Powering enterprise transformation: Announcing new additions to Google Cloud Networking
Brad Calder
Vice President and GM, Google Cloud
Your cloud applications need network infrastructure that is fast, reliable and secure. At the same time, you need networking services that enable you to build a new generation of hybrid and cloud-native applications on this infrastructure. Today, we’re excited to announce several new additions to our Google Cloud networking portfolio to help you seamlessly connect, scale, secure and modernize enterprise environments, while helping you take advantage of cloud-native technologies.
Introducing Traffic Director for open service mesh (beta)
Organizations are increasingly building applications based on containers and microservices, while continuing to run existing VM-based and other workloads. Yet they want the freedom to deploy them in hybrid and multi-cloud configurations. We have been leading the way with networking tools to simplify multi-cloud services management and believe that service mesh technology is particularly well suited to managing these kinds of environments in a consistent fashion. To accelerate adoption and reduce the toil of managing service mesh, we’re excited to introduce Traffic Director, our new GCP-managed, enterprise-ready configuration and traffic control plane for service mesh that enables global resiliency, intelligent load balancing, and advanced traffic control capabilities like canary deployments.
Currently in beta, Traffic Director delivers configuration and traffic control intelligence to sidecar service proxies (like Envoy) in the service mesh data plane using open xDS APIs. Traffic Director provides global resiliency for your services by allowing you to deploy application instances in multiple Google Cloud regions. It delivers intelligence to the service proxies to load balance traffic to the closest available instance and to automatically failover or overflow to an instance in another region, if all instances in the closest region are unavailable. You can also easily deploy features (currently in alpha) like traffic splitting for canary rollouts and A/B testing, timeouts, retries, circuit breakers and other advanced traffic control capabilities. (Get access to traffic control alpha features.)
“Traffic Director makes it easier to bring the benefits of service mesh and Envoy to production environments,” says Matt Klein, creator of Envoy Proxy. “With Envoy providing a universal data plane, Traffic Director delivers a fully managed traffic control plane with an open interface to avoid lock-in. Traffic Director’s global load balancing and rich traffic control help reduce the toil of traffic management for both enterprise and cloud-native end-users.”
Traffic Director supports both VM-based (Compute Engine) and containerized (Google Kubernetes Engine or self-managed) services, so you can modernize at your pace. We have a comprehensive roadmap for Traffic Director including security features, hybrid support, and integration with Anthos. Learn more about Traffic Director here.
Announcing High Availability VPN and 100 Gbps Interconnect (beta)
Resilient connectivity is the foundation for deploying and managing multi-cloud services. High availability (HA) VPN, soon in beta, lets you connect your on-premises deployment to GCP Virtual Private Cloud (VPC) with an industry-leading SLA of 99.99% service availability at general availability.
HA VPN delivers this resiliency with redundant tunnels that isolate failures and provide continuous connectivity. We offer two modes for HA VPN: active/active, in which both redundant tunnels carry traffic under normal operations, and active/passive, in which one tunnel actively carries traffic while the other one acts as a backup.
In addition, we’re excited to announce a new 100 Gbps Dedicated Interconnect to connect your hybrid and multi-cloud deployments. In concert with Cloud Interconnect’s industry-leading SLA of 99.99%, 100 Gbps circuits open the door to bandwidth-heavy use cases like ingesting data into Google Cloud Storage and massive data processing with BigQuery. If you need even greater capacity, you can simply bundle multiple 100 Gbps circuits using Link Aggregation Groups. Learn more about HA VPN and 100 Gbps Interconnect here.
Privately access Google and third-party SaaS services in GCP (GA)
Private Google Access from on-premises to the cloud is now generally available, allowing you to securely use Google services like Cloud Storage, BigQuery, as well as third-party SaaS through Cloud Interconnect or VPN. You can use the Private Google Access in conjunction with VPC Service Controls. VPC Service Controls let you extend your trust boundaries from GCP all the way to on-prem, allowing access to the data from a subset of Cloud Interconnects or VPNs, and denying attempts to access from outside of this trust boundary.
Learn more about Private Google Access from on-prem and VPC Service Controls here.
Your cloud network, your way with Network Service Tiers (GA)
With Network Service Tiers, Google Cloud customers can customize their network for performance or price on a per-workload basis, by selecting Premium or Standard Tier:
- Premier Tier leverages Google’s global private network, allowing your traffic to exit our network near your end user, thereby providing highly reliable and low-latency delivery.
- Standard Tier is similar to the network you get from other cloud providers, where your traffic quickly exits the region your data is located in and travels over the internet to reach your end user.
Network Service Tiers are now generally available (GA), so you can choose the network that’s right for you. Learn more about Network Service Tiers here.
You asked, we delivered
In the past six months, we’ve launched many networking features to make it easy to:
Deploy and Connect
- DNS private zone GA—Create DNS records visible only from your VPC.
- DNS peering beta—Private DNS support for peered networks.
- DNS logging beta—Logging of private DNS queries through Stackdriver.
- Growing set of SD-WAN solutions via GCP Marketplace.
Scale, Secure, Optimize, Monitor
- User defined headers for HTTP(S) LB GA—Enable insertion of headers (with client geo, TLS version, RTT) by load balancer to requests sent to your instances.
- L4 Internal Load Balancing (ILB) features—DNS-based Service Discovery beta, L4 ILB All-ports GA, L4 ILB Failover Groups for ILB beta
- Google Cloud Armor IP Allow/Deny List for HTTP(S) LB GA. Can be used with Identity-Aware Proxy.
- Firewall logging GA—Audit, verify, and analyze the effects of your firewall rules.
- Control VPC flow logs volume—Reduce generated data by increasing log aggregation intervals.
- 32 Gbps VMs Beta—Increased throughput limit for VMs from 16 Gbps to 32 Gbps.
Modernize
- Managed SSL certificates beta—Delivers full life cycle management of your GKE ingress certificates, with provisioning, deployment, renewal and deletion.
- Network flow visibility, including intra-node communication—Log all your GKE network flows, including pod-to-pod within a node.
- Optimized IP allocation beta—Customize and optimize the IP space allocated to GKE clusters based on your cluster needs.
Stay tuned for deep dives into these offerings over the coming weeks.
In short, we’ve been busy, but we’re far from done. Let us know how you plan to use these new networking services, and what capabilities you’d like to have in the future. You can learn more about GCP’s cloud networking portfolio online and reach us at gcp-networking@google.com.