Creating a Topology for Production-level Applications (Recommended)

The following configuration achieves 99.99% availability, using Dedicated Interconnect. Google recommends this configuration for production-level applications, such as mission-critical operations that have a low tolerance for downtime.

The following resources and settings are required to achieve 99.99% availability:

  • Four interconnects, two interconnects in one metro (city) and two interconnects in another metro. Interconnects that are in the same metro must be in different metropolitan availability zones.
  • Four Cloud Routers, two in each GCP region.Even if you only have VM instances in a single region, you must use two regions. If a region-wide issue occurs, GCP can reroute traffic through other region to your VM instances. Also, each Cloud Router must be attached to a different interconnect (four different VLAN attachments).
  • The dynamic routing mode for the VPC network must be global. With global dynamic routing, Cloud Routers can advertise all subnets and propagate learned routes to all subnets regardless of the subnet's region.
  • Depending on your availability requirements, you might choose to have two or four routers in your on-premises network.

The following example topology shows four interconnects in the two different metros and different metro availability zones: lga-zone1-16, lga-zone2-1422, iad-zone1-1 and iad-zone2-1. The Cloud Routers (one for each interconnect) are in the vpc1 network in the us-central1 and us-east1 regions. Each router has its own BGP session.

Diagram of redundant interconnects for 99.99% availability (click to enlarge)
Redundant interconnects for 99.99% availability (click to enlarge)

Preferred path

With global dynamic routing, Cloud Router advertises routes to all subnets in the VPC network. Cloud Router advertises routes to remote subnets (subnets outside of the Cloud Router's region) with a lower priority compared to local subnets (subnets that are in the Cloud Router's region).

In the example topology, ingress traffic to the VPC network prefers to go through us-central1 because those routes have a higher priority compared to routes from the us-east1 region. Traffic traverses through us-east1 only if the connections in us-central1 fail.

You can change route priorities when you configure a Cloud Router's BGP session. The BGP session has an option for an advertised route priority (a MED value). A lower value means higher priority. You can, for example, configure the BGP sessions in us-east1 with a higher priority, making that region the preferred path.

Procedure

The following sections walk through the steps for creating the previous topology. To create a topology that's tailored for you, replace the sample input values with your own. For example, replace the vpc1 network name with your VPC network name.

Change VPC network's dynamic routing mode

For the vpc1 network, change its dynamic routing mode to global.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. Select the vpc1 network.
  3. Click Edit to modify its dynamic routing mode.
  4. In the Dynamic routing mode section, select Global.
  5. Click Save.

gcloud

gcloud compute networks update vpc1\
    --bgp-routing-mode global

Order interconnects

Order duplicate interconnects by using the Google Cloud Platform Console or gcloud command-line tool.

Console

  1. Go to the Interconnects page in the Google Cloud Platform Console.
    Go to Interconnects page
  2. Specify the details of the interconnect and then select Next.
    • Name — Specify int-lga1.
    • Description — Specify Example interconnect in LGA ZONE1.
    • Location — Choose Digital Realty | Telx New York (111 8th Ave) for the location, which is the PeeringDB name for the lga-zone1-16 location.
    • Capacity — Use the default capacity (10 Gbps).
  3. Specify details for the duplicate interconnect and then select Next.
    • Name — Specify int-lga2.
    • Description — Specify Example interconnect in LGA ZONE2 to indicate the interconnect is for this example topology.
    • Location — Choose zColo New York - 60 Hudson St for the location, which is the PeeringDB name for the lga-zone2-1422 location.
    • Capacity — Use the default capacity (10 Gbps).
  4. Specify your contact information.
    • Company name — This example uses the value The Customer for the company name. This name will be used in the LOA-CFA as the party authorized to request a cross connect.
    • Technical contact — This example uses the value customer@customer.com for the technical contact. You don't need to enter your own address; you'll be included in all notifications.
  5. Review your order. Check that your interconnect details and contact information are correct. If everything is correct, select Place order. If not, go back and edit the interconnect details.
  6. On the order confirmation page, review the next steps and then select Done.
  7. Order two more interconnects (int-iad1 and int-iad2) in the location Equinix Ashbun (DC1-DC11), which is the PeeringDB name for the iad-zone1-1 and iad-zone2-1 locations. Because the Ashburn facility has two zones, the console automatically selects the same facility but a different zone for the redundant interconnect.

