Manage organization VPC peering with UpCloud Limited availability

Set up a peering connection between your Aiven organization VPC and an UpCloud SDN network.

Establishing a peering connection between an Aiven VPC and an UpCloud SDN network requires creating the peering both from the VPC in Aiven and from the SDN network in UpCloud.

• Setting up the peering from Aiven to UpCloud in the Aiven Console requires the UpCloud SDN network UUID. To find it, you can use either the UpCloud Control Panel or the UpCloud API.
• Setting up the peering from UpCloud to Aiven is possible either in the UpCloud Control Panel or through the UpCloud API.

Limitations

• Peering connections are only supported between networks of type private.
• You cannot initiate a peering between two networks with overlapping CIDR ranges.
• The networks to be peered need to be in the same cloud zone.

important

Make sure you only create peerings between accounts, platforms, or networks you trust. There is no limit on what traffic can flow between the peered components. The server firewall has no effect on private type networks.

Prerequisites

• Manage organization networking permissions
• Two networks to be peered: an organization VPC in Aiven and an SDN network in your UpCloud account
• Either access to the UpCloud Control Panel or the UpCloud API
• One of the following tools for operations on the Aiven Platform:
  • Aiven Console
  • Aiven API

Create a peering connection

Collect data from UpCloud

To create a peering connection in Aiven, first collect the required data from UpCloud using either the UpCloud Control Panel or the UpCloud API:

UpCloud Control Panel

1. Log in to the UpCloud Control Panel, and go to Network > Private networks.
2. Find the network to peer, and copy its UUID located under its name.

UpCloud API

Send a request to the get network details UpCloud API endpoint. In the response, you'll get the UpCloud SDN network's UUID.

Create the peering in Aiven

With the data collected from UpCloud, create an organization VPC peering connection using a tool of your choice:

Aiven Console

1. Log in to the Aiven Console, and click Admin in the top navigation bar.

2. Click VPCs in the sidebar.

3. On the Virtual private clouds page, select an organization VPC to peer.

4. On the VPC details page, go to the VPC peering connections section and click Create peering request.

5. In the Create peering request window.

   1. Enter your UpCloud SDN network UUID in the UpCloud Network UUID field.

   2. Click Create.

      This adds a connection with the Pending peer status in the Aiven Console.

6. While still on the VPC details page, make a note of the ID of your Aiven VPC.

Aiven API

Make an API call to the OrganizationVpcPeeringConnectionCreate endpoint:

curl --request POST \
  --url https://api.aiven.io/v1/organization/ORGANIZATION_ID/vpcs/ORGANIZATION_VPC_ID/peering-connections \
  --header 'Authorization: Bearer BEARER_TOKEN' \
  --header 'content-type: application/json' \
  --data '
    {
      "peer_cloud_account":"upcloud",
      "peer_vpc":"UPCLOUD_SDN_NETWORK_UUID"
    }
  '

Replace the following placeholders with meaningful data:

• ORGANIZATION_ID (Aiven organization ID)
• ORGANIZATION_VPC_ID (Aiven organization VPC ID)
• BEARER_TOKEN
• UPCLOUD_SDN_NETWORK_UUID

Create the peering in UpCloud

Use the Aiven VPC network ID collected in the Aiven Console to create the VPC peering connection in UpCloud either in the UpCloud Control Panel or through the UpCloud API:

UpCloud Control Panel

1. Log in to the UpCloud Control Panel, and go to Network > Peering.
2. Click Create network peering, and in the Create network peering window:
   1. Specify the peering name.
   2. Select the source peer network (your UpCloud SDN network).
   3. Provide the UUID of the target peer network (the ID of your Aiven VPC).
   4. Click Create.

This creates the peering connection between your Aiven VPC and your UpCloud SDN network.

UpCloud API

Send a request to the create network peering UpCloud API endpoint.

