Configure your Google Cloud resources

To configure the Google Cloud resources needed for Cross-Cloud Interconnect, complete the following tasks:

  • Create two VLAN attachments, one for each of your Cross-Cloud Interconnect connections.
  • Configure Border Gateway Protocol (BGP) sessions, one for each VLAN attachment.

Before you begin

This section lists required permissions, resources, and setup steps.

Required roles

Before proceeding, you need the required permissions. Ask your administrator to make sure that you have the Compute Network Admin (roles/compute.networkAdmin) IAM role on the project. For more information about granting roles, see Manage access.

Required resources

Make sure that you have the following resources.

VPC network

If you don't already have a Virtual Private Cloud (VPC) network, create one. For more information, see Create and manage VPC networks.

Cloud Router

To configure Cross-Cloud Interconnect, you need a Cloud Router. If you're working in the Google Cloud console, you can create your Cloud Router at the same time that you create your VLAN attachments.

If you want to create a Cloud Router in advance, see Create a Cloud Router to connect a VPC network to a peer network. Give the Cloud Router an ASN of 16550 or any private ASN.

Place the Cloud Router in a region that's supported for your Google Cloud location.

Project selection

If you're using the Google Cloud CLI, set your project ID by using the gcloud config set command.

gcloud config set project PROJECT_ID

The gcloud CLI instructions on this page assume that you have set your project ID.

Check port status in Google Cloud

Before proceeding, verify that each of your Cross-Cloud Interconnect ports is receiving a signal from AWS.

Console

  1. In the Google Cloud console, go to the Cloud Interconnect Physical connections tab.
  2. Go to Physical connections

  3. Click the name of your Cross-Cloud Interconnect connection.
  4. On the Interconnect details page, make sure that the Status is Active.

    If Google Cloud displays a page titled Cross-Cloud Interconnect order confirmation, then your connection is not ready for configuration.

Create VLAN attachments

A VLAN attachment is a logical connection between a single region in your VPC network and a peer network (in this case, your AWS network).

To qualify for the service level agreement (SLA), create at least one VLAN attachment for each Cross-Cloud Interconnect connection. You can also create more attachments for each connection; however, certain quotas and limits apply.

Console

  1. In the Google Cloud console, go to the Cloud Interconnect Physical connections tab.
  2. Go to Physical connections

  3. Click the name of your primary Cross-Cloud Interconnect connection.
  4. On the Interconnect details page, click Add VLAN attachment.
  5. Fill out the Select interconnects & redundancy form:
    • In the Redundancy section, select Create a redundant pair of VLAN attachments (recommended).
    • In the Interconnects section, do the following:
      • Make sure that the Interconnect A field displays the name of your primary Cross-Cloud Interconnect port.
      • Set the Interconnect B field to the name of your redundant Cross-Cloud Interconnect port.
  6. Click Continue.
  7. Fill out the Create VLAN attachment for Interconnect A form:
    • Enter a Name.
    • Optional: Enter a Description.
    • Select a Cloud Router from the list. If no routers are listed, click Create new router and follow the prompts to add a new one. The Cloud Router must be located in a region that's supported for your Google Cloud location. Give the Cloud Router an ASN of 16550 or any private ASN.
    • Enter a VLAN ID that's between 2 and 4094 and unique among the VLAN attachments associated with this connection.
  8. Expand the Advanced options section of the form and make any needed changes:
    • If you want to specify an IP address range for the attachment, set Allocate BGP IP address to manually and enter a range. Otherwise, leave this field set to automatically.
    • Choose a Capacity for the attachment.
    • Optional: If appropriate, change the MTU value from its default of 1440. For help with this field, see Cloud Interconnect MTU.

    We recommend leaving the IPv4 subnet mask set to /29.

  9. Click Next.

    The page updates to show a form for the second attachment.

  10. Enter details about the redundant attachment:
    • Enter a Name.
    • Optional: Enter a Description.
    • Select a Cloud Router that's in the same region as the router that you used for the first attachment. You can use the same Cloud Router.
    • Enter a VLAN ID for the redundant attachment. We recommend using the same value that you used for the first attachment.
    • If you want to manually select a range for the IP address, expand the Advanced options form. Set Allocate BGP IP address to manually and enter a range.
  11. Click Next, and continue to the next section, Create BGP sessions.

gcloud

Use the gcloud compute interconnects attachments dedicated create command.

