I’m trying to establish VPC peering between our ERP VPC (10.0.0.0/16) and analytics VPC (10.1.0.0/16) but the connection status shows active yet instances can’t communicate. I’ve accepted the peering request and both VPCs show the connection as active in the console.
Route table entry:
Destination: 10.1.0.0/16
Target: pcx-abc123def
Status: Active
Pinging from ERP VPC to analytics VPC times out completely. Security groups allow all traffic from the peer VPC CIDR block. This is blocking our real-time data sync between systems and causing major delays in analytics reporting. What am I missing in the configuration?
NACLs are stateless and could definitely be the issue. Default NACLs allow all traffic, but if you have custom NACLs on your subnets, they need explicit allow rules for both inbound and outbound traffic. Check the NACLs associated with the subnets in both VPCs. You need to allow the peer VPC CIDR range in both directions. Also, make sure you’re testing from instances in the correct subnets - the ones with the updated route tables.
Good catch! I added routes to both VPCs’ main route tables. Still no connectivity though. I double-checked and the routes are in the correct tables associated with the subnets where our instances are running. Could there be an issue with overlapping CIDR blocks even though they’re different?
I checked for secondary CIDRs - none present. Security groups on both sides allow all traffic (0.0.0.0/0 for testing). Still can’t ping across the peering connection. Could NACLs be blocking this? I haven’t touched those but maybe there are default rules interfering?
One more thing to check - are your instances using the correct DNS resolution? If you’re trying to reach instances by private DNS names, you need to enable DNS resolution for the peering connection. In the VPC peering connection settings, there are options for “Requester DNS resolution” and “Accepter DNS resolution” that need to be enabled if you want DNS names to resolve across the peering connection.