Docs Menu

Set up a Network Peering Connection

On this page

  • Configure an Atlas Network Peering Connection
  • Network Peering Architectures
Note
Feature unavailable in Free and Shared-Tier Clusters

This feature is not available for M0 free clusters, M2, and M5 clusters. To learn more about which features are unavailable, see Atlas M0 (Free Cluster), M2, and M5 Limitations.

Important
Serverless Instances are in Preview

Serverless instances are in preview and do not support this feature at this time. To learn more, see Serverless Instance Limitations.

Atlas supports Network Peering connections for AWS, GCP, and Azure-backed and multi-cloud clusters.

Important

To set up a Network Peering connection, you must have either the Project Owner or Organization Owner role.

To configure Atlas Network Peering for a cluster, perform the procedure on the tab corresponding to your cluster's cloud provider. You also configure the Atlas VPC CIDR during this procedure.

To configure the Atlas CIDR without configuring Network Peering, see Create a New Network Peering Container. You must use the API to configure the Atlas CIDR without Network Peering.

Multiple cloud-hosted applications might need to connect securely to the same Atlas project.

Consider a case where two applications use virtual networks (VPC, VNet) with identical IP CIDR blocks. You want both applications to securely connect to the same Atlas cluster via VPC peering. To achieve this, create one network peering connection between each application's virtual network and your Atlas cluster.

Cloud provider virtual networks can’t peer to each other if they have identical CIDR blocks. However, you can peer each of the applications' virtual networks with the Atlas virtual network if the Atlas virtual network includes two non-overlapping CIDR blocks. Configure each of the peering connections to have non-overlapping route-back CIDR blocks in the Atlas virtual network.

Follow this general process:

  1. Before you deploy any clusters, create a network peering connection for each virtual network that you want to peer with Atlas. You do this by creating a CIDR block in the Atlas virtual network for each application's virtual network.
  2. In the virtual network's configuration for your cloud provider, establish routing between each of your application's virtual networks and their respective Atlas CIDR blocks.
  3. Deploy your Atlas cluster.
Example

Consider two applications in the same AWS account in the same region. Each application has its own VPC. The VPCs have identical CIDR blocks. These VPCs can't peer with each other. You must configure each application's VPC as a peer to the Atlas VPC.

Application's VPC name
CIDR block
Subnet
app-tier-vpc-1
10.4.0.0/16
subnet1: 10.5.0.0./16
app-tier-vpc-2
10.4.0.0/16
subnet2: 10.6.0.0/16

To peer each application's VPC to the Atlas VPC before you deploy your Atlas cluster:

  1. Create a network peering connection to peer Atlas with your first application's VPC.

    1. Click the Peering tab.
    2. Select Peering Connection.
    3. Select AWS and click Next.
    4. Complete the AWS VPC fields and enter details for the first application's VPC:

      • Account ID
      • VPC ID
      • VPC CIDR
      • Application VPC Region.
    5. Type the first CIDR block, 10.5.0.0/24, into the VPC CIDR field in the Atlas VPC section.
    6. Click Initiate Peering.
  2. Create a network peering connection to peer Atlas with your second application's VPC.

    1. Click the Peering tab.
    2. Select Peering Connection.
    3. Select AWS and click Next.
    4. Complete the AWS VPC fields and enter details for the second application's VPC:

      • Account ID
      • VPC ID
      • VPC CIDR
      • Application VPC Region.
    5. Type the second CIDR block, 10.6.0.0/24, into the VPC CIDR field in the Atlas VPC section.
    6. Click Initiate Peering.
  3. In AWS, configure each of your application's VPCs to route back to their respective CIDR blocks in Atlas. For information, see Updating your route tables for a VPC peering connection.

    • app-vpc-1 with CIDR 10.4.0.0/16 routes back to subnet1 in the CIDR 10.5.0.0/24
    • app-vpc-2 with CIDR 10.4.0.0/16 routes back to subnet2 in the CIDR 10.6.0.0/24

When complete, the routes for app-vpc-1 and app-vpc-2 should match the following table:

Network
Destination
Origin
app-vpc-1
10.4.0.0/16
local
10.5.0.0/16
peer to the Atlas VPC
app-vpc-2
10.4.0.0/16
local
10.6.0.0/16
peer to the Atlas VPC
Give Feedback
© 2021 MongoDB, Inc.

About

  • Careers
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2021 MongoDB, Inc.