We recommend not setting a value for --subnet-length and accepting the default value of 29.

Complete the following steps:

  1. Create the primary attachment:

    gcloud compute interconnects attachments dedicated create VLAN_ATTACHMENT_NAME \
        --interconnect CONNECTION \
        --router ROUTER \
        --region REGION \
        --bandwidth BANDWIDTH \
        --vlan ID \
        --mtu MTU

    Replace the following:

    • VLAN_ATTACHMENT_NAME: the name for this VLAN attachment
    • CONNECTION: the name of your primary Cross-Cloud Interconnect connection
    • ROUTER: the Cloud Router that you want to use for the attachment; unless you are using global dynamic routing mode, the router must be located in a supported Google Cloud location
    • REGION: the region where the Cloud Router is located
    • BANDWIDTH: the bandwidth for this VLAN attachment in Mbps or Gbps—for example, for 50 Mbps, enter 50m, or for 10 Gbps, enter 10g
    • ID: a number between 2 and 4094 that's unique among the VLAN attachments associated with this connection
    • MTU: the MTU to use

      If you don't set a value, the default of 1440 is used. For help with setting this field, see Cloud Interconnect MTU.

  2. Create the redundant attachment:

    gcloud compute interconnects attachments dedicated create VLAN_ATTACHMENT_NAME_2 \
        --interconnect CONNECTION_2 \
        --router ROUTER_2 \
        --region REGION\  
        --bandwidth BANDWIDTH \
        --vlan ID \
        --mtu MTU

    Replace the following:

    • VLAN_ATTACHMENT_NAME_2: the name that you want to give to this VLAN attachment
    • CONNECTION_2: the name of your redundant Cross-Cloud Interconnect connection
    • ROUTER_2: the Cloud Router that you want to use for the redundant attachment

      It must be located in the same region as the Cloud Router that you used for the primary attachment. You can also use the same Cloud Router that you used for the primary attachment.

    • REGION: the region where the Cloud Router is located

    The following fields use the same values as the primary attachment:

    • BANDWIDTH
    • ID
    • MTU

Configure BGP sessions

Cross-Cloud Interconnect uses BGP to exchange routes between your VPC network and your AWS network. To that end, configure a BGP session for each of your VLAN attachments. The sessions are not active until you configure your AWS resources, but you can configure the Google Cloud side of the sessions now.

Console

  1. Configure the first session.
    1. Do one of the following:
      • If the Configure Cloud Routers form is displayed, locate the name of your primary VLAN attachment and click Configure.
      • If the form isn't open, go to the Cloud Interconnect VLAN attachments tab. Click the name of the attachment. In the Connection area of the form, click Configure BGP session.
    2. Fill out the Create BGP session form:
      • Enter a Name for the session.
      • In the Peer ASN field, enter a value to represent the AWS side of the peering. Use a value in one of the following ranges: 64512-65534 or 4,200,000,000-4,294,967,294. The default AWS ASN is 64512.
      • Optional: Enter a value for Advertised route priority. For information about this field, see Advertised prefixes and priorities.
      • Set MD5 Authentication to Enabled, and enter your secret MD5 authentication key. Later, when you configure peering in AWS, you must use the same key on the AWS side of peering. For more information about MD5 authentication, see Use MD5 authentication.
      • Click Save and continue.
  2. Configure the second session.
    1. Do one of the following:
      • If you are in the Configure Cloud Routers form, locate the name of your redundant VLAN attachment and click Configure.
      • If the form isn't open, go to the Cloud Interconnect VLAN attachments tab. Click the name of the redundant attachment, and then click Configure.
    2. In the Create BGP session form, enter the following values:
      • Enter a Name for the session.
      • Enter the same Peer ASN that you used for the BGP session on the primary attachment.
      • Optional: Enter a value for Advertised route priority. For information about this field, see Advertised prefixes and priorities.
      • Set MD5 Authentication to Enabled, and enter your secret MD5 authentication key. Later, when you configure peering in AWS, you must use the same key on the AWS side of peering.
      • Click Save and continue.
  3. Click Save configuration.
  4. Click Finish setup.

gcloud

To create the required BGP sessions, you must create two interfaces on the Cloud Router used by your VLAN attachments. (Alternatively, if each of your attachments uses a different Cloud Router, configure an interface on each Cloud Router.) After you create your interfaces, create a peering session for each interface.

