Key terms

This page provides important terms that apply to Cloud Interconnect. Review these terms to better understand how Cloud Interconnect works.

For more information, see the Cloud Interconnect overview.

Cloud Interconnect terms

The following key terminology describes the concepts on which Cloud Interconnect is built. Each section indicates whether a term applies to Dedicated Interconnect, Partner Interconnect, or both.

Cloud Interconnect elements

Interconnect (Dedicated)

The Cloud Interconnect connection represents a specific physical connection between Google and your on-premises network. This connection exists in a colocation facility where your on-premises network and Google's network meet.

A single connection can be a single 10G link, a single 100G link, or a link bundle. If you have multiple connections to Google at different locations or to different devices, you must create separate Cloud Interconnect connections.

VLAN attachment (Dedicated and Partner)

Also known as an interconnect attachment, a VLAN attachment is a logical connection between your on-premises network and a single region in your VPC network.

When you create a VLAN attachment, you associate it with a project, a region, an existing or new Cloud Router, and an existing Cloud Interconnect connection. Cloud Router then establishes a point-to-point BGP session over the attachment to your on-premises router.

  • For Dedicated Interconnect, the VLAN attachment uses a dedicated connection that you create to your on-premises router.
  • For Partner Interconnect, the attachment uses a connection set up and managed by your chosen partner.

Although a VLAN attachment used with Dedicated Interconnect or Partner Interconnect is not directly associated with a VPC network, it is indirectly tied to a single network because a Cloud Router can only be associated with a single VPC network. Therefore, the VLAN attachment is tied to the network that its Cloud Router is located in.

For Dedicated Interconnect

A VLAN attachment for Dedicated Interconnect allocates a single 802.1Q VLAN on your Dedicated Interconnect connection and connects it to a specific VPC network. Because each connection for Dedicated Interconnect supports multiple VLAN attachments, you can access multiple VPC networks without creating multiple connections.

Each attachment that you create is associated with a VPC network and a Google Cloud region:

  • When you associate an attachment for Dedicated Interconnect with a VPC network, this network must be in a project in the same organization as the project that contains the Cloud Interconnect connection.
  • The set of valid regions for an attachment depends upon the colocation facility used by the Cloud Interconnect.

You can set the capacity of each attachment. For a list of capacities, see the Pricing page. The default attachment capacity is 10 Gbps.

The capacity setting limits the maximum bandwidth that an attachment can use. If you have multiple attachments on a single Cloud Interconnect connection, the capacity limitation might be helpful in cases where you want to prevent network congestion on your connection. The maximum bandwidth is approximate, so it's possible for a attachment to use more bandwidth than the selected capacity.

Since the capacity setting only limits the egress bandwidth from Google Cloud to the colocation facility for the Cloud Interconnect connection, it's recommended that you configure an egress rate limiter on your router for your connection. Configuring this limiter enables you to cap the maximum ingress bandwidth to your VPC network for traffic using that connection.

For Partner Interconnect

To request Partner Interconnect connectivity from a service provider, you create a VLAN attachment in your Google Cloud project. The VLAN attachment generates a unique pairing key that you share with your service provider. The service provider uses the pairing key, along with your requested connection location and capacity, to complete the configuration of your VLAN attachment.

After your service provider configures the attachment, they allocate a specific 802.1q VLAN on your on-premises connection.

Cloud Router (Dedicated and Partner)

Cloud Router dynamically exchanges routes between your VPC network and your on-premises network using Border Gateway Protocol (BGP). Before you can create a VLAN attachment, you must create or use an existing Cloud Router in the VPC network that you want to connect to. You then associate the attachment with this Cloud Router. The Cloud Router creates a BGP session that connects to your on-premises (peer) router.

For detailed information about Cloud Router, see the overview.

The BGP configuration of the Cloud Router depends on whether you're using layer 2 or layer 3 connectivity. Dedicated Interconnect uses only layer 2 connectivity. Partner Interconnect can use layer 2 or layer 3 connectivity.

  • For layer 2, you establish a BGP session between your Cloud Router and your on-premises router.
  • For layer 3, your service provider establishes BGP between your Cloud Router and their edge router. For more information, see Layer 2 versus layer 3 connectivity.

Cloud Router advertises subnets in its VPC network and propagates learned routes to those subnets. Unless you configure custom route advertisements Cloud Router advertises the following routes:

  • If your VPC network uses regional dynamic routing mode, Cloud Router advertises subnet routes in region where it is located.
  • If your VPC network uses global dynamic routing mode, Cloud Router advertises subnet routes in all regions.

Cloud Router also creates custom dynamic routes in your VPC network for destinations it learns from your on-premises (peer) router. According to the dynamic routing mode of the VPC network (regional or global), Cloud Router makes those routes available to only the Cloud Router's region or to all regions.

Cloud Interconnect locations

Interconnect location or Colocation facility (Dedicated, with notes for Partner)

An Interconnect location is the colocation facility where a Cloud Interconnect physical connection is provisioned. This is where your on-premises routing equipment meets Google's peering edge.

A colocation facility is where Google has a point of presence (POP), enabling you to connect your on-premises network with Google's network. In the colocation facility, you work with the facility provider to provision your routing equipment before using Dedicated Interconnect.

Each Interconnect location supports a subset of Google Cloud regions. For example, lga-zone1-16 supports VLAN attachments in the regions northamerica-northeast1, us-east1, us-west1, us-west2, us-east4, and us-central1.

