Establishing 99.99% Availability for Partner Interconnect

In this tutorial, you will create and configure resources to achieves 99.99% availability, using Partner Interconnect. Google recommends this configuration for production-level applications, such as mission-critical operations that have a low tolerance for downtime.

The following resources and settings are required to achieve 99.99% availability:

  • Four VLAN attachments, two per GCP region. Even if you only have VM instances in a single region, you must use two regions. If a region-wide issue occurs, GCP can reroute traffic through the other region to your VM instances. Each VLAN attachment must be have its own Cloud Router (four different Cloud Routers).
  • The attachments in one region must connect to an interconnect in one metro, and attachments in the other region must connect to an interconnect in another metro. For more information about choosing an interconnect location, see Requesting Connections.
  • The dynamic routing mode for the VPC network must be global. With global dynamic routing, Cloud Routers can advertise all subnets and propagate learned routes to all subnets regardless of the subnet's region.
  • Depending on your hardware and availability requirements, you might have one or more routers in your on-premises network.

The following tutorial uses the following resource names, regions, and interconnect locations. As you walk through the tutorial, replace these values with your own.

Region Router name VLAN attachment name Connection location Edge availability domain
us-central1 router-central-a attach-central-a Dallas 1
us-central1 router-central-b attach-central-b Dallas 2
us-east4 router-east-a attach-east-a Ashburn 1
us-east4 router-east-b attach-east-b Ashburn 2

The following example topology shows four layer 2 connections in two different metros. Within each metro, each connection is in a different edge availability domain: Dallas - domain 1, Dallas - domain 2, Ashburn - domain 1 and Ashburn - domain 2. The Cloud Routers (one for each VLAN attachment) are in the vpc1 network in the us-central1 and us-east4 regions. For layer 2 connections, users configure BGP sessions on their on-premises routers to each of their Cloud Routers.

Diagram of redundant interconnects for 99.9% availability using layer 2 (click to enlarge)
Redundant interconnects for 99.99% availability (click to enlarge)

Similar to the layer 2 topology, the following layer 3 topology shows four connections in two different metros and in different edge availability domains. The Cloud Routers (one for each VLAN attachment) are in the vpc1 network in the us-central1 and us-east4 regions. For layer 3 connections, the service provider configures the BGP sessions.

Diagram of redundant interconnects for 99.9% availability using layer 3 (click to enlarge)
Redundant interconnects for 99.99% availability (click to enlarge)

Preferred path

For 99.99% of availability, you must set the dynamic routing mode of your VPC networks to global. With global dynamic routing, Cloud Router advertises routes to all subnets in the VPC network. However, Cloud Router advertises routes to remote subnets (subnets outside of the Cloud Router's region) with a lower priority compared to local subnets (subnets that are in the Cloud Router's region). For more information, see Dynamic routing mode in the Cloud Router documentation.

In the example topology, ingress traffic to the VPC network prefers to go through us-central1 because those routes have a higher priority compared to routes from the us-east4 region. Traffic traverses through us-east4 only if the connections in us-central1 fail.

You can change route priorities when you configure a Cloud Router's BGP session. The BGP session has an option for an advertised route priority (a MED value). A lower value means higher priority. You can, for example, configure the BGP sessions in us-east4 with a higher priority, making that region the preferred path. For more information, see Route metrics in the Cloud Router documentation.

Procedure

The following sections walk through the steps for creating the previous topology. To create a topology that's tailored for you, replace the sample input values with your own. For example, replace the vpc1 network name with your VPC network name.

