Google Cloud Interconnect - Partner (Partner Interconnect) provides connectivity between your on-premises network and your VPC network through a supported service provider. A Partner Interconnect connection is useful if your data center is in a physical location that can't reach a Dedicated Interconnect colocation facility or if your data needs don't warrant an entire 10 Gbps connection.
Before you use Partner Interconnect
- You must be familiar with the Cloud Interconnect terminology described in Key Terminology.
- You must work with a supported service provider to establish connectivity between their network and your on-premises network.
How does Partner Interconnect work?
Service providers have existing physical connections to Google's network that they make available for their customers to use.
After you establish connectivity with a service provider, you can request a Partner Interconnect connection from your service provider. After the service provider provisions your connection, you can start passing traffic between your networks by using the service provider's network.
The following diagram provides a high-level overview of a customer using a service provider to connect to Google:
Layer 2 versus layer 3 connectivity
Supported service providers offer layer 2 connectivity, layer 3 connectivity, or both. Work with your service provider to understand their offerings and requirements. For more information, see the list of supported service providers.
For layer 2 connections, you must configure and establish a BGP session between your Cloud Routers and on-premises routers for each VLAN attachment that you create. The BGP configuration information is provided by the VLAN attachment after your service provider has configured it.
For layer 3 connections, your service provider establishes a BGP session between your Cloud Routers and their edge routers for each VLAN attachment. You don't need to configure BGP on your on-premises router. Google and your service provider automatically set the correct configurations.
Because the BGP configuration for layer 3 connections is fully automated, you can pre-activate your connections (VLAN attachments). When you enable pre-activation, the VLAN attachments are active as soon as the service provider configures them. For more information about pre-activation, see Pre-activation.
Basic topology diagrams
The following topology diagrams show example Partner Interconnect connections for layer 2 and layer 3.
For layer 2 connections, traffic passes through the service provider's network to reach the VPC or on-premises network. BGP is configured between the on-premises router and a Cloud Router in the VPC network, as shown in the following diagram:
For layer 3 connections, traffic is passed to the service provider's network, and then their network routes the traffic to the correct destination, either to the on-premises network or to the VPC network. Connectivity between the on-premises and service provider networks depends on the service provider. For example, they might request that you establish BGP session with them or configure a static default route to their network.
Elements of a Partner Interconnect
A Partner Interconnect consists of multiple components, which are defined in the following list:
- VLAN attachment (also known as an InterconnectAttachment)
A VLAN attachment is a virtual point-to-point tunnel between your on-premises network and a single region in a VPC network.
To request Partner Interconnect connectivity from a service provider, you create a VLAN attachment in your GCP project. The VLAN attachment generates a unique pairing key that you share with your service provider. The service provider uses the pairing key, along with your requested connection location and capacity, to complete the configuration of your VLAN attachment.
After your service provider configures the attachment, they allocate a specific 802.1q VLAN for your connection.
- Partner Interconnect location
Partner Interconnect locations are cities where service providers connect to Google's network. When you request a connection with a service provider, you'll need to choose a location where your traffic enters Google's network.
Each location supports a subset of Google Cloud Platform (GCP) regions. These supported regions are where you can connect to your Cloud Routers and associated VLAN attachments. For example, if you choose the
Ashburnlocation, you can reach all of the North American regions, such as
us-west1. To see all of the locations that a service provider supports, see the list of supported service providers.
- Cloud Router
A Cloud Router is used to dynamically exchange routes between your VPC network and on-premises network via BGP. Before you can create a VLAN attachment, you must create or have an existing Cloud Router in the VPC network and region that you want to connect to.
Cloud Router advertises subnets in its VPC network and propagates learned routes to those subnets. For more information about Cloud Router, see the overview in the Cloud Router documentation.
The Cloud Router BGP configuration depends on whether you're using layer 2 or layer 3 connectivity. For layer 2, you establish a BGP session between your Cloud Router and on-premises router. For layer 3, your service provider establishes BGP between your Cloud Router and their edge router. For more information, see Layer 2 versus layer 3 connectivity.
