Loading

How to troubleshoot AWS VPC peering connectivity issues

Data pubblicazione: Aug 6, 2025
Operazione

GOAL

Troubleshoot VPC peering connectivity issues
Fasi
Let's assume we peer VPC A (CloudHub VPC) to VPC B (Customer VPC). 

The MuleSoft Engineer needs to check the VPC A for:

  1. Routing rules to the VPC B are pointing to the peering connection "pcx-xxxxxxxx", not a "Black Hole"
  2. The peering connection is "Active"
  3. If requests are inbound to VPC A, from VPC B, then Cloudhub VPC Firewall inbound rules need to be configured to allow the incoming request, and the host is listening on the port. See Firewall Rules
  4. The destination URL is resolved as a IP within VPC B CIDR, or please "Enabling DNS Resolution Support for a VPC Peering Connection"

The Customer needs to check the VPC B for:

  1. Routing rules to the VPC A are pointing to the peering connection "pcx-xxxxxxxx", not a "Black Hole"
  2. The peering connection is "Active"
  3. If requests are incoming to VPC B, from the VPC A, check rules allowing requests from VPC A on destination ports in the security group inbound rules, and check the host is listening on the port.
  4. If requests are outbound to the VPC A, check rules allowing requests to VPC A on destination ports in the security group outbound rules. (Check security groups on VPC B allows outbound to VPC A)
  5. If the destination URL is resolved as a IP within VPC A CIDR, or please "Enabling DNS Resolution Support for a VPC Peering Connection"
Usually, the requests are from VPC A  to VPC B. The MuleSoft engineer checks item 1 & 2 and the customer checks 1, 3 & 4.


Enabling DNS Resolution Support for a VPC Peering Connection

To enable a VPC to resolve public IPv4 DNS hostnames to private IPv4 addresses when queried from instances in the peer VPC, you must modify the peering connection. Both VPCs must be enabled for DNS hostnames and DNS resolution, referring to the AWS document
 

Testing Connectivity

If the VPC peering is established the following test can be conducted from a host in VPC B.

$ ping mule-worker-internal-{appname}.cloudhub.io


** for more information on VPC connectivity testing, please see:
https://help.mulesoft.com/s/article/Testing-Mulesoft-Cloudhub-VPC-Connection
https://help.mulesoft.com/s/article/How-To-Use-Network-Tools-Application


 
Numero articolo Knowledge

001114608

 
Caricamento
Salesforce Help | Article