Creating the VPC network

For the vpc1 network, create a network with custom subnets and set its dynamic routing mode to global. For more information, see Creating a new VPC network with custom subnets in the VPC documentation.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. Click Create VPC network.
  3. For the Name field, enter vpc1.
  4. For the Subnet creation mode, select Custom
  5. Specify the details of your subnet:
    1. Name — Enter subnet-uscentral1.
    2. Region — Select us-central1.
    3. IP address range — Specify an IP range, such as 192.168.1.0/24. Use a range that doesn't overlap with your on-premises network.
  6. Click Add subnet.
  7. Specify the details of your second subnet:
    1. Name — Enter subnet-useast4.
    2. Region — Select us-east4.
    3. IP address range — Specify an IP range, such as 192.168.2.0/24. Use a range that doesn't overlap with your on-premises network.
  8. In the Dynamic routing mode section, select Global.
  9. Click Create.

gcloud

  1. Create a custom subnet network.

    gcloud compute networks create vpc1 \
      --subnet-mode custom \
      --bgp-routing-mode global

  2. Specify the subnet prefixes for the us-central1 and us-east4 regions.

    gcloud compute networks subnets create subnet-uscentral1 \
      --network vpc1 \
      --region us-central1 \
      --range 192.168.1.0/24

    gcloud compute networks subnets create subnet-useast4 \
      --network vpc1 \
      --region us-east4 \
      --range 192.168.2.0/24

Creating Cloud Routers

Create four Cloud Routers, one for each VLAN attachment. For Partner Interconnect, all Cloud Routers must have a local ASN of 16550.

Console

  1. Go to the create Cloud Router page in the Google Cloud Platform Console.
    Go to the Routers page
  2. Specify the Cloud Router details.
    • Name — Specify router-central-a for the name of the first Cloud Router.
    • VPC network — Specify vpc1, which is the name of the network where the on-premises network extends to.
    • Region — Specify us-central1, which is the region where the Cloud Router is configured, as shown in the example topology.
    • Google ASN — Specify 16550, which is required for Partner Interconnect.
  3. Duplicate the first Cloud Router but change the name to router-central-b.
  4. Create two more Cloud Routers with same attributes in the us-east4 region with the names router-east-a and router-east-b.

gcloud

  1. Create two Cloud Routers in the vpc1 network in the us-central1 region. Use ASN 16550 for both Cloud Routers.

     gcloud compute routers create router-central-a \
       --asn 16550 \
       --network vpc1 \
       --region us-central1

     gcloud compute routers create router-central-b \
       --asn 16550 \
       --network vpc1 \
       --region us-central1

  2. Create two Cloud Routers in the vpc1 network in the us-east4 region. Use ASN 16550 for both Cloud Routers.

     gcloud compute routers create router-east-a \
       --asn 16550 \
       --network vpc1 \
       --region us-east4

     gcloud compute routers create router-east-b \
       --asn 16550 \
       --network vpc1 \
       --region us-east4

Creating VLAN attachments

Create four VLAN attachments and pair them with Cloud Routers, as shown in the following list:

  • router-central-a is associated with attach-central-a
  • router-central-b is associated with attach-central-b
  • router-east-a is associated with attach-east-a
  • router-east-b is associated with attach-east-b

Console

  1. Go to the Cloud Interconnect VLAN attachments tab in the Google Cloud Platform Console.
    Go to VLAN attachments tab
  2. Select Add VLAN attachment.
  3. Select Partner Interconnect to create Dedicated VLAN attachments, and then select Continue.
  4. Select I already have a service provider.
  5. Select Create a redundant pair of VLANs.
  6. For the Network and Region fields, select the vpc1 network and the us-central1 region, which specifies the VPC network and region to connect to.
  7. Specify the details of the first VLAN attachment.
    • Cloud Router — Select the router-centreal-a Cloud Router.
    • VLAN attachment name — Specify attach-central-a for the attachment name. This name is displayed in the console and used by the gcloud command-line tool to reference the attachment.
  8. Specify the details of the second VLAN attachment.
    • Cloud Router — Select the router-centreal-b Cloud Router.
    • VLAN attachment name — Specify attach-central-b for the attachment name.
  9. Select Create to create the attachments, which takes a few moments to complete.
  10. Select OK to go back to a list of your VLAN attachments.
  11. Select Add VLAN attachment, and then create another redundant pair of attachments for the us-east4 region.

