Question

How to setup VPC peering to work properly

Hi, I’ve turned on vpc peering alpha access, and peered two of my vpcs together. But I couldn’t reach each other even with firewall wide open (allow all tcp, udp)

And I found this docs on vpc peering page, https://docs.google.com/document/d/1D31gsRiFFAAhS9zH1_3xOF8CGkIRhmHoK5tsRVe5We0/edit?tab=t.0

the ip route commands weren’t really helpful, cause it just errors RTNETLINK answers: File exists, which is correctly. the commands were just pointing every private cidrs to my vpc’s gateway, which doesn’t make sense and didn’t work.

I am wondering if anyone else have made it working successfully (just between droplets from two vpcs from the same region, nothing fancy)


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
October 15, 2024

Hi there 👋,

Indeed, that doc should be the way to go for the time being!

What you could do first is to double-check that the correct routes are in place for your Droplets to communicate across the VPC peering connection. You mentioned seeing the RTNETLINK answers: File exists error, which suggests that a route is already in place. Run the following command to list the routes on your Droplet:

ip route show

Look for any routes that point to the private IP ranges of the other VPC. If the routes already exist and are correct, you don’t need to re-add them manually. Feel free to share the output here.

Also, confirm that the VPC peering connection is fully established and active. You can use the DigitalOcean API or the control panel to check the status of the VPC peering connection. It should show as ACTIVE and not PENDING. You can do this by running:

curl -X GET -H "Authorization: Bearer $DO_TOKEN" \
"https://api.digitalocean.com/v2/vpc_peerings/<vpc-peering-id>"

After that, you can test the connection by pinging the private IP addresses of the Droplets in the other VPC:

ping <droplet-private-ip-in-other-vpc>

If you’re still not able to reach the other Droplet, try running traceroute to see where the traffic might be getting blocked:

traceroute <droplet-private-ip-in-other-vpc>

This will give you an idea of whether the traffic is reaching the VPC gateway or if it’s being blocked elsewhere.

If all else fails, I would recommend removing any manually added routes and relying on the default routes created by the VPC peering connection. If the VPC peering connection is set up correctly and the firewall is open, the Droplets should be able to communicate without needing to manually adjust routes.

If all that fails, you could reach out to the DigitalOcean support team who will be able to further advise you on this:

https://www.digitalocean.com/support/

- Bobby.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more