gcloud

  1. Order four interconnects with the names int-lga1, int-lga2, int-iad1, and int-iad2.

 gcloud compute interconnects create int-lga1 \
   --customer-name "The Customer" \
   --description "Example interconnect in LGA ZONE1" \
   --interconnect-type DEDICATED \
   --link-type ETHERNET_10G_LR \
   --location lga-zone1-16 \
   --requested-link-count 1 \
   --noc-contact-email customer@customer.com

 gcloud compute interconnects create int-lga2 \
   --customer-name "The Customer" \
   --description "Example interconnect in LGA ZONE2" \
   --interconnect-type DEDICATED \
   --link-type ETHERNET_10G_LR \
   --location lga-zone2-1422 \
   --requested-link-count 1 \
   --noc-contact-email customer@customer.com

 gcloud compute interconnects create int-iad1 \
   --customer-name "The Customer" \
   --description "Example interconnect in IAD ZONE1" \
   --interconnect-type DEDICATED \
   --link-type ETHERNET_10G_LR \
   --location iad-zone1-1 \
   --requested-link-count 1 \
   --noc-contact-email customer@customer.com

 gcloud compute interconnects create int-iad2 \
   --customer-name "The Customer" \
   --description "Example interconnect in IAD ZONE2" \
   --interconnect-type DEDICATED \
   --link-type ETHERNET_10G_LR \
   --location iad-zone2-1 \
   --requested-link-count 1 \
   --noc-contact-email customer@customer.com

After you order an interconnect, Google emails you a confirmation and allocates ports for you. When the allocation is complete, Google generates LOA-CFAs for your cross connects and emails them to you. All of the automated emails are sent to the NOC contact and the person who ordered the interconnect.

You'll be able to use the interconnect only after your cross connects have been provisioned and tested. For more information about the provisioning process, see Provisioning Overview.

Create Cloud Routers

Create four Cloud Routers, one for each interconnect.

Console

  1. Go to the create Cloud Router page in the Google Cloud Platform Console.
    Go to the Routers page
  2. Specify the Cloud Router details.
    • Name — Specify rtr-cent1 for the name of the first Cloud Router.
    • VPC network — Specify vpc1, which is the name of the network where the on-premises network extends to.
    • Region — Specify us-central1, which is the region where the Cloud Router is configured, as shown in the example topology.
    • Google ASN — Specify 64513, which is the ASN for the example Cloud Router.
  3. Duplicate the first Cloud Router but change the name to rtr-cent2.
  4. Create two more Cloud Routers with same attributes in us-east1 region with the names rtr-east1 and rtr-east2.

gcloud

  1. Create two Cloud Routers in the vpc1 network in the us-central1 region. Use ASN 64513 for both Cloud Routers.

     gcloud compute routers create rtr-cent1 \
       --asn 64513 \
       --network vpc1 \
       --region us-central1

     gcloud compute routers create rtr-cent2 \
       --asn 64513 \
       --network vpc1 \
       --region us-central1

  2. Create two Cloud Routers in the vpc1 network in the us-east1 region. Use ASN 64513 for both Cloud Routers.

     gcloud compute routers create rtr-east1 \
       --asn 64513 \
       --network vpc1 \
       --region us-east1

     gcloud compute routers create rtr-east2 \
       --asn 64513 \
       --network vpc1 \
       --region us-east1

Create VLAN attachments

After your interconnects are ready to use (in the ACTIVE state), create VLAN attachments to Cloud Routers with the interconnects. Create four attachments, one for each interconnect and Cloud Router pairing. The connections are described in the following list:

  • rtr-cent1 is connected to int-lga1
  • rtr-cent2 is connected to int-lga2
  • rtr-east1 is connected to int-iad1
  • rtr-east2 is connected to int-iad2

Console

  1. Go to the Interconnects page in the Google Cloud Platform Console.
    Go to Interconnects page
  2. For the int-lga1 interconnect, select Configure.
  3. Select Add VLAN attachment to attach a new VLAN to your interconnect.
    • Name — Specify attachment-lga1-central1 for the name of the attachment.
    • Router — Select the rtr-cent1 Cloud Router.
  4. Select Create. The attachment takes a few moments to create.
  5. For the attachment, select Configure to add a BGP session to rtr-cent1. The Google and Peer BGP IP addresses are already populated by the VLAN attachment.
  6. Record the IP addresses, ASNs, and VLAN tag for each attachment. This information is required to configure the on-premises router.
  7. Select Save configuration to add the BGP session. The BGP sessions are inactive until you configure BGP on your on-premises router.
  8. Create three more attachments for the three other interconnect-Cloud Router pairings. Record the information for each attachment.

