4

I have a GCP Project "A" where I had previously added VPC peering with MongoDB Atlas:

enter image description here

This way my development GKE cluster (whose VPC range is 10.7.0.0/16) will support peering when accessing MongoDB. So far everything works as expected.

Now I've provisioned another GKE cluster for preproduction, with its own VPC range on 10.221.0.0/16. I've also created another database in the same Mongo cluster "app-pre" and wanted to add VPC peering for the new cluster.

I followed the same steps:

  1. Mongo Atlas: add peering connection for GCP project "A", VCP name and CIDR 192.168.0.0/16
  2. GCP Create Peering Connection

The problem is I get the following error:

An ip range in the local network (10.221.0.0/16) overlaps with an ip range (10.221.0.0/16) in an active peer of the peer network

enter image description here

codependent
  • 23,193
  • 31
  • 166
  • 308
  • 3
    You have two networks that have overlapping addresses. A router cannot know which network to forward traffic to if the both have the same address. Your solution is to recreate one of the network to use a different CIDR (IP address range). – John Hanley Dec 22 '20 at 19:04
  • as @john-hanley says, your "Project A" is already using (or linked) with a different 10.221.0.0/16 range, and therefore it would cause a weird behavior if a second rule were to be added with the same range, so you can use a different IP range or you can stop your initial VPC Peering in order to allow this one. john-hanley up here has the correct answer. – Frank Dec 22 '20 at 22:18
  • @JohnHanley There was another VPC network I didn't know about which was using the same CIDR, thanks! – codependent Dec 23 '20 at 12:39

1 Answers1

3

Posting this as an answer in order to help other people.

What @john-hanley mentions is correct, basically you can't have 2 or more VPC peerings when they are using overlapping IP ranges, this is because GCP routes would be created with the same "priority" and therefore it would be confusion as to where to send a packet to those routes.

The message you are getting is basically that you are already using one range this way and intend to use this very same range "10.221.0.0/16" again.

Frank
  • 525
  • 2
  • 8