Dragonfly Cloud is now available in the AWS Marketplace - learn more

Dragonfly
Back to All Posts

engineering

VPC Peering: Secure & Efficient Access to Infrastructure as a Service

How VPC peering enables secure and efficient access to cloud infrastructure and why it’s the perfect choice for Dragonfly Cloud.

Ari ShotlandAri Shotland

November 26, 2024

VPC Peering: Secure & Efficient Access to Infrastructure as a Service

Introduction

The cloud computing landscape is rapidly evolving, with innovative companies and startups redefining Infrastructure as a Service (IaaS). These innovators are developing cutting-edge solutions that offer compelling advantages over traditional cloud vendor offerings. By providing tailored, optimized, and often more cost-effective infrastructure, these IaaS providers empower businesses to achieve new levels of efficiency, scalability, and performance in their cloud journeys.

However, while these innovative IaaS solutions hold substantial promise, establishing secure and seamless connectivity between customer and provider cloud environments remains a challenge. If mishandled, the challenge involved can overshadow the benefits, deterring organizations from adopting these new solutions.

In this blog post, we'll explore VPC peering as a critical tool for DevOps engineers and system architects to enable secure, efficient, and cost-effective connectivity across cloud environments. We'll also compare it with PrivateLink and Private Service Connect to demonstrate why VPC peering is the optimal choice for consuming high-performance, low-latency stateful services like Dragonfly Cloud.

What is VPC Peering?

At first glance, VPC peering might sound complex, but it's actually a straightforward concept. It's a networking feature offered by cloud providers that allows you to connect two Virtual Private Clouds (VPCs). Think of it as a secure, private tunnel linking two isolated networks. This enables seamless communication between resources in different VPCs without exposing them to the public internet, significantly enhancing both security and performance.

VPC Peering: A Secure, Private Tunnel Linking Two Isolated Networks

The specifics of VPC peering can vary depending on the cloud provider, but the setup generally involves two VPCs participating in the peering connection: the requester VPC and the acceptor VPC. Once the requester VPC initiates the setup, the acceptor VPC must complete their side of the configuration to activate the connection and allow traffic to flow between the networks.

One critical concept to keep in mind is that the IP ranges of peered VPCs must not overlap. Each VPC is assigned one or more CIDR (Classless Inter-Domain Routing) blocks, which define the range of IP addresses that the VPC can use. Ensuring these ranges don't conflict is essential for the peering connection to function properly.

Benefits of VPC Peering

VPC peering offers several key advantages:

  • Enhanced Security: By keeping traffic within the cloud provider's private network, VPC peering significantly reduces the attack surface compared to exposing resources to the public internet.
  • Reduced Costs: VPC peering eliminates the need for public IP addresses and reduces associated data transfer costs, leading to substantial savings on network expenses.
  • Improved Performance: Traffic between peered VPCs experiences lower latency and higher throughput compared to routing through the public internet, resulting in faster application response times.
  • Simple Management: Unlike other alternatives, VPC peering doesn’t require VPNs or additional hardware, making it easier to manage and maintain.

With these advantages, we eliminate the security risks and cost overhead traditionally associated with consuming infrastructure services from different cloud environments.

PrivateLink / Private Service Connect

PrivateLink (AWS) and Private Service Connect (GCP) are advanced alternatives that allow customers to connect to a service within the provider’s network using private endpoints. The main advantage of these solutions over VPC peering is service-specific access: PrivateLink creates an endpoint within your VPC, offering granular access to a specific service without exposing your entire network. However, similar restrictions can be achieved by configuring VPC firewalls or security groups.

Despite their benefits, PrivateLink and Private Service Connect are less suitable for high-performance stateful applications, such as in-memory data stores. Some key limitations include:

  • Endpoint Charges: Each endpoint incurs a cost, even when idle, which can become significant if you require many endpoints.
  • Data Transfer Costs: These services impose data transfer charges that can escalate quickly with large volumes of traffic.
  • Load Balancer: These services require a load balancer, which adds both latency and additional expenses.

For these reasons we found VPC Peering to be the most fit connectivity technique for Dragonfly Cloud as it aligns with Dragonfly’s values of performance and efficiency while maintaining security.

Dragonfly Cloud

Dragonfly Cloud is a fully managed cloud service built on Dragonfly, the most performant in-memory data store in the world and a drop-in replacement for Redis. With Dragonfly Cloud, customers can create dedicated private networks and seamlessly connect them to their own VPCs using VPC peering.

You can sign up for Dragonfly Cloud here and explore our documentation to experiment with VPC peering and unlock the full potential of our IaaS offering.

Stay up to date on all things Dragonfly

Join our community for unparalleled support and insights

Join

Switch & save up to 80% 

Dragonfly is fully compatible with the Redis ecosystem and requires no code changes to implement. Instantly experience up to a 25X boost in performance and 80% reduction in cost

Sign upRequest demo