gcloud

  1. Create four attachments.

    gcloud compute interconnects attachments create attachment-lga1-central1 \
      --interconnect int-lga1 \
      --router rtr-cent1 \
      --region us-central1

    gcloud compute interconnects attachments create attachment-lga2-central1 \
      --interconnect int-lga2 \
      --router rtr-cent1 \
      --region us-central1

    gcloud compute interconnects attachments create attachment-iad1-east1 \
      --interconnect int-iad1 \
      --router rtr-east1 \
      --region us-east1

    gcloud compute interconnects attachments create attachment-iad2-east2 \
      --interconnect int-iad2 \
      --router rtr-east2 \
      --region us-east1

  2. Describe the attachment-lga1-central1 attachment to retrieve the resources that it allocated, such as the VLAN ID and BGP peering addresses. Use these values to configure the Cloud Router and on-premises router.

    gcloud compute interconnects attachments describe attachment-lga1-central1 \
      --region us-central1

    The previous command outputs the following information:

    cloudRouterIpAddress: 169.254.58.49/29
    creationTimestamp: '2017-08-15T08:34:11.137-07:00'
    customerRouterIpAddress: 169.254.58.50/29
    id: '5630382895290821276'
    interconnect:
    https://www.googleapis.com/compute/v1/projects/customer-project/global/interconnects/int-lga1
    kind: compute#interconnectAttachment
    name: attachment-lga1-central1
    operationalStatus: ACTIVE
    privateInterconnectInfo:
      tag8021q: 1000
    region: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1
    router: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1/routers/router1
    selfLink: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1/interconnectAttachments/attachment-lga1-central1
      

  3. Record the following values:

    • tag8021q — Specifies the VLAN ID, which is 1000. The VLAN ID identifies traffic that will go across this attachment. Use this value to configure a tagged VLAN subinterface on the on-premises router.
    • cloudRouterIpAddress — The Cloud Router IP address, which is 169.254.58.49/29. Assign this address to a Cloud Router interface, and specify this address as the BGP neighbor on the on-premises router.
    • customerRouterIpAddress — The customer router IP address, which is 169.254.180.82/29. On the Cloud Router, specify this address as the BGP peer address on the interface that has the Cloud Router IP address assigned to it. Assign this address to the VLAN subinterface on the on-premises router.
  4. On the rtr-cent1 Cloud Router, add an interface for the attachment-lga1-central1 attachment.

    gcloud compute routers add-interface rtr-cent1 \
      --interface-name rtr-cent1-1 \
      --interconnect-attachment attachment-lga1-central1 \
      --ip-address 169.254.58.49 \
      --mask-length 29 \
      --region us-central1

  5. Add a BGP peer to the interface. For this example, the on-premises ASN is 12345.

    gcloud compute routers add-bgp-peer rtr-cent1 \
      --interface rtr-cent1-1 \
      --peer-name central1 \
      --peer-ip-address 169.254.58.50 \
      --peer-asn 12345 \
      --advertised-route-priority 100 \
      --region us-central1

  6. Describe the other attachments, and then similarly configure a new BGP session on each of the Cloud Routers.

Configure on-premises routers

Use the information from the VLAN attachments to configure the on-premises routers. The following example is an excerpt from a Juniper router configuration. Use the sample as a starting point for configuring your own routers. For more information, see Configuring On-premises Routers.

interface ae20 {
  flexible-vlan-tagging;
  native-vlan-id 1;
  aggregated-ether-options {
    lacp {
      active;
     }
   }
  unit 1001 {
    vlan-id 1001;
    family inet {
      address 169.254.58.50/29;
    }
  }
}

protocols bgp {
  group google {
    type external;
    multihop {
      ttl 4;
    }
    hold-time 60;
    peer-as 64513;
    local-as 12345;
    local-address 169.254.58.50;
    neighbor 169.254.59.49 {
      ...
    }
  }
}

What's next

  • For more information about each of these steps, see the relevant how-to guide.
  • For help troubleshooting common issues, see the Troubleshooting guide.

Send feedback om...