VPC Connectivity Architectures
Scaling Multi-Region Networks
The Connectivity Crisis
In the early stages of cloud adoption, VPC Peering is the default choice. It is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 or IPv6 addresses. However, VPC Peering is non-transitive: if VPC A is peered with B, and B is peered with C, A cannot talk to C through B.
HUB-AND-SPOKE VS. MESH CONNECTIVITY
VPC Peering Mesh vs AWS Transit Gateway Architecture
Becomes unmanageable beyond 5-10 VPCs due to routing table limits.
Distributed security group rules required at every node.
Every route change must be manually updated in peer VPCs.
Peering Mesh vs. Hub-and-Spoke
When dealing with 10 VPCs, a full mesh requires 10 * (10-1) / 2 = 45 peering connections. Managing 45 route tables, 45 security groups, and 45 sets of IAM policies quickly becomes a maintenance nightmare. This is known as Peering Sprawl.
AWS Transit Gateway (TGW) solves this by acting as a regional network hub. You attach VPCs, VPNs, and Direct Connects to the TGW, which manages routing centrally.
Comparison Factors
- Performance: VPC Peering has no bandwidth limits and no latency penalty, as it uses the underlying AWS fiber. TGW has an hourly cost and per-GB data processing charge.
- Scalability: TGW supports thousands of attachments and simplifies routing with Route Table Propagations.
- Complexity: Use Peering for simple, low-latency links between a few VPCs. Use Transit Gateway for enterprise-scale multi-account environments.
Choosing the right architecture depends on your growth projections. Migrating from Peering to Transit Gateway later is possible but requires careful DNS and route table planning to avoid downtime.