Peer VPCs

Peer your cluster VPC with a VPC in GCP

YugabyteDB Managed supports virtual private cloud (VPC) networks on AWS and GCP.

Using YugabyteDB Managed, you can create a VPC on GCP, deploy clusters in the VPC, and peer the VPC with application VPCs hosted on GCP.

To peer VPCs in GCP, you need to complete the following tasks:

Task Notes
Create the VPC Reserves a range of private IP addresses for the network.
The status of the VPC is Active when done.
Create a peering connection Connects your VPC and the application VPC on the cloud provider network.
The status of the peering connection is Pending when done.
Complete the peering in GCP Confirms the connection between your VPC and the application VPC.
The status of the peering connection is Active when done.
Deploy a cluster in the VPC This can be done at any time - you don't need to wait until the VPC is peered.
Add the application VPC to the IP allow list Allows the peered application VPC to connect to the cluster.
Add at least one of the CIDR blocks associated with the peered application VPC to the IP allow list for your cluster.

With the exception of completing the peering in GCP, these tasks are performed in YugabyteDB Managed.

For information on VPC network peering in GCP, refer to VPC Network Peering overview in the Google VPC documentation.

Create a VPC

To avoid cross-region data transfer costs, deploy your VPC in the same region as the application VPC you are peering with.

What you need

The CIDR range for the application VPC with which you want to peer, as the addresses can't overlap.

Where to find it
Navigate to the GCP VPC networks page.

To create a VPC, do the following:

  1. On the Network Access page, select VPC Network, then VPCs.

  2. Click Create VPC to display the Create VPC sheet.

  3. Enter a name for the VPC.

  4. Choose the provider (GCP).

  5. Choose one of the following options:

    • Automated - VPCs are created globally and GCP assigns network blocks to each region supported by YugabyteDB Managed. (Not recommended for production, refer to Considerations for auto mode VPC networks in the GCP documentation.)
    • Custom - Select a region. Click Add Region to add additional regions. If the VPC is to be used for a multi-region cluster, add a region for each of the regions in the cluster.

  6. Specify the CIDR address. CIDR addresses in different regions can't overlap.

    • For Automated, use network sizes of /16, /17, or /18.
    • For Custom, use network sizes of /24, /25, or /26.

    Ensure the address does not overlap with that of the application VPC.

  7. Click Save.

YugabyteDB Managed adds the VPC to the VPCs list with a status of Creating. If successful, after a minute or two, the status will change to Active.

The VPC's network name and project ID are automatically assigned. You'll need these details when configuring the peering in GCP.

Create a peering connection

After creating a VPC in YugabyteDB Managed that uses GCP, you can peer it with a GCP application VPC.

What you need

The following details for the GCP application VPC you are peering with:

  • GCP project ID
  • VPC name
  • VPC CIDR address

Where to find it
Navigate to your GCP VPC networks page.

To create a peering connection, do the following:

  1. On the Network Access page, select VPC Network, then Peering Connections.
  2. Click Add Peering Connection to display the Create Peering sheet.
  3. Enter a name for the peering connection.
  4. Choose GCP.
  5. Choose the YugabyteDB Managed VPC. Only VPCs that use GCP are listed.
  6. Enter the GCP Project ID, application VPC network name, and, optionally, VPC CIDR address.
  7. Click Initiate Peering.

The peering connection is created with a status of Pending.

Complete the peering in GCP

To complete a Pending GCP peering connection, you need to sign in to GCP and create a peering connection.

What you need

The Project ID and VPC network name of the YugabyteDB Managed VPC you are peering with.

Where to find it
The VPC Details sheet on the VPCs page or the Peering Details sheet on the Peering Connections page.

In the Google Cloud Console, do the following:

  1. Under VPC network, select VPC network peering and click Create Peering Connection.

    VPC network peering in GCP

  2. Click Continue to display the Create peering connection details.

    Create peering connection in GCP

  3. Enter a name for the GCP peering connection.

  4. Select your VPC network name.

  5. Select In another project and enter the Project ID and VPC network name of the YugabyteDB Managed VPC you are peering with.

  6. Click Create.

When finished, the status of the peering connection in YugabyteDB Managed changes to Active if the connection is successful.

Deploy a cluster in the VPC

You can deploy a cluster in the VPC any time after the VPC is created.

To deploy a cluster in a VPC:

  1. On the Clusters page, click Add Cluster.

  2. Choose Dedicated.

  3. Enter a name for the cluster, choose GCP, and click Next.

  4. For a Single-Region Deployment, choose the region where the VPC is deployed, and under Configure VPC, choose Use VPC peering, and select your VPC.

    For a Multi-Region Deployment, select the regions where the cluster is to be deployed, then select the VPC. The same VPC is used for all regions.

For more information on creating clusters, refer to Create a cluster.

Add the application VPC to the cluster IP allow list

To enable the peered application VPC to connect to the cluster, you need to add the peered VPC to the cluster IP allow list.

To add the application VPC to the cluster IP allow list:

  1. On the Clusters page, select the cluster you are peering, click Actions, and choose Edit IP Allow List to display the Add IP Allow List sheet.

  2. Click Add Peered VPC Networks.

  3. Click Save when done.

For more information on IP allow lists, refer to IP allow lists.