how to communicate 2 instances inside the same VPC but different subnets (regions) using internal IP

Question

I have 2 instances, 1 VPC and 2 subnets each one in different region.

1 instance has a public IP, the other one just have internal IP. I want the 2 instances to communicate with each other using their internal IP.

How can I achieve this?

--Edit

instances

name: instance-a

zone: us-central1-a

network: testing

network tags: testing-allow-internal testing-allow-ssh

internal ip: 10.10.0.2

external ip: none

---

name: instance-b

zone: northamerica-northeast1-a

network: testing

network tags: testing-allow-internal testing-allow-ssh

internal ip: 10.20.0.2

external ip: yes

---

vpc

name: testing

Dynamic routing mode: global

---

subnets

name: testing

region: us-central1

IP address ranges: 10.10.0.0/15

gateway: 10.10.0.1

Private Google Access: On

---

name: testing

region: northamerica-northeast1

IP address ranges: 10.20.0.0/15

gateway: 10.20.0.1

Private Google Access: On

---

Firewall Rules

name: testing-allow-internal

type: Ingress

targets: Apply to all

filters: IP ranges: 0.0.0.0/0

protocols / ports: all

action: Allow

priority: 65534

network: testing

---

name: testing-ssh

type: Ingress

targets: Apply to all

filters: IP ranges: 0.0.0.0/0

protocols / ports: tcp:22

action: Allow

priority: 65534

network: testing

Now, what I am trying to achieve: connect from local to instance-b via ssh usinf external IP. I just want instance-b to connect to instance-a via ssh using internal IP ie: ssh user@instance-b-external-ip >> ssh user@instance-a-internal-ip

I can ping, but when I try to connect to instance-a from instance-b using internal-ip via ssh, it always say permission denied.

---

New Edit SSH

I connect to instance-b using external-ip ie: ssh user@externalip. Inside instance-b i create ssh keys using the following command

ssh-keygen -t rsa -b 4096 -f ~/.ssh/instance_b

the pub key and private key

public key: instance_b.pub

private key: instance_b

I add the public key to the SSH KEYS using GUI

then I connect as usual ssh [email protected]

The authenticity of host '10.10.0.2 (10.10.0.2)' can't be established.
ECDSA key fingerprint is SHA256:iA1FfVyXM1234OsIy424ElVLnjGg2tMuSmdbsGWGLSs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.0.2' (ECDSA) to the list of known hosts.
[email protected]: Permission denied (publickey).

I get permission denied

BUT if I use the following command:

ssh -i ~/.ssh/instance-b [email protected]

I can connect. Why??

---

If I am missing anything, please let me know

Thanks!

Answer 1

VPC subnets within the same VPC can communicate with each other. The VPC Firewall rule default-allow-internal allows all TCP, UDP, and ICMP traffic between resources within the same VPC.

The key is to use the internal (private) IP address.