Networking overview

This page explains how to use networking with Private Service Connect service connectivity automation.

On this page:

• Networking setup guidance
• Supported networking architecture
• Frequently asked questions

Networking setup guidance

As a reader of this page, you likely fit into one of two roles, each having different tasks to accomplish (you may have overlap between these roles). Knowing which role you fit in and your role's goals helps you accomplish your networking and instance creation tasks quickly and efficiently.

Two possible roles you may fit are as follows:

• Role 1 – Redis Admin

  • Your goal is to create a Memorystore for Redis Cluster instance. You are reading this page to learn if you have the required prerequisites necessary to create an instance that uses a service connection policy for networking. When using this networking setup, service connection policies authorize automatic life cycle management of Private Service Connect connections.

  • Once you know the proper service connection policy has been established for your network, your goal is to get the full network name (that has the format projects/NETWORK_PROJECT_ID/global/networks/NETWORK_ID) from your Network Admin so you can use it to Create an instance.

    • Once the correct service connection policy exists, service connectivity automation automatically deploys connectivity for a Memorystore for Redis Cluster instance during instance creation.

• Role 2 – Network Admin

  • Your goal is to find out if the proper service connection policy has been created for the network on which the Redis Admin wants to deploy a Memorystore for Redis Cluster instance. If the service connection policy hasn't been created, create it. The purpose of the policy is to allow Memorystore to automate private connectivity to the Memorystore service. For instructions on how to configure and manage a service connection policy, see Configure service connection policies.

    • Use the service class gcp-memorystore-redis when creating the service network policy.

  • Your next goal is to provide the network name to the Redis Admin so they can use it to create an instance.

  • If you are the Network Admin, you must have the required roles to create a service connection policy.

Prerequisites required for using service connection policy networking

As described in Service connection policies, a service connection policy is unique to your network, region, and service class. If you want to use a service connection policy to enable automatically deployed Private Service Connect connections, the policy must exist for your region, network, and gcp-memorystore-redis service class before you create a Memorystore for Redis Cluster instance. You must also make sure the necessary APIs are enabled before you can create an instance. For additional details about how the service connection policies configure Private Service Connect connections and the lifecycle of those connections, see Deploy a managed service and configure connectivity.

Communicate networking requirements

If you are reading this as a Redis Admin, ask your Network Admin if a service connection policy exists for the region, network, and gcp-memorystore-redis service class where you want to create your instance. Once your Network Admin has created the policy, ask them for the full network name (that has the format projects/NETWORK_PROJECT_ID/global/networks/NETWORK_ID) so you can use it to create a Memorystore for Redis Cluster instance.

Send your Network Admin a link to this page so they can understand the service connection policy prerequisites needed for you to create an instance.

Enable APIs

As a Redis Admin, before you can create a Memorystore for Redis Cluster instance, you must enable all of the APIs listed in Before you begin.

Shared VPC

In addition to standard VPC networks, Memorystore for Redis Cluster also supports Shared VPC networks.

Shared VPC setups have a host project and one or more service projects. The service connection policy for Memorystore for Redis Cluster is defined in the host project by the Network Admin. Redis Admins typically create Memorystore for Redis Cluster instances in service projects.

For a quickstart on creating an instance with Shared VPC, see Instance provisioning on a Shared VPC network.

Reserved network addresses

After you successfully create a Memorystore for Redis Cluster instance that uses a service connection policy, Memorystore reserves two network addresses for the instance. They are used to serve the traffic for your instance. One of these is the discovery endpoint that you use to connect to your instance.

Supported networking architecture

Memorystore for Redis Cluster supports the network architectures described in this section.

Same network, project, and region client access example

In this example the client and Memorystore endpoint IPs are located in the same network, project, and region.

Same network and project, but multi region client access example

In this example the client and Memorystore endpoint IPs are located in the same network and project, but in multiple regions.

Shared VPC client access example

In this example the clients are located in different Shared VPC projects. Although clients in this example are in the same region, clients from different regions are also supported.

On-premises access example

This diagram shows an example of a client connecting to Memorystore from an on-premises network using Cloud Interconnect and Cloud Router. Although Cloud Interconnect and Cloud Router intfrastructure is used, the client machines in the on-premises network connect to Redis using the Memorystore endpoint IP addresses. For example, in the diagram below, clients connect directly to 10.142.0.10 and 10.142.0.11.

For instruction on finding your instance's discovery endpoint IP address, see View your cluster's discovery endpoint.

Frequently asked questions

This section covers networking FAQs for Memorystore for Redis Cluster.

Do I need a service connection policy?

It depends. For network connectivity, you have two options: a service connection policy or user-registered Private Service Connect connections. You can use the first option, the second option, or both of them together if you choose a multi-VPC setup.

User-registered PSC connections exist to enable you to connect multiple VPC networks, if needed. If you don't need multiple VPC networks, you can establish connectivity using a user-registered PSC connection, however we recommend using a service connection policy, because the process is more straightforward.

Why do the Network Connectivity and Service Consumer Management APIs need to be enabled?

If you set up networking using a service connection policy, Memorystore for Redis Cluster uses Private Service Connect service connectivity automation to automate deployment and connectivity in the consumer network. The automation needs these APIs to be enabled. If they are not enabled, cluster creation operations fail.

What permissions are needed for setting up Memorystore for Redis Cluster networking?

• If you are a Redis Admin trying to accomplish the Redis Admin tasks described on this page, you need the redis.admin role. The Permissions and their roles section explains what roles are needed for different Redis cluster permissions.

• If you are a Network Admin trying to accomplish the Network Admin tasks described on this page, you need the compute.networkAdmin role.

How can set up connectivity for my on-premises network?

In addition to the guidance explained on this page, you can learn about setting up on-premises connectivity at:

• Access endpoints from hybrid networks.
• On-premises and hybrid access.