Page History

Since the Transit Gateway in the v2 architecture is configured to fully interconnect attached VPCs, most VPC peering among Cornell AWS VPCs could be removed eventually. When VPC peering is removed, VPC-to-VPC traffic that formerly used a peering connection would use the Transit Gateway instead. All traffic would remain in AWS, and the traffic would take two (2) hops to reach the target VPC instead of the one (1) hop that the peering connections support.

There are two cases where VPC peering would need to remain in place:

1. When Security Groups in one VPC reference Security Groups in a peered VPC, that peering cannot be removed without adjusting the security group to use CIDR blocks instead of the referenced Security Group. TGW Attachments do not support this type of cross-VPC Security Group referencing.
2. Peering between VPCs where one of the VPCs is not using Cornell Direct Connect. VPCs not using Direct Connect cannot replace peering with the TGW Attachment in the v2 architecture.

Reducing the amount of peering amongst Cornell AWS VPCs will take place later and customers will be contacted separately about that. No peering changes are planned as part of the Direct Connect architecture migration.