gcloud

  1. Create four attachments.

    gcloud compute interconnects attachments partner create attach-central-a \
      --router router-central-a \
      --region us-central1 \
      --edge-availability-domain availability-domain-1

    gcloud compute interconnects attachments partner create attach-central-b \
      --router router-central-b \
      --region us-central1 \
      --edge-availability-domain availability-domain-2

    gcloud compute interconnects attachments partner create attach-east-a \
      --router router-east-a \
      --region us-east4 \
      --edge-availability-domain availability-domain-1

    gcloud compute interconnects attachments partner create attach-east-b \
      --router router-east-b \
      --region us-east4 \
      --edge-availability-domain availability-domain-2

Retrieving pairing keys

After you create your VLAN attachments, GCP generates generates pairing keys for each one. Pairing keys enable service providers to identify your VLAN attachment without you having to share information about your project or resource names.

Console

  1. Go to the Cloud Interconnect VLAN attachments tab in the Google Cloud Platform Console.
    Go to VLAN attachments tab
  2. Find the attach-central-a VLAN attachment, and then select View instructions.

The console shows the pairing key for the attachment. Copy and record the key. You'll share these keys with your service provider when you request a connection with them.

  1. Select OK to return to the list of VLAN attachments.
  2. Retrieve the pairing keys for the attach-central-b, attach-east-a, and attach-east-b VLAN attachments.

gcloud

  1. Retrieve the VLAN attachment pairing keys by describing each one. Use these keys to request connections with your service provider.

    gcloud compute interconnects attachments describe attach-central-a \
      --region us-central1

    The previous command outputs the following information:

    adminEnabled: false
    edgeAvailabilityDomain: AVAILABILITY_DOMAIN_1
    creationTimestamp: '2017-12-01T08:29:09.886-08:00'
    id: '7976913826166357434'
    kind: compute#interconnectAttachment
    labelFingerprint: 42WmSpB8rSM=
    name: attach-central-a
    pairingKey: 7e51371e-72a3-40b5-b844-2e3efefaee59/us-central1/1
    region: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1
    router: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1/routers/router-central-a
    selfLink: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1/interconnectAttachments/attach-central-a
    state: PENDING_PARTNER
    type: PARTNER
    

  2. Record the value of the pairingKey for each VLAN attachment.

Requesting connections from your service provider

Reach out to your service provider and request four connections, one for each VLAN attachment. The service provider will require the pairing key, capacity, and location for each attachment.

Attachments from one GCP region must connect to a single location (city). In this example, attach-central-a and attach-central-b are connected to Dallas. While attach-east-a and attach-east-b are connected to Ashburn.

After their configuration is complete, you'll receive an email notification indicating that you can activate your attachments.

Activating VLAN attachments

After your service provider configures your VLAN attachments, you must activate them before they can start passing traffic. In you had pre-activated your attachments, you would skip this section.

Console

  1. Go to the VLAN attachments tab in the Google Cloud Platform Console.
    Go to VLAN attachments tab
  2. Select the attach-central-a VLAN attachment to view its details page.
  3. If the status of your attachment is Waiting for service provider, wait until your service provider has completed the VLAN configuration.
  4. Review the Interconnect information to check that the expected service provider configured the VLAN attachment
  5. Click Activate to activate it.
  6. Go back to the VLAN attachments page and activate the other attachments.

gcloud

  1. Describe each VLAN attachment to verify whether your service provider completed configuring them, as shown in the following example:

    gcloud compute interconnects attachments describe attach-central-a \
      --region us-central1 \
      --format '(name,state,partnerMetadata)'

    gcloud compute interconnects attachments describe attach-central-b \
      --region us-central1 \
      --format '(name,state,partnerMetadata)'

    gcloud compute interconnects attachments describe attach-east-a \
      --region us-east4 \
      --format '(name,state,partnerMetadata)'

    gcloud compute interconnects attachments describe attach-east-b \
      --region us-east4 \
      --format '(name,state,partnerMetadata)'

    After your service provider configures your VLAN attachments, the state of your attachments change from PENDING_PARTNER to PENDING_CUSTOMER. If the state is still PENDING_PARTNER, wait until your service provider has completed the VLAN configuration.