POST /1.3/network-peering HTTP/1.1
{
  "network_peering": {
    "configured_status": "active",
    "name": "NAME_OF_YOUR_PEERING",
    "network": {
      "uuid": "UPCLOUD_SDN_NETWORK_UUID"
    },
    "peer_network": {
      "uuid": "AIVEN_VPC_NETWORK_UUID"
    }
  }
}

Attributes

Attribute	Accepted value	Default value	Required	Description	Example value
configured_status	active or disabled	active	No	Controls whether the peering is administratively up or down.	active
name	String of 1-255 characters	None	Yes	Descriptive name for the peering	peering upcloud->aiven
network.uuid	Valid network UUID	None	Yes	Sets the local network of the peering. Use the UpCloud SDN network UUID.	03126dc1-a69f-4bc2-8b24-e31c22d64712
peer_network.uuid	Valid network UUID	None	Yes	Sets the peer network of the peering. Use the Aiven VPC network ID.	03585987-bf7d-4544-8e9b-5a1b4d74a333

Expected response

note

The sample response provided describes a peering established one way only.

If your peering API request is successful, you can expect a response similar to the following:

HTTP/1.1 201 Created
{
  "network_peering": {
    "configured_status": "active",
    "name": "NAME_OF_YOUR_PEERING",
    "network": {
      "ip_networks": {
        "ip_network": [
          {
            "address": "192.168.0.0/24",
            "family": "IPv4"
          },
          {
            "address": "fc02:c4f3::/64",
            "family": "IPv6"
          }
        ]
      },
      "uuid": "UPCLOUD_SDN_NETWORK_UUID"
    },
    "peer_network": {
      "uuid": "AIVEN_VPC_NETWORK_UUID"
    },
    "state": "pending-peer",
    "uuid": "PEERING_UUID"
  }
}

Error responses

HTTP status	Error code	Description
409 Conflict	LOCAL_NETWORK_NO_ROUTER	The local network has no router.
404 Not found	NETWORK_NOT_FOUND	The local network was not found.
404 Not found	PEER_NETWORK_NOT_FOUND	The peer network was not found.
409 Conflict	PEERING_CONFLICT	The peering already exists.

Renew a DHCP lease

You only need to perform this step if any of your VMs have been created before setting up the network peering. In this case, refresh the Dynamic Host Configuration Protocol (DHCP) lease for a relevant network interface to get new routes.

warning

A peering connection between an Aiven VPC and VMs created before the peering setup won't work unless you refresh the DHCP lease for a relevant network interface.

To refresh the DHCP lease for a network interface, run the following commands:

1. To clear the existing DHCP lease

   dhclient -r NETWORK_INTERFACE_NAME

2. To request a renewal of the DHCP lease

   dhclient NETWORK_INTERFACE_NAME

Delete the peering

important

Once you delete your VPC peering on the Aiven Platform, the cloud-provider side of the peering connection becomes inactive or deleted, and the traffic between the disconnected VPCs is terminated.

Delete an organization VPC peering using a tool of your choice:

Aiven Console

1. Log in to the Aiven Console, and click Admin in the top navigation bar.
2. Click VPCs in the sidebar.
3. On the Virtual private clouds page, select an organization VPC.
4. On the VPC details page, go to the VPC peering connections section, find the peering to be deleted, and click Actions > Delete.
5. In the Confirmation window, click Delete VPC peering.

Aiven API

Make an API call to the OrganizationVpcPeeringConnectionDelete endpoint:

curl --request DELETE \
  --url https://api.aiven.io/v1/organization/ORGANIZATION_ID/vpcs/ORGANIZATION_VPC_ID/peering-connections/PEERING_CONNECTION_ID \
  --header 'Authorization: Bearer BEARER_TOKEN'

Replace the following placeholders with meaningful data:

• ORGANIZATION_ID: Aiven organization ID
• ORGANIZATION_VPC_ID: Aiven organization VPC ID
• PEERING_CONNECTION_ID: ID or name of your cloud provider VPC
• BEARER_TOKEN

Aiven Provider for Terraform

To delete your aiven_CLOUD_PROVIDER_NAME_org_vpc_peering_connection resource, run terraform destroy. See the Aiven Provider for Terraform documentation for details.