This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Private Service Connect Vs VPC peering for Apigee X

Posted on 09-07-2023 07:55 PM
aramkrishna6
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Per Apigee architecture overview  |  Google Cloud

Lists following

Apigee provides two options for provisioning: with VPC peering and without VPC peering. Both options are described in the sections that follow.

Q: do we have pros or cons of above listed approach ? 

Q: what will trigger usage or mandates to Private Service Connect instead of VPC peering?

@dino @devashishpatil 

 

1 2 1,164
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
iambaskar
Staff
Reply posted on --/--/---- --:-- AM

Hi @aramkrishna6 ,

There are multiple benefits in going with non-VPC Peering based provisioning, depending upon your requirements. 

1. With non-VPC Peering based provisioning, no need for you to provide IP ranges & network details while provisioning. For many users, providing IP ranges / Network is a huge overhead - especially when they have Shared VPCs with tight IP spaces. 

2. Large customers face multiple limitations with VPC Peering groups & Shared VPCs when they need to peer their network for other services.

3. VPC Peering allows connecting to Apigee from one single GCP project privately, and similarly Apigee can connect to targets only in the same project privately. However,  PSC (Private Service Connect) allows the user to connect to & from multiple GCP projects privately, and PSC does not need any peering requirements. Note that you can still use PSC with VPC peering based provisioning for both northbound & southbound.

More info @ https://cloud.google.com/apigee/docs/api-platform/get-started/networking-options
Currently, non-VPC peering based provisioning is in public preview. 

Thanks,
Baskar.

Posted on --/--/---- --:-- AM
aramkrishna6
Bronze 5
Bronze 5
In response to iambaskar
Reply posted on --/--/---- --:-- AM

@iambaskar  when we lists below,

1.Means this approach are not ready for production environments ? 

******

Preview — Non-VPC peering

This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see the launch stage descriptions.

******

2. For soubound instead of Cloud NAT or PSC when we go for interconnect ? 

3. There is also comparison listed in section "How to choose a networking option" into URL Apigee networking options  |  Google Cloud

"Active health check for multi-region failover routing" lists about health check and failover. 

Q: Does this means using PSC in such cases don't have fall over capability? And applicable to same when using PSC with either northbond or southbond and does not have failover capabilities with PSC (without MIG)?

4. Do we have good comparison between VPN peering Vs Private service connect with respect to controls or guardrails listing security comparison ?

5. Is it correct assumption that PSC latency will be lower than VPC peering ? or its other way around..  may be a second difference.

@dino  @devashishpatil 

Top Solution Authors
View all