To complete this setup, you use the gcloud compute routers add-interface command and the gcloud compute routers add-bgp-peer command.

Complete the following steps:

  1. Create the primary interface:
    gcloud compute routers add-interface ROUTER_NAME \
        --interface-name=INTERFACE \
        --interconnect-attachment=ATTACHMENT \
        --region=REGION

    Replace the following:

    • ROUTER_NAME: the name of the Cloud Router used by your primary VLAN attachment
    • INTERFACE: the name of the new interface
    • ATTACHMENT: the name of your primary VLAN attachment
    • REGION: the region where the Cloud Router is located
  2. Create the redundant interface:
    gcloud compute routers add-interface ROUTER_NAME_2 \
        --interface-name=INTERFACE_2 \
        --interconnect-attachment=ATTACHMENT_2 \
        --region=REGION

    Replace the following:

    • ROUTER_NAME_2: the name of the Cloud Router used by your redundant VLAN attachment
    • INTERFACE_2: the name of the redundant interface
    • ATTACHMENT_2: the name of your redundant VLAN attachment
    • REGION: the region where the Cloud Router is located
  3. Create a BGP session for the primary VLAN attachment:
    gcloud compute routers add-bgp-peer ROUTER_NAME \
        --interface=INTERFACE \
        --peer-asn=AWS_SIDE_ASN \
        --peer-name=PEER_NAME \
        --region=REGION \
        --md5-authentication-key=YOUR_KEY

    Replace the following:

    • ROUTER_NAME: the name of the Cloud Router used by your primary VLAN attachment
    • INTERFACE: the name of the primary interface
    • AWS_SIDE_ASN: Use a value in one of the following ranges: 64512-65534 or 4,200,000,000-4,294,967,294; the default AWS ASN is 64512
    • PEER_NAME the name of the peer
    • REGION: the region where the Cloud Router is located
    • YOUR_KEY: The secret key to use for MD5 authentication; later, when you configure peering in AWS, you must use the same key.
  4. Create a BGP session for the redundant VLAN attachment:
    gcloud compute routers add-bgp-peer ROUTER_NAME_2 \
        --interface=INTERFACE_2 \
        --peer-asn=AWS_SIDE_ASN \
        --peer-name=PEER_NAME_2 \
        --region=REGION \
        --md5-authentication-key=YOUR_KEY_2

    Replace the following:

    • ROUTER_NAME_2: the name of the Cloud Router used by your primary VLAN attachment
    • INTERFACE_2: the name of the primary interface
    • AWS_SIDE_ASN: Use a value in one of the following ranges: 64512-65534 or 4,200,000,000-4,294,967,294; the default AWS ASN is 64512
    • PEER_NAME_2:the name of the peer
    • REGION: the region where the Cloud Router is located
    • YOUR_KEY_2: The secret key to use for MD5 authentication; later, when you configure peering in AWS, you must use the same key.

Get details about your VLAN attachments

After you create your VLAN attachments, retrieve the details that you need to configure your AWS resources.

Console

  1. In the Google Cloud console, go to the Cloud Interconnect VLAN attachments tab.
  2. Go to VLAN attachments

  3. Click the name of your primary VLAN attachment.
  4. Make a note of the Cloud Router BGP IP and BGP Peer IP values. You need these values when you configure your Direct Connect resources.
  5. Repeat the preceding steps for your redundant attachment.

gcloud

Use the gcloud compute interconnects attachments describe command. Run the following command twice—once for each attachment:

gcloud compute interconnects attachments describe NAME --region REGION
     

Replace the following:

  • NAME: the name of the VLAN attachment
  • REGION: the region where the VLAN attachment is located

The command returns output that includes cloudRouterIpAddress and customerRouterIpAddress. Make a note of these values. You need them when you configure your AWS resources.