Set up a Network Peering Connection¶
This feature is not available for M0
free clusters, M2
, and
M5
clusters. To learn more about which features are unavailable,
see Atlas M0 (Free Cluster), M2, and M5 Limitations.
Serverless instances are in preview and do not support this feature at this time. To learn more, see Serverless Instance Limitations.
Atlas supports Network Peering connections for AWS, Google Cloud, and Azure-backed and multi-cloud dedicated clusters.
To set up a Network Peering connection, you must have either the
Project Owner
or Organization Owner
role.
Configure an Atlas Network Peering Connection¶
To configure Atlas Network Peering for a cluster, perform the procedure on the tab corresponding to your cluster's cloud provider. You also configure the Atlas VPC CIDR during this procedure.
To configure the Atlas CIDR without configuring Network Peering, see Create a New Network Peering Container. You must use the API to configure the Atlas CIDR without Network Peering.
Network Peering Architectures¶
Multiple cloud-hosted applications might need to connect securely to the same Atlas project.
Network Peering between an Atlas VPC and Two Virtual Networks with Identical CIDR Blocks¶
Consider a case where two applications use virtual networks (VPC, VNet) with identical IP CIDR blocks. You want both applications to securely connect to the same Atlas cluster via VPC peering. To achieve this, create one network peering connection between each application's virtual network and your Atlas cluster.
Cloud provider virtual networks can’t peer to each other if they have identical CIDR blocks. However, you can peer each of the applications' virtual networks with the Atlas virtual network if the Atlas virtual network includes two non-overlapping CIDR blocks. Configure each of the peering connections to have non-overlapping route-back CIDR blocks in the Atlas virtual network.
Follow this general process:
- Before you deploy any clusters, create a network peering connection for each virtual network that you want to peer with Atlas. You do this by creating a CIDR block in the Atlas virtual network for each application's virtual network.
- In the virtual network's configuration for your cloud provider, establish routing between each of your application's virtual networks and their respective Atlas CIDR blocks.
- Deploy your Atlas cluster.
Consider two applications in the same AWS account in the same region. Each application has its own VPC. The VPCs have identical CIDR blocks. These VPCs can't peer with each other. You must configure each application's VPC as a peer to the Atlas VPC.
Application's VPC name | CIDR block | Subnet |
---|---|---|
app-tier-vpc-1 | 10.4.0.0/16 | subnet1 : 10.5.0.0./16 |
app-tier-vpc-2 | 10.4.0.0/16 | subnet2 : 10.6.0.0/16 |
To peer each application's VPC to the Atlas VPC before you deploy your Atlas cluster:
Create a network peering connection to peer Atlas with your first application's VPC.
- Click the Peering tab.
- Select Peering Connection.
- Select AWS and click Next.
Complete the AWS VPC fields and enter details for the first application's VPC:
- Account ID
- VPC ID
- VPC CIDR
- Application VPC Region.
- Type the first CIDR block, 10.5.0.0/24, into the VPC CIDR field in the Atlas VPC section.
- Click Initiate Peering.
Create a network peering connection to peer Atlas with your second application's VPC.
- Click the Peering tab.
- Select Peering Connection.
- Select AWS and click Next.
Complete the AWS VPC fields and enter details for the second application's VPC:
- Account ID
- VPC ID
- VPC CIDR
- Application VPC Region.
- Type the second CIDR block, 10.6.0.0/24, into the VPC CIDR field in the Atlas VPC section.
- Click Initiate Peering.
In AWS, configure each of your application's VPCs to route back to their respective CIDR blocks in Atlas. For information, see Updating your route tables for a VPC peering connection.
app-vpc-1
with CIDR 10.4.0.0/16 routes back tosubnet1
in the CIDR 10.5.0.0/24app-vpc-2
with CIDR 10.4.0.0/16 routes back tosubnet2
in the CIDR 10.6.0.0/24
When complete, the routes for app-vpc-1
and app-vpc-2
should match the following table:
Network | Destination | Origin |
---|---|---|
app-vpc-1 | 10.4.0.0/16 | local |
10.5.0.0/16 | peer to the Atlas VPC | |
app-vpc-2 | 10.4.0.0/16 | local |
10.6.0.0/16 | peer to the Atlas VPC |