For a list of all locations and their supported regions, see Choosing colocation facility locations.

When using Partner Interconnect, partners have already set up connections to Google's network. The set of locations vary, depending on which partner you choose. When you set up your VLAN attachment, you can select from the partner's available locations. For a list of locations that each service provider supports, see the Service providers page.

Each partner location supports a subset of Google Cloud regions. These supported regions are where you can connect to your Cloud Routers and associated VLAN attachments. For example, if you choose the Ashburn location, you can reach all of the North American regions, such as us-east1 and us-west1. For a list of Google Cloud regions, see the Regions/zones page.

Service provider (Partner)

A network service provider for Partner Interconnect. To use Partner Interconnect, you must connect to a supported service provider. The service provider provides connectivity between your on-premises network and your VPC network.

Metropolitan area (metro) (Dedicated or Partner)

A metropolitan area (metro) is the city where a colocation facility is located.

The metro that you choose depends on the location of your on-premises network and the location of your Compute Engine VM instances (their Google Cloud region). Typically, you might want to pick a metro that's geographically close to your on-premises network to reduce latency. When configuring a redundant connection, you might choose an additional metro that is further away.

Each metro supports a subset of Google Cloud regions. You can create VLAN attachments only in these supported regions. For example, if you pick a facility in Ashburn, you can only create VLAN attachments in the North American regions. Assuming that your VM instances are also located in these regions, you can create VLAN attachments in the same regions as your VMs to reduce latency and egress costs. Otherwise, traffic would have to travel between regions to reach your VM instances or on-premises network.

For more information, see Choosing colocation facility locations.

Metropolitan availability domain (Dedicated or Partner)

An older term for Edge availability domain (EAD).

Edge availability domain (EAD) (Dedicated or Partner)

Each metropolitan area has at least two zones called edge availability domains. These domains provide isolation during scheduled maintenance, meaning that two domains in the same metro won't be down for maintenance at the same time. This isolation is important when you're building for redundancy.

Edge availability domains span a single metro, not across metros. To maintain availability and an SLA, you must build duplicate Interconnect connections in different EADs in the same metro. For example, building connections in dfw-zone1-4 and dfw-zone2-4 provides redundancy across different EADs, whereas building them in dfw-zone1-4 and dfw-zone1-505 do not because they are in the same EAD.

Maintenance windows are not coordinated across metros. For example, the edge availability domains dfw-zone1-4 and ord-zone1-7 could experience overlapping maintenance events. When connecting to multiple metros for redundancy, it is important to connect to different edge availability domains in each of those metros, as described in the production topology.

Provisioning and configuration

LOA-CFA (Dedicated)

A Letter of Authorization and Connecting Facility Assignment (LOA-CFA) identifies the connection ports that Google has assigned for your Dedicated Interconnect connection, and grants permission for a vendor in a colocation facility to connect to them. LOA-CFA documents are required when you order Dedicated Interconnect connections in a colocation facility.

When you order Dedicated Interconnect connections, Google allocates resources for your connections and then generates an LOA-CFA document for each one. The LOA-CFA lists the demarcation points that Google allocated for your connections. Submit this form to the facility vendor to provision cross-connects between Google's equipment and your own. After the status of a connection changes to PROVISIONED, the LOA-CFA is no longer valid, necessary, or available in the Google Cloud Console.

For more information about the provisioning flow, see the Dedicated Interconnect Provisioning overview.

Pairing key (Partner)

Pairing keys are used only for Partner Interconnect. It's a unique identifier that allows service providers to identify particular VLAN attachments without anyone sharing potentially sensitive information about their VPC network or Google Cloud project. Treat the pairing key as sensitive information until your VLAN attachment is configured. If it's discovered, it's possible for other parties to use it to connect to your network. The key is for one-time use and can't be modified. If you need a new pairing key, delete your VLAN attachment and create a new one.

Pairing keys use the following format:
<random>/<vlan-attachment-region>/<edge-availability-domain>. For example, 7e51371e-72a3-40b5-b844-2e3efefaee59/us-central1/2 is a pairing key for an VLAN attachment in the us-central1 region and edge availability domain 2.

Border Gateway Protocol (BGP) terms

The following terminology applies to the Border Gateway Protocol (BGP), which Cloud VPN and Cloud Interconnect use for dynamic routing.

Border Gateway Protocol (BGP)
An exterior gateway routing protocol standardized by the Internet Engineering Task Force (IETF) in RFC 1722. BGP automatically exchanges routing and reachability information among autonomous systems on the internet. Your device is BGP-capable if it can perform BGP routing. This means that you can enable the BGP protocol on it and assign it a BGP IP address and an autonomous system number. To determine if your device supports BGP, see the vendor information for your device or contact your device's vendor.
autonomous system (AS)
A collection of connected IP routing prefixes under the control of a single administrative entity or domain that presents a common routing policy to the internet (such as an internet service provider (ISP), a large company, or a university).
autonomous system number (ASN)
A unique identifier allocated to each autonomous system that uses BGP routing. For more information, see RFC 1930.

Google Cloud terms

The following terminology applies to Google Cloud and its features.

Google Cloud
Google Cloud is a suite of public cloud computing services offered by Google. For more information, see Google Cloud products.
project ID
The ID of your Google Cloud project. A project contains networking resources such as networks, subnets, and Cloud VPN gateways as described in the VPC network overview. For a description of the difference between project name, project ID, and project number, see Identifying projects. You can view the project ID in the Google Cloud Console.