  2. Check the partnerMetadata field to verify that the correct service provider configured your VLAN attachments.

    If an unexpected third party configured your VLAN attachment, delete attachment and then create a new one, which generates a new pairing key. Use the new pairing key to request another connection with your service provider.

  3. If the correct service provider has configured your VLAN attachments, activate them by using the --adminEnabled flag, as shown in the following example:

    gcloud compute interconnects attachments partner update attach-central-a \
    --region us-central1 \
    --admin-enabled

    gcloud compute interconnects attachments partner update attach-central-b \
    --region us-central1 \
    --admin-enabled

    gcloud compute interconnects attachments partner update attach-east-a \
    --region us-east4 \
    --admin-enabled

    gcloud compute interconnects attachments partner update attach-east-b \
    --region us-east4 \
    --admin-enabled

Configuring Routers

Google automatically adds a BGP peer on each Cloud Router. For layer 2 connections, you must add your on-premises ASN to each BGP peer. For layer 3 connections, you don't need to do anything; Google automatically configures your Cloud Routers with your service provider's ASN.

Console

  1. Go to the VLAN attachments tab in the Google Cloud Platform Console.
    Go to VLAN attachments tab
  2. Select the attach-central-a VLAN attachment to view its details page.
  3. Click Configure BGP to configure the Cloud Router that's associated with this VLAN attachment.
  4. In the Peer ASN field, add the ASN of your on-premises router.
  5. Click Save and continue.
  6. Go back to the VLAN attachments page and add your on-premises ASN to the other Cloud Routers.

gcloud

  1. Describe the Cloud Router that's associated with the attach-central-a VLAN attachment. In the output, find the name of the automatically created BGP peer that's associated with your VLAN attachment. The values of ipAddress and peerIpAddress of the BGP peer must match the values of cloudRouterIpAddress and customerRouterIpAddress of your attachment.

    gcloud compute routers describe router-central-a \
      --region us-central1

    bgp:
      advertiseMode: DEFAULT
      asn: 16550
    bgpPeers:
    - interfaceName: auto-ia-if-attachment-central-a-c2c53a710bd6c2e
      ipAddress: 169.254.67.201
      managementType: MANAGED_BY_ATTACHMENT
      name: auto-ia-bgp-attachment-central-a-c2c53a710bd6c2e
      peerIpAddress: 169.254.67.202
    creationTimestamp: '2018-01-25T07:14:43.068-08:00'
    description: 'test'
    id: '4370996577373014668'
    interfaces:
    - ipRange: 169.254.67.201/29
      linkedInterconnectAttachment: https://www.googleapis.com/compute/alpha/projects/customer-project/regions/us-central1/interconnectAttachments/customer-attachment1-partner
      managementType: MANAGED_BY_ATTACHMENT
      name: auto-ia-if-attachment-central-a-c2c53a710bd6c2e
    kind: compute#router
    name: partner
    network: https://www.googleapis.com/compute/v1/projects/customer-project/global/networks/vpc1
    region: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1
    selfLink: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1/routers/router-central-a

  2. Update the BGP peer with your on-premises router's ASN.

    gcloud compute routers update-bgp-peer router-central-a \
      --peer-name auto-ia-bgp-attachment-central-a-c2c53a710bd6c2e \
      --peer-asn [ON-PREM ASN] \
      --region us-central1

After the BGP sessions have been established, you can pass between your VPC and on-premises networks through your service provider's network.

What's next

  • For more information about each of these steps, see the relevant Partner Interconnect how-to guide.
Var denne side nyttig? Giv os en anmeldelse af den:

Send feedback om...