Solved: How can I connect Cloud Router to Cloud VPN?

Thomasaw · 07-27-2023 12:29 AM

Hi, I would try to use Partner Interconnect to connect between GCP and my On-prem.

To realise that, I would build a structure such as:

■Physical

(GCP) Cloud VPN --- Cloud Router --- VLAN Attachment --- (Service Provider) --- (On-Prem)

■Underlay

(GCP) BGP(on Cloud Router) *AS 16550 fixed

■Overlay

(GCP) VPN Tunnel(on Cloud VPN) over BGP

I see some documents, but some components are still unclear.

First I set up VLAN Attachment and get Paring-code. I tell the code to a service provider then wait for being enabled by the provider. In the same set up flow, I would create Cloud Router.

Next, how can I connect with Cloud Router and Cloud VPN?

If I create Cloud VPN without taking care of Cloud Router, does it work correctly? Or should I have to concern Cloud Router such as making connection sessions.

I am happy if it is defined on GCP internal and automatic routing.

I am confused so please help me if you know some.

Best regards,

toledoja

Yes, that's looks great, but there are some steps where the Partner will give you some information that comes into the configuration.

Let me know if it working or not once you involve them!

View solution in original post

toledoja

Hi Thomasaw,

If you want to add a VPN into the equation, make sure that it is an HA VPN.

Let me share this doc about how to deploy an HA VPN over Cloud Interconnect, to create encrypted VLAN attachments.

Best regards,

Alejandro

Thomasaw

Hi @toledoja ,

Thank you for replying.

Yes, I know we should use HA VPN, not Classic VPN.

Then I saw these documents but I could not find how Cloud VPN connect to Cloud Router.

I mean I would like to know how the routing between Cloud VPN (HA VPN) and Cloud Router works.

Best regards,

toledoja

Hi @Thomasaw

Here a diagram that shows the flow:

Check also the deployment steps and configuration to have a better understanding.

If you have a more specific question let me know.

My Best,

Alejandro

Thomasaw

Hi, @toledoja ,

Thank you again.

Because of some problems, I didn't tell the code to a service provider and set up my on-prem machines yet.
So in advance I have created components without vlan attachments and linking up:

1. HA VPN GW
2. Cloud Router
3. Peer VPN GW
4. VPN Tunnel
5. BGP Interface
6. Add BGP Peer

The structure seems to be like this:
*# x(No.X) matches components created above.
■Overlay
Peer BGP Session (#6) --- (BGP Interface (#5)) --- Cloud Router (#2)
■Underlay
Peer VPN GW (#3) --- (VPN Tunnel (#4)) --- HA VPN GW (#1)

Do you think it works correctly?
If it goes well, I will add vlan attachments and another Cloud Router.

Best regards,

toledoja

Yes, that's looks great, but there are some steps where the Partner will give you some information that comes into the configuration.

Let me know if it working or not once you involve them!

Thomasaw

Hi, @toledoja ,

I am happy with your warm replies.

I know some parameters will be given by the Partner to create another Cloud Router.
Then it needs more time to finish the process of the Partner...

Best regards,