
- Create VMs inside each subnet (vpc1-vm, vpc2-vm)
- Test ping between VMs (will fail initially)
- Configure VPC Peering between the VPCs
- Re-run ping test (should succeed now ๐)
๐น Step 02: Create VPC1 and Subnet
VPC1 Setup
- Name: vpc1
- Mode: Custom
- Firewall rules: allow-ssh, allow-icmp, allow-custom
- Routing: Default (Global)
Subnet for VPC1
- Name: vpc1subnet
- Region: us-central1
- CIDR: 10.1.0.0/16
๐น Step 03: Create VPC2 and Subnet
VPC2 Setup
- Name: vpc2
- Mode: Custom
- Firewall rules: allow-ssh, allow-icmp, allow-custom
- Routing: Default (Global)
Subnet for VPC2
- Name: vpc2subnet
- Region: us-central1
- CIDR: 10.8.0.0/16
๐น Step 04: Create VM Instances
# Set Project
gcloud config set project gcpdemos
# VM in vpc1subnet
gcloud compute instances create vpc1-vm \
--zone=us-central1-a \
--machine-type=e2-micro \
--network-interface=subnet=vpc1subnet
# VM in vpc2subnet
gcloud compute instances create vpc2-vm \
--zone=us-central1-a \
--machine-type=e2-micro \
--network-interface=subnet=vpc2subnet
๐น Step 05: Test Initial Connectivity
# Connect to vpc1-vm
gcloud compute ssh vpc1-vm --zone=us-central1-a --project=gcpdemos
# Try ping vpc2-vm internal IP
ping <vpc2-vm-internal-ip>
# โ Should FAIL
# Connect to vpc2-vm
gcloud compute ssh vpc2-vm --zone=us-central1-a --project=gcpdemos
# Try ping vpc1-vm internal IP
ping <vpc1-vm-internal-ip>
# โ Should FAIL
๐น Step 06: Configure VPC Peering
From VPC1 โ VPC2
- Go to VPC Network -> VPC network peering -> CREATE PEERING CONNECTION
- Name: vpc1-to-vpc2-peering
- Your VPC: vpc1
- Peer Project: gcpdemos
- Peer VPC: vpc2
- Enable import/export subnet routes
From VPC2 โ VPC1
Name: vpc2-to-vpc1-peering
- Go to VPC Network -> VPC network peering -> CREATE PEERING CONNECTION
- Name: vpc2-to-vpc1-peering
- Your VPC: vpc2
- Peer Project: gcpdemos
- Peer VPC: vpc1
- Enable import/export subnet routes
Step-07: Verify VPC Peering connection status
- Go to VPC Network -> VPC network peering -
- Check status โ Both connections should be ACTIVE โ
๐น Step 08: Verify Connectivity After Peering
# From vpc1-vm โ vpc2-vm
gcloud compute ssh vpc1-vm --zone=us-central1-a --project=gcpdemos
ping <vpc2-vm-internal-ip>
# โ
Should PASS
# From vpc2-vm โ vpc1-vm
gcloud compute ssh vpc2-vm --zone=us-central1-a --project=gcpdemos
ping <vpc1-vm-internal-ip>
# โ
Should PASS
๐น Step 09: Cleanup
- Delete the 2 VM's
- Delete the VNET Peering connections
- Delete the 2 VPC's
๐ฏ Summary
- Before Peering โ VMs in different VPCs cannot talk
- After Peering โ Private, low-latency connectivity works over internal IPs
- Use Cases:
- Multi-project architecture
- SaaS providers exposing services securely
- Connecting dev/test VPCs with shared services VPC
๐ฅ With just a few steps, youโve enabled private communication between VPCs in Google Cloud using VPC Network Peering.
Top comments (0)