VPC peering or VPN connection?

Hello Everyone,

I read about VPC peering and VPN Connection. Now, I have a question rearding the use of these. In one of the projects I saw that instead of using VPC peering between 2 VPCs, VPN connection is used for traffic flow between the 2 vpc's in the same AWS account and in the same region.
I would like to understand will the traffic in such case still flow through the internet? 
So lets say  VPC-1 contains a the Software defined firewall acting as a customer gateway and VPC-2 is where we have defined the Virtual private gateway and the VPN connection is configured between these two. Both the VPC's are in the same region and same AWS account. 

What are the pros and cons of doing this instead of VPC peering? 

Kind Regards
  • post-author-pic
    Adrian C

    VPC Peering is HA by design - if you are running a single VPN appliance in your VPC it won't be. VPC peers allow logical referencing of security groups as source or destinations - so you can be much more granular with security. You will also generally achieve better performance from VPC peering, and less issues with latency - it's all handled in software by the AWS networking fabric.

    To answer your 'internet' question. The endpoints used by internet gateways/VPN gateways are in the AWS public address space ... so strictly speaking it won't traverse the public internet .. if they are in the same region.

    Unless you have a reason for doing so - I would also preference using VPC Peers. They also work cross-account and cross-region now.


  • post-author-pic
    Piyush K

    Thanks Adrian for the answer. I was very much not convinced by the approach in the projet when I got to know about this. I would also prefer VPC peering.

Looking For Team Training?

Learn More