Start by connecting your on-premises network to a supported service provider. Work with the service provider to establish connectivity.
Next, create a VLAN attachment for a Partner Interconnect in your GCP project. This generates a unique pairing key that you'll use to request a connection from your service provider. You'll also need to provide other information such as the connection location and capacity.
After the service provider configures your attachment, activate it to start using it. For more information about the provisioning process, see the Provisioning Overview in the Partner Interconnect how-to guide.
After you create a VLAN attachment and your service provider configures it, the attachment can't pass traffic until you activate it. Activation allows you to check that you're connecting to an expected service provider.
If you don't need to verify the connection and are using a layer 3 connection, you can choose to pre-activate the attachment. If you pre-activate the attachment, it can immediately pass traffic after it has been configured by your service provider. Consider pre-activation if you're using layer 3 and want your connection to activate without additional approval. Layer 3 providers automatically configure BGP sessions with your Cloud Routers so that BGP starts immediately. You don't need to return to Google after your service provider configures your attachments. If you want to verify who you're connecting to, don't pre-activate your attachments.
For layer 2 connections, there's no benefit for pre-activating VLAN attachments.
Redundancy and SLA
Depending on your availability needs, you can configure Partner Interconnect to support mission-critical services or applications that can tolerate some downtime. To achieve a specific level of reliability, Google has two prescriptive configurations, one for 99.99% availability and another for 99.9% availability.
Google recommends that you use the 99.99% availability configuration for production-level applications with a low tolerance for downtime. If your applications aren't mission-critical and can tolerate some downtime, you can use the 99.9% availability configuration.
For the 99.99% and 99.9% availability configurations, Google offers an SLA that applies only to the connectivity between your VPC network and the service provider's network. The SLA doesn't include the connectivity between your network and the service provider's network. If your service provider does offer an SLA, you be able to get an end-to-end SLA, based on the Google-defined topologies. Ask your service provider for more information.
99.99% availability (recommended)
For the highest level availability, Google recommends the 99.99% availability configuration. Clients in the on-premises network can reach the IP addresses of VM instances in the selected region through at least one of the redundant paths and vise versa. If one path is unavailable, the other paths can continue to serve traffic.
99.99% availability requires at least four VLAN attachments across two metros (one in each edge availability domain). You also need four Cloud Routers (two in each GCP region of a VPC network). Associate one Cloud Router with each VLAN attachment. You must also enable global routing for the VPC network.
For layer 2 connections, four virtual circuits are required, split between two metros. Layer 2 also requires you to add four BGP sessions to the on-premises router, one for each Cloud Router, as shown in the following example:
For a layer 3 connection, four connections between Google and your service provider are required. Create four VLAN attachments and then your service provider establishes four BGP sessions with each of your Cloud Routers. The VLAN attachments must be split between two metros, as shown in the following example:
Multiple service providers
You can use multiple service providers to build a highly available topology. You must build redundant connections for each service provider in each metro. For example, you might provision two primary connections by using a local service provider that's close to your data center. For the backup connection, you might use a long-haul service provider to build two connections in a different metro. You must ensure that this topology meets all of your requirements for availability.
Don't split redundant connections between two different service providers. If you build a single connection with each service provider, the Google SLA doesn't apply and you might lose connectivity during regular maintenance.
Balancing egress traffic with redundant VLAN attachments
When you have a redundant topology similar to the 99.99% configuration, there are multiple paths for traffic to traverse from the VPC network to your on-premises network. For Cloud Routers in the same region, if they receive the same announcement with equal cost (same CIDR range and same MED value), GCP uses ECMP to balance the egress traffic across connections.
- For information about the provisioning process for a Partner Interconnect connection, see Provisioning Overview in the Partner Interconnect how-to guides.
- To view a list of supported service providers, see Supported Service Providers.
- To achieve 99.99% availability for Partner Interconnect, see Creating a Topology for Production-level Applications.
- To achieve 99.9% availability for Partner Interconnect, see Creating a Topology for Non-critical Applications (not recommended).