In this article, we describe how to leverage Network Mode of App Services and Endpoints to connect two AWS VPCs with overlapping network addresses.
VPC-1 and VPC-2 both have a VPC CIDR 10.0.0.0/20.
Step 1. Launch a Service Node in VPC-1
Login to Bumblebee portal
Click Service Node on the left navigation menu
Click Create Service Node
Enter a new Service Node name: vpc-1-node
Enter the new Service Node Group name: vpc-1-node-grp
Click Create Service Node
For Node Form Factor, select AWS AMI
Click Continue
Click Generate Cloud Init Data
Copy the data for the next step
Click this link to launch the Cloud Formation script for service node instance in VPC-1. This link takes to AWS console Cloud Formation Quick create stack page. Switch to the region of VPC-1 if you need. For Parameters of the stack:
a. For SubnetID field, use the dropdown to select a private subnet in VPC-1. Make sure the private subnet has routing setup to reach Internet via NAT gateway or it can reach *.bumblebeenet.com
b. For UserData field, copy and paste the Cloud Init Data generated in the previous step.
c. For VPCID, use the dropdown menu to select VPC-1
d. Click Create stack
e. Wait for the stack creation to complete
f. You should see vpc-1-node is register on the Bumblebee portal with Admin State as "registered" and Op State as green.
Step 2. Launch a Endpoint Node in VPC-2
Step 2 is similar to Step 1, describe as follows.
Login to Bumblebee portal
Click Endpoint Nodes on the left navigation menu
Click Create Endpoint Node
Enter the Endpoint Node name: vpc-2-node
Enter a new Endpoint Node Group name: vpc-2-node-grp
Click Create Endpoint Node
For Node Form Factor, select AWS AMI
Click Continue
Click Generate Cloud Init Data
Copy the data for the next step
Click this link to launch the Cloud Formation script for service node instance in VPC-2. This link takes to AWS console Cloud Formation Quick create stack page. Switch to the region of VPC-2 if you need. For Parameters of the stack:
a. For SubnetID field, use the dropdown to select a private subnet in VPC-2. Make sure the private subnet has routing setup to reach Internet via NAT gateway or it can reach *.bumblebeenet.com
b. For UserData field, copy and paste the Cloud Init Data generated in the previous step.
c. For VPCID, use the dropdown menu to select VPC-2
d. Click Create stack
e. Wait for the stack creation to complete
f. You should see vpc-2-node is register on the Bumblebee portal with Admin State as "registered" and Op State as green.
Step 3. Create an App Service in Network Mode
In this step, we launch an App Service in Network Mode on the vpc-1-node.
Login to Bumblebee portal
Click App Services on the left navigation menu
Click Create App Service
For App Service Name field, enter vpc-1, as an example
For Location, select Network
For Real subnet CIDR lists, enter 10.0.0.0/20 (You can also enter the list of subnets on the VPC)
Click Enable Address Translation
Leave Virtual subnet CIDR pool unchanged
For Service Node Group, select vpc-1-node-grp
Click Create
Wait for this app service vpc-1 to go to "available" for Admin State and turn green for Op State
Step 4. Create an Endpoint in Network Mode
After the app service is created, take the app service ID and use that to create endpoint. Here are the steps.
Login to Bumblebee portal
Click Endpoints on the left navigation menu
Click Create Endpoint
For Endpoint Name field, enter vpc-2 as an example
For Location, select Network
For Real subnet CIDR lists, enter 10.0.0.0/20 (You can also enter a list of subnets on the VPC)
For Endpoint Node Group, select vpc-2-node-grp
For Endpoint Node, select vpc-2-node
Click Create
Wait for its Admin State to go into "pending"
Step 5. Connect the Endpoint to App Service
After both App Service and Endpoints are connected, the App Service account should receive an email on pending connect request from the Endpoint.
Login to Bumblebee portal
Click App Services on the left navigation menu
From the list of App Services, select the App Service "vpc-1".
In the panel below the list of selected App Service, click Endpoints
Select vpc-2, click Actions -> Approve
The Endpoint vpc-2 should go into Accepted for Admin State
Wait for the Endpoint Op State turn green
Step 6. Setup VPC routing
After Endpoint "vpc-2" connects with App Service "vpc-1", the networking between VPC-1 and VPC-2 are setup. The next step is setup routing in each respective VPCs.
An instance's IP address in a VPC is one-to-one translated to its virtual address. For example, an instance in VPC-1 is 10.0.0.100/32 is translated to 100.66.0.100/32
Since the two VPC CIDRs are overlapping, Bumblebee assigns virtual CIDRs automatically to each VPC when you enable Address Translation at Step 4. Here are the steps to find out what virtual CIDR each VPC is assigned.
For App Service "vpc-1", look for Virtual Subnet at the Details/Specific section. In this case, it is 100.66.0.0/20

For Endpoint "vpc-2", look for Virtual Subnet at the Details/Specific section. In this case, it is 100.66.16.0/20
When programming VPC route table, make sure you use virtual subnet CIDR to program the destination CIDR. For example, in VPC-1, to reach VPC-2 the destination is 100.66.16.0/20 (the VPC-2's virtual CIDR). Similarly, to reach VPC-2 from VPC-1, the destination is 100.66.0.0/20.
Resizing the Node
The initial node instance size is t2.micro. You can resize the node instance the way to resize the AWS instance.
Comments