Connecting VPCs

With the network services described in Table 1, you can flexibly connect VPCs in the same region, in different regions, or in different accounts.

**Table 1** Networking services that can connect VPCs
Network Service	Function	Highlights
VPC Peering	With VPC Peering, you can peer two VPCs in the same region. The VPCs can be in the same account or different accounts.	VPC Peering is free. Routes can be configured on the console easily.
Enterprise Router	An enterprise router can connect multiple VPCs in the same account or different accounts to set up a hub-and-spoke network. Compared with VPC Peering, Enterprise Router is more suitable for complex networking where many VPCs need to be connected.	VPCs in the same region can be connected in minutes. Automatic route configuration Low latency and high speed Simple network topology and high scalability
Cloud Connect Cloud Connection Central Network	Cloud Connect can connect VPCs under the same account or different accounts across regions. You can: Load VPCs in different regions to a cloud connection. Attach VPCs in the same region to an enterprise router and add enterprise routers in different regions to a central network as attachments. This solution features higher scalability and is suitable for complex networking with many VPCs from different regions.	Cross-region VPC connectivity in minutes Automatic route configuration Low latency and high speed
VPN	You can use VPN to connect VPCs in different regions. This will enable them to communicate with each other over the Internet.	Low costs Simple configuration Immediate use The network quality depends on the Internet.
Direct Connect	You can use Direct Connect to connect VPCs in different regions.	Dedicated connections with high security Low latency and high speed

Connecting VPCs in the Same Region

If the VPCs you want to connect are in the same region, you can use VPC Peering or Enterprise Router.

Before connecting VPCs, you need to plan their CIDR blocks in advance. Overlapping CIDR blocks may cause communication failure.

With VPC Peering, you can peer two VPCs in the same region. The VPCs can be in the same account or different accounts.

You can refer to the following topics:

In Figure 1, a VPC peering connection (Peering-AB) connects two VPCs (VPC-A and VPC-B) in a region.

Figure 1 Connecting VPCs in the same region over a VPC peering connection

An enterprise router can connect multiple VPCs in the same account or different accounts to set up a hub-and-spoke network. Compared with VPC Peering, Enterprise Router is more suitable for complex networking where many VPCs need to be connected.

For details, see Using an Enterprise Router to Enable Communications Between VPCs in the Same Region.

In Figure 2, an enterprise router connects multiple VPCs in the same region and forwards traffic among them. The routes are automatically configured for the VPCs and the enterprise router.

Figure 2 Connecting VPCs in the same region using an enterprise router

Connecting VPCs in Different Regions

If the VPCs to be connected are located in different regions, you can use Cloud Connect, Direct Connect, or VPN.

Before connecting VPCs, you need to plan their CIDR blocks in advance. Overlapping CIDR blocks may cause communication failure.

You can load VPCs in different regions to a cloud connection, regardless of whether the VPCs are in the same account or different accounts. For details, see Connecting VPCs in Different Regions.

In Figure 3, two VPCs (VPC-AX and VPC-AY) in region A, a VPC (VPC-B) in region B, and a VPC (VPC-C) in region C are connected over a cloud connection for private network communications.

Figure 3 Using a cloud connection to connect VPCs in different regions

You can attach VPCs in the same region to an enterprise router, and then add enterprise routers in different regions to a central network as attachments, so the VPCs can communicate with each other. This solution features higher scalability and is suitable for complex networking if there are multiple VPCs in different regions.

For details, see Connecting VPCs Across Regions Using Enterprise Router and Central Network.

In Figure 4, there are four VPCs in three regions: VPC-A in region A, VPC-B in region B, and VPC-C and VPC-D in region C. There is an enterprise router in each region: ER-A for VPC-A, ER-B for VPC-B, and ER-C for VPC-C and VPC-D. The VPCs are attached to the enterprise router in each region, and the enterprise routers in the three regions are added to a central network for cross-region network connectivity. If there will be more VPCs in the future, you only need to attach the VPCs to the enterprise router in the same region. Compared with a cloud connection, this solution features simpler network topology.

Figure 4 Connecting VPCs in different regions using a central network

You can use VPN to connect VPCs in different regions. This will enable them to communicate with each other over the Internet.

In Figure 5, there is a VPC in each region: VPC-A in region A and VPC-B in region B. Each VPC is connected to a VPN connection. The two VPCs can communicate with each other through an encrypted channel on the Internet. VPN can be enabled fast and is cost-effective.

Figure 5 Connecting VPCs in different regions using VPN

You can use Direct Connect to connect VPCs in different regions.

In Figure 6, there is a VPC in each region: VPC-A in region A and VPC-B in region B. Each VPC is connected to a Direct Connect connection. The two VPCs can communicate with each other through a dedicated connection. Compared with VPN, Direct Connect enables faster, more stable data transmission.

Figure 6 Connecting VPCs in different regions using Direct Connect