Set up a Network Peering Connection¶

On this page

Configure an Atlas Network Peering Connection

Network Peering Architectures

Note

Feature unavailable in Free and Shared-Tier Clusters

This feature is not available for M0 free clusters, M2, and M5 clusters. To learn more about which features are unavailable, see Atlas M0 (Free Cluster), M2, and M5 Limitations.

Important

Serverless Instances are in Preview

Serverless instances are in preview and do not support this feature at this time. To learn more, see Serverless Instance Limitations.

Atlas supports Network Peering connections for AWS, Google Cloud, and Azure-backed and multi-cloud dedicated clusters.

Important

To set up a Network Peering connection, you must have either the Project Owner or Organization Owner role.

Configure an Atlas Network Peering Connection¶

To configure Atlas Network Peering for a cluster, perform the procedure on the tab corresponding to your cluster's cloud provider. You also configure the Atlas VPC CIDR during this procedure.

To configure the Atlas CIDR without configuring Network Peering, see Create a New Network Peering Container. You must use the API to configure the Atlas CIDR without Network Peering.

Network Peering Architectures¶

Multiple cloud-hosted applications might need to connect securely to the same Atlas project.

Network Peering between an Atlas VPC and Two Virtual Networks with Identical CIDR Blocks¶

Consider a case where two applications use virtual networks (VPC, VNet) with identical IP CIDR blocks. You want both applications to securely connect to the same Atlas cluster via VPC peering. To achieve this, create one network peering connection between each application's virtual network and your Atlas cluster.

Cloud provider virtual networks can’t peer to each other if they have identical CIDR blocks. However, you can peer each of the applications' virtual networks with the Atlas virtual network if the Atlas virtual network includes two non-overlapping CIDR blocks. Configure each of the peering connections to have non-overlapping route-back CIDR blocks in the Atlas virtual network.

Follow this general process:

Before you deploy any clusters, create a network peering connection for each virtual network that you want to peer with Atlas. You do this by creating a CIDR block in the Atlas virtual network for each application's virtual network.
In the virtual network's configuration for your cloud provider, establish routing between each of your application's virtual networks and their respective Atlas CIDR blocks.
Deploy your Atlas cluster.

Example

Consider two applications in the same AWS account in the same region. Each application has its own VPC. The VPCs have identical CIDR blocks. These VPCs can't peer with each other. You must configure each application's VPC as a peer to the Atlas VPC.

Application's VPC name	CIDR block	Subnet
`app-tier-vpc-1`	10.4.0.0/16	`subnet1`: 10.5.0.0./16
`app-tier-vpc-2`	10.4.0.0/16	`subnet2`: 10.6.0.0/16

To peer each application's VPC to the Atlas VPC before you deploy your Atlas cluster:

Create a network peering connection to peer Atlas with your first application's VPC.
1. Click the Peering tab.
2. Select Peering Connection.
3. Select AWS and click Next.
4. Complete the AWS VPC fields and enter details for the first application's VPC:
  - Account ID
  - VPC ID
  - VPC CIDR
  - Application VPC Region.
5. Type the first CIDR block, 10.5.0.0/24, into the VPC CIDR field in the Atlas VPC section.
6. Click Initiate Peering.
Create a network peering connection to peer Atlas with your second application's VPC.
1. Click the Peering tab.
2. Select Peering Connection.
3. Select AWS and click Next.
4. Complete the AWS VPC fields and enter details for the second application's VPC:
  - Account ID
  - VPC ID
  - VPC CIDR
  - Application VPC Region.
5. Type the second CIDR block, 10.6.0.0/24, into the VPC CIDR field in the Atlas VPC section.
6. Click Initiate Peering.
In AWS, configure each of your application's VPCs to route back to their respective CIDR blocks in Atlas. For information, see Updating your route tables for a VPC peering connection.
- app-vpc-1 with CIDR 10.4.0.0/16 routes back to subnet1 in the CIDR 10.5.0.0/24
- app-vpc-2 with CIDR 10.4.0.0/16 routes back to subnet2 in the CIDR 10.6.0.0/24

When complete, the routes for app-vpc-1 and app-vpc-2 should match the following table:

Network	Destination	Origin
`app-vpc-1`	10.4.0.0/16	local
	10.5.0.0/16	peer to the Atlas VPC
`app-vpc-2`	10.4.0.0/16	local
	10.6.0.0/16	peer to the Atlas VPC

← Configure IP Access List Entries Set up a Private Endpoint for Dedicated Cluster →