Solved: Network Sizing - Whether CIDR /22 and /28 have to ...

joby_kurian · 06-13-2022 11:22 PM

Hello Team,

I am planning to provision apigee x instance in my project. As per apigee documentation, each apigee instance requires non-overlapping CIDR range of /22 and another /28 for debugging/trouble shooting purposes.

Questions :

The CIDR range of /22 AND /28 that is required for APIGEE Instance, would like to know does the entire /22 and /28 CIDR range have to be a part of the user managed VPC (There are 2 VPCs - Google managed and user managed) and is Primary ? The diagram present in the link gave us a sense that only the bridge VMs and Egress NAT may need to come from the shared VPC(user managed vpc) range.
/22 and /28 CIDR range would be required for each APIGEE Instance. Lets say we have 3 org in our entitlement. Does that mean this(/22 and/28) would be shared across all APIGEE Orgs / Projects or Is it specific to each instance ? as I see its also state that there can only be one Apigee instance per Cloud region.

Thanks,

JK

Arnaduga

From my point of view, these 2 CIDR ranges are "reservations" only, to be sure you won't have your own subnets overlapping them.

The subnet you have to provision is NOT those CIDR ranges.

I guess Google Apigee is building a subnet with this range on their side (not visible for us), in the peered VPC.

On the instanciation I've done, I have one small subnet (compliant with my on prem IP addressing plan) to host the MIG (Manages Instance Group), LB, etc.

The two reserved ranges (/22 and /28) are not compliant (and I won't be able to use this, to avoid overlap, as it is reserved already).

Hope this help (a little at least 🙂 )

View solution in original post

rcooper3

RE: 2. 22 and /28 CIDR range would be required for each APIGEE Instance. Lets say we have 3 org in our entitlement. Does that mean this(/22 and/28) would be shared across all APIGEE Orgs / Projects or Is it specific to each instance ? as I see its also state that there can only be one Apigee instance per Cloud

My understanding is that a /22 and /28 is required for each instance. If you have 3 orgs you will need 3 /22 and 3 /28 IP ranges.

You can have multiple Apigee Organisations per Google account. Each Organisation can have only one Instance per Region.

View solution in original post

Arnaduga

From my point of view, these 2 CIDR ranges are "reservations" only, to be sure you won't have your own subnets overlapping them.

The subnet you have to provision is NOT those CIDR ranges.

I guess Google Apigee is building a subnet with this range on their side (not visible for us), in the peered VPC.

On the instanciation I've done, I have one small subnet (compliant with my on prem IP addressing plan) to host the MIG (Manages Instance Group), LB, etc.

The two reserved ranges (/22 and /28) are not compliant (and I won't be able to use this, to avoid overlap, as it is reserved already).

Hope this help (a little at least 🙂 )

rcooper3

The /22 is visible to us as an imported route. Look under "VPC network peering"/"servicenetworking-googleapis-com"/"IMPORTED ROUTES"

The /28 is not visible, except via a call to the API.

e.g. this curl returns an ipRange field listing the /22 and /28:

curl -H "Content Type: application/json" https://apigee.googleapis.com/v1/organizations/[project id]/instances/[region]

rcooper3

RE: 2. 22 and /28 CIDR range would be required for each APIGEE Instance. Lets say we have 3 org in our entitlement. Does that mean this(/22 and/28) would be shared across all APIGEE Orgs / Projects or Is it specific to each instance ? as I see its also state that there can only be one Apigee instance per Cloud

My understanding is that a /22 and /28 is required for each instance. If you have 3 orgs you will need 3 /22 and 3 /28 IP ranges.

You can have multiple Apigee Organisations per Google account. Each Organisation can have only one Instance per Region.

Network Sizing - Whether CIDR /22 and /28 have to be part of user managed vpc ?