Networking

Announcing enhancements to effective route views in Google Cloud console

November 14, 2023

https://storage.googleapis.com/gweb-cloudblog-publish/images/global_2022_TxXQShm.max-2500x2500.jpg

Muhammad Farrukh Munir

Cloud Technical Solutions Specialist, Google

Gerrit DeWitt

Staff Technical Solutions Engineer, Google

Route tables: The unsung heroes of network routing

Route tables are often seen as an arcane and complex part of network routing, but they are actually one of the most important components of any network. Route tables are used in a variety of networks, including VPC networks in Google Cloud, and we recently added improved route views to the Google Cloud console. In this blog, we discuss how to use these route views when configuring or troubleshooting your Google Cloud networking configuration.

What is a route table?

A route table is a set of routes that determine how traffic is routed from one point to another in a network. Each route is an entity that specifies the destination IP address or network prefix, the next hop IP address or gateway, and the interface to use to reach the destination. The next hop IP address or gateway is the next device on the network that the traffic will be routed to on its way to the destination.

By understanding how route tables work and the different ways they can be used, you can improve the performance, security, and scalability of your network. Google cloud’s improved route views appear in the Google Cloud console. These improved views show a complete list of effective routes for each region of a VPC network, including policy-based routes, local subnet routes, peering subnet routes, local static and dynamic routes, and peering static and dynamic routes.

Our improved route views are especially useful for any customer who has a VPC network connected to several on-premises networks. For example, suppose you have VMs in multiple regions of a VPC network. Resources in your VPC network need to connect to on-premises services that use IP addresses in the 100.64.0.0/16 range. Your VPC network uses a hybrid connectivity product – like Cloud Interconnect – to connect to an on-premises network. You’ve created VLAN attachments in Google cloud regions located, in Europe, in the United States, and in Asia, corresponding to the GCP regions where your VMs are located as shown in diagram below:

https://storage.googleapis.com/gweb-cloudblog-publish/images/2_fkWahOn.max-1700x1700.png

Your on-premises network advertises 100.64.0.0/16 to VLAN attachments in three regions using MED value 50. With each region, the first choice next hop for the 100.64.0.0/16 destination is the VLAN attachment in the same region: When GCP VMs in us-central1 need to send packets to 100.64.0.0/16, the first choice next hop is the VLAN attachment in us-central1. Using global dynamic routing, each region also has a second choice next hop VLAN attachment in a nearby region. The second choice next hop for the 100.64.0.0/16 destination in the europe-west1 and asia-southeast2 regions is the VLAN attachment in us-central1. The second choice next hop for the 100.64.0.0/16 destination in the us-central1 region is the VLAN attachment in europe-west1.

Unfortunately, the console’s previous VPC network route table views didn’t provide a way to get region-specific routing information, leaving you guessing about each region’s 100.64.0.0/16 dynamic routes. One of the key benefits of our improved route table views is their regional nature. Now you have an idea about what region’s VLAN attachments would receive traffic if you take down a region’s first choice VLAN attachment for maintenance.

Benefits of improved route views

Our improved route views have the following benefits:

Regional views: GCP determines VPC network route priorities for dynamic routes (learned by Cloud Routers using the BGP protocol) based on the received multi-exit discriminator (MED) value sent by a peer router. When a VPC network with Cloud Routers uses the global dynamic routing mode, we propagate dynamic routes to all regions of the VPC network (and all regions of any peered VPC networks), not just the region containing the Cloud Router that received the route’s prefix. When propagating dynamic routes to the other regions, we set a unique priority for the propagated dynamic route in each region: the current algorithm uses the received MED plus an inter-regional cost. Because our previous route table view appeared to be global, we weren’t able to accurately show unique regional priorities for dynamic routes. Our improved route view provides an accurate, regionalized route table for each region of a VPC network.
Clear next hops: Some next hop types for dynamic routes appeared as IP addresses in our previous route tables – for example, as an IP address from the 169.254.0.0/16 link-local range. In our improved route view, we clearly show next hops for dynamic routes by labeling them with links to a VPN tunnel, VLAN attachment, or router appliance VM.
Peering custom routes included: Our previous route tables had a confusing number of tabs but didn’t reliably show peering static and peering dynamic routes. We now clearly show peering custom routes, after conflict resolution among peers and with local custom routes.

Clear regional route tables

Our improved route views are currently available in two places:

the VPC network → Routes page
the Routes tab in each VPC network details page (VPC network → VPC networks)

VPC network → Routes

We replaced the previous three tab design (ALL, DYNAMIC, PEERING) with a two tab design (EFFECTIVE ROUTES and ROUTE MANAGEMENT):

The EFFECTIVE ROUTES tab shows all types of routes per region and VPC network. In this tab, you select a VPC network and a region. You can filter by route attribute – for example, route type, destination, or next hop type.
Use the ROUTE MANAGEMENT tab to add and delete static routes and policy-based routes. This tab is global because static and policy-based routes are applied to all regions of your VPC network.

https://storage.googleapis.com/gweb-cloudblog-publish/images/3_kG4Bxlt.max-1100x1100.png

VPC network details

The ROUTES tab in the VPC network details page now works in the same way as an EFFECTIVE ROUTES tab. Since this page is already in the context of a single VPC network, you only need to select a region to get the routes for that region of the VPC network.

The ROUTES tab also includes a link to a Route Management section.

https://storage.googleapis.com/gweb-cloudblog-publish/images/4_5eEG4qg.max-1700x1700.png

Clear next hops

Previous routes view: A dynamic route’s VLAN attachment next hop appears as a link-local IP address for its BGP session. Before, you’d have to remember that IP address then click through Cloud Routers in the Hybrid Connectivity section of the Cloud Console in order to find the corresponding VLAN attachment.

https://storage.googleapis.com/gweb-cloudblog-publish/images/5_dsG1Evq.max-1000x1000.jpg

Improved routes view: A dynamic route’s VLAN attachment next hop is clearly identified with a link that takes you right to the VLAN attachment details.

https://storage.googleapis.com/gweb-cloudblog-publish/images/6_5gkIffZ.max-800x800.jpg

Peering custom routes included

Custom routes received through VPC Network Peering are included in a VPC network’s regional effective routes view. We include logic for handling situations where imported custom routes are ignored; for example, a local custom route displaces an imported peering custom route for the same destination (prefix), regardless of route priorities.

https://storage.googleapis.com/gweb-cloudblog-publish/images/7.max-1300x1300_lbumG9k.png

A foundation for the future

Our route view improvements provide a foundation for the future, and we intend to support additional route types and features as soon as those features reach General Availability.

_{We thank the Google Cloud team member who contributed to the blog:}_{Selin Goksu, Technical Solutions Developer, Google}

Posted in