Cloud Interconnect provides low latency, highly available connections that enable you to reliably transfer data between your on-premises and Virtual Private Cloud networks. Also, Cloud Interconnect connections provide internal IP address communication, which means internal IP addresses are directly accessible from both networks.
Cloud Interconnect offers two options for extending your on-premises network. Dedicated Interconnect provides a direct physical connection between your on-premises network and Google's network. Partner Interconnect provides connectivity between your on-premises and Google Cloud VPC networks through a supported service provider.
For a comparison to help you choose between the two offerings, see Choose Interconnect Type.
Benefits of Cloud Interconnect
- Traffic between your on-premises network and your VPC network doesn't traverse the public Internet. Traffic traverses a dedicated connection or through a service provider with a dedicated connection. By bypassing the public Internet, your traffic takes fewer hops, so there are less points of failure where your traffic might get dropped or disrupted.
- Your VPC network's internal IP addresses are directly accessible from your on-premises network. You don't need to use a NAT device or VPN tunnel to reach internal IP addresses. For details, see IP addressing and dynamic routes.
You can scale your connection capacity to meet your particular requirements.
For Dedicated Interconnect, connection capacity is delivered over one or more 10 Gbps or 100 Gbps Ethernet connections, with the following maximum capacities supported per interconnect:
- 8 x 10 Gbps connections (80 Gbps total)
- 2 x 100 Gbps connections (200 Gbps total)
For Partner Interconnect, the following connection capacities for each interconnect attachment (VLAN) are supported:
- From 50 Mbps to 10 Gbps up to 8 x 10 Gbps interconnect attachments (VLANs) (80 Gbps)
You can request 100G connections at any of the locations listed on the Colocation facilities page.
Dedicated Interconnect, Partner Interconnect, Direct Peering, and Carrier Peering can all help you optimize egress traffic from your VPC network and can help you reduce your egress costs. Cloud VPN, by itself, does not reduce egress costs.
You can use Cloud Interconnect in conjunction with Private Google Access for on-premises hosts so that on-premises hosts can use internal IP addresses rather than external IP addresses to reach Google APIs and services. For more information, see Private Access Options in the VPC documentation.
If you don't require the low latency and high availability of Cloud Interconnect, consider using Cloud VPN to set up IPsec VPN tunnels between your networks. IPsec VPN tunnels encrypt data using industry-standard IPsec protocols as traffic traverses the public Internet.
A Cloud VPN tunnel doesn't require the overhead or costs associated with a direct, private connection. Cloud VPN only requires a VPN device in your on-premises network.
IP addressing and dynamic routes
When you connect your VPC network to your on-premises network, you allow communication between the IP address space of your on-premises network and some or all of the subnets in your VPC network. Which VPC subnets are available depends on the dynamic routing mode of your VPC network. Subnet IP ranges in VPC networks are always internal IP addresses.
The IP address space on your on-premises network and on your VPC network must not overlap, or traffic will not be routed properly. Remove any overlapping addresses from either network.
Your on-premises routers share the routes to your on-premises network to the Cloud Routers in your VPC network, creating custom dynamic routes in your VPC network, each with a next hop set to the appropriate interconnect attachment (VLAN).
Unless modified by custom advertisements, Cloud Routers in your VPC network share VPC network subnet IP address ranges with your on-premises routers according to the dynamic routing mode of your VPC network.
The following configurations require that you create a custom route advertisement on your Cloud Router to direct traffic from your on-premises network destined for certain internal IP addresses through a Cloud Interconnect:
- Configuring Private Google Access for on-premises hosts
- Creating a Cloud DNS forwarding zone
- Alternative name server networking requirements
Transitive routing support
You can create a hub-and-spoke linking of VPC networks and your on-premises network as long as you don't include more than one on-premises network.
Although it is technically possible to create a hub-and-spoke configuration that links two or more on-premises networks to each other by using a VPC network and VPNs or Cloud Interconnect, such a setup is a violation of the Terms of Service.
For answers to common questions about Cloud Interconnect architecture and features, see the Cloud Interconnect FAQ.
Learn more about each Cloud Interconnect offering before you start the provisioning process: