Configure on-premises routers

This document describes how to configure on-premises routers for Dedicated Interconnect. If you are creating a Partner Interconnect connection, see Configuring on-premises routers for Partner Interconnect.

After you create a VLAN attachment, you need to configure your on-premises router to establish a Border Gateway Protocol (BGP) session with your Cloud Router. To configure your on-premises router, use the VLAN ID, interface addresses, and peering addresses provided by the VLAN attachment.

If you create a dual-stack VLAN attachment, you can configure an IPv4 BGP session, an IPv6 BGP session, or both. If you configure both an IPv4 BGP session and an IPv6 BGP session, the BGP sessions run in parallel over the same VLAN attachment. For more information about parallel BGP sessions, see Establish BGP sessions in the Cloud Router documentation.

IPv6 BGP session support is in Preview.

You can also optionally configure your BGP sessions to use MD5 authentication. If you added MD5 authentication to the BGP session on Cloud Router, you must use the same authentication key when you configure BGP on your on-premises router.

For definitions of terms used on this page, see Cloud Interconnect key terms.

To help you solve common issues that you might encounter when using Dedicated Interconnect, see Troubleshooting.

Use sample topologies

This document provides the following sample topologies and configurations that you can use as a guide when configuring your on-premises router:

  • Layer 3 only topology (recommended): A Dedicated Interconnect connection or connections terminating on an on-premises router. The router performs BGP peering with Cloud Router.
  • Layer2/Layer3 topology: A Dedicated Interconnect connection or connections terminating on an on-premises switch connected to an on-premises router. The router performs BGP peering with Cloud Router.

For values for third-party platforms that you might use for your on-premises router, see vendor-specific notes. For definite values, see your on-premises router documentation.

The sample topologies in this document use the following Google Cloud resources:

  • The project Sample Interconnect Project
  • The network my-network
  • The region us-east1

There are two Dedicated Interconnect connections, my-interconnect1 and my-interconnect2. These connections are already provisioned and have a status of ready to use.

Layer 3 only topology

In this topology, the Dedicated Interconnect connections terminate on an on-premises router, which performs BGP peering with Cloud Router.

The following diagrams show both the physical and logical Layer 3 only topology.

Sample physical, Layer 3 only topology (click to enlarge).
Sample physical, on-premises Layer 3 only topology (click to enlarge)



Sample logical, Layer 3 only topology (click to enlarge).
Sample logical, on-premises Layer 3 only topology (click to enlarge)

Layer 2/Layer 3 topology

In this topology, the Dedicated Interconnect connections terminate on an on-premises switch, which then connects to an on-premises router. The router performs BGP peering with Cloud Router.

The following diagrams show the physical and logical Layer 2/Layer 3 topology.

Sample physical Layer 2/Layer 3 topology (click to enlarge).
Sample physical Layer 2/Layer 3 topology (click to enlarge)



Sample logical Layer 2/Layer 3 topology (click to enlarge).
Sample logical Layer 2/Layer 3 topology (click to enlarge)

Configure on-premises devices for testing

The following section describes how to configure on-premises devices for testing your Dedicated Interconnect. For a Layer 2/Layer 3 configuration, this example describes configuring the test interface on one or more Google Cloud-facing switches, but not on the routers.

Before Google starts testing your new Dedicated Interconnect connection, configure your interfaces without VLAN tagging, which is sometimes referred to as access mode.

Sample configuration for testing

The following example shows how to configure a Juniper router before testing, showing the required parameters to configure for port channel ae0. This configuration uses the following settings:

  • A BGP IPv4 address of 169.254.0.2 configured on port channel ae0.
  • LACP configured on port channel ae0.
  • VLAN tagging not configured on port channel ae0. You must configure your interfaces without VLAN tagging (access mode).
  • A 1460-byte maximum transmission unit (MTU). However, you can use a 1500- or 8896-byte MTU if you adjust the router interface configuration accordingly, and if the MTU of the attachment and the MTU of the connected VPC network are also set to 1500 or 8896 bytes.

    set interfaces xe-0/0/0 description "my-interconnect2"
    set interfaces xe-0/0/0 gigether-options 802.3ad ae0
    set interfaces ae0 description "my-interconnect2"
    set interfaces ae0 aggregated-ether-options lacp active
    set interfaces ae0 aggregated-ether-options minimum-links 1
    set interfaces ae0 unit 0 family inet mtu 1460
    set interfaces ae0 unit 0 family inet address 169.254.0.2
    

After your Dedicated Interconnect connection is working, continue to the next section to see a sample production configuration for each topology.

Configure on-premises routers for production

This section describes how to configure the Layer 3 only topology and the Layer 2/Layer 3 topology for production use. Each sample configuration describes all device settings.

For information about how to configure on-premises devices for testing your Dedicated Interconnect connection, see Configure on-premises routers for testing.

Production on-premises router settings for both topologies

Based on the configuration in the sample Google Cloud project, the following table summarizes the on-premises router settings to use for the example topologies.

For the sample project name, VPC network, and region used on the Google Cloud side, see the topology reference.

The hold timer and keepalive timer values allow Google to quickly transfer traffic to redundant connections in the event of an issue. Set their values as shown in the table.

Graceful restart prevents BGP sessions from packet drops and route withdrawal during Cloud Router maintenance. If your on-premises device supports BGP graceful restart, enable it and set the graceful restart and stalepath timers as shown in the table.

For more information about BGP timer settings, see the recommended values for BGP timers in the Cloud Router documentation.

Settings my-interconnect1 my-interconnect2
VLAN number 1010 1020
VLAN interface IPv4 address 169.254.10.2/29 169.254.20.2/29
On-premises ASN 64500 64500
Cloud Router ASN 65200 65200
Cloud Router BGP IPv4 address For cr-us-east1 interface 0:
169.254.10.1
For cr-us-east1 interface 1:
169.254.20.1
BGP timers Keepalive: 20 sec Keepalive: 20 sec
Hold timer: 60 sec Hold timer: 60 sec
Graceful restart: Set the graceful restart timer to a value that is appropriate for your needs. For more information, see BGP timer settings. Graceful restart: Set the graceful restart timer to a value that is appropriate for your needs.
Stalepath timer: 300 sec Stalepath timer: 300 sec
On-premises LAN subnet range 192.168.12.0/24 192.168.12.0/24

Configure Layer 3 only topology for production

Use the following guidelines when configuring the Layer 3 only topology:

  • The on-premises router port (0/0 in the diagram) or ports facing Cloud Router must be part of a port channel, even if there is only one port.
  • The port channel must have LACP enabled in either active or passive mode. LACP is required because it allows you to adjust the capacity of a Dedicated Interconnect connection without disrupting traffic.
  • The maximum transmission unit of the router interface (0/0 in the diagram) should be one of 1440, 1460, 1500, or 8896 bytes, depending on the MTU of the attachment and the MTU of the connected VPC network.
  • For EBGP multi-hop configuration, check the Dataplane version of your VLAN attachment by using the gcloud compute interconnects attachments describe command. The command returns a dataplaneVersion field if the Dataplane version is 2 or higher. If the command output does not contain a dataplaneVersion field, the Dataplane version is 1.
    • If your VLAN attachment uses Dataplane version 1, you must configure multi-hop for the EBGP neighbor. The recommended value for this setting is 4.
    • If your VLAN attachment uses Dataplane version 2 or higher, you are not required to configure multi-hop for the EBGP neighbor. Do not configure EBGP multi-hop if you plan to use Bidirectional Forwarding Detection (BFD) in the BGP sessions of your VLAN attachment, and if BFD multi-hop is inherited from your BGP multi-hop configuration. Google Cloud supports only BFD single-hop mode. See Configuring BFD.

Device configuration

VLAN 1010 Router (Cisco)

The following listing shows a Layer 3 only sample configuration for on-premises Router1 (Cisco) on VLAN 1010:

        interface E0/0
          description connected_to_google_edge_device
          channel-group 2 mode active
          no shut

        interface Po2
          description my-interconnect1
          no shut

        interface Po2.1010
          description attachment_vlan1010
          encapsulation dot1Q 1010
          ip address 169.254.10.2 255.255.255.248
          ip mtu 1460

        ip prefix-list TO_GCP seq 5 permit 192.168.12.0/24

        route-map TO_GCP_OUTBOUND permit 10
          match ip address prefix-list TO_GCP

        router bgp 64500
          bgp graceful-restart
          bgp graceful-restart restart-time 60
           neighbor 169.254.10.1 description peering_to_cloud_router
           neighbor 169.254.10.1 remote-as 65200
           neighbor 169.254.10.1 ebgp-multihop 4
           neighbor 169.254.10.1 timers 20 60
           neighbor 169.254.10.1 update-source Po2.1010
           neighbor 169.254.10.1 route-map TO_GCP_OUTBOUND out
      

VLAN 1020 Router (Juniper)

The following listing shows a Layer 3 only sample configuration for on-premises Router2 (Juniper) on VLAN 1020:

        set interfaces xe-0/0/0 ether-options 802.3ad ae1
        set interfaces xe-0/0/0 description "connected_to_google_edge_device"

        set interfaces ae1 description my-interconnect2
        set interfaces ae1 flexible-vlan-tagging
        set interfaces ae1 aggregated-ether-options minimum-links 1
        set interfaces ae1 aggregated-ether-options lacp active
        set interfaces ae1 unit 1020 family inet mtu 1460
        set interfaces ae1 unit 1020 vlan-id 1020
        set interfaces ae1 unit 1020 family inet address 169.254.20.2/29

        set routing-options autonomous-system 64500

        set policy-options prefix-list TO_GCP 192.168.12.0/24

        set policy-options policy-statement TO_GCP_OUTBOUND term 1 from protocol direct
        set policy-options policy-statement TO_GCP_OUTBOUND term 1 from prefix-list TO_GCP
        set policy-options policy-statement TO_GCP_OUTBOUND term 1 then accept
        set policy-options policy-statement TO_GCP_OUTBOUND term 2 then reject

        set protocols bgp group config_vlan_1020 type external
        set protocols bgp group config_vlan_1020 multihop ttl 4
        set protocols bgp group config_vlan_1020 local-address 169.254.20.2
        set protocols bgp group config_vlan_1020 peer-as 65200
        set protocols bgp group config_vlan_1020 neighbor 169.254.20.1 export TO_GCP_OUTBOUND
        set protocols bgp group config_vlan_1020 neighbor 169.254.20.1 graceful-restart restart-time 60
      

Configure Layer 2/Layer 3 topology for production

Use the following guidelines for your on-premises switch and routers when configuring the Layer 2/Layer 3 topology:

  • VLANs must be configured on the switch.
  • The switch port (1/1 as shown in the diagram) or ports facing toward Cloud Router must be part of a port channel.
    • The port channel must have LACP enabled, in either active or passive mode. LACP is required because it allows you to adjust the capacity of a Dedicated Interconnect connection without disrupting traffic.
    • The port channel must be configured in 802.1Q trunk mode, and all VLAN IDs used by the Dedicated Interconnect connection must be allowed.
    • The port channel must have 802.1Q VLAN tagging enabled.
  • The switch port (1/2 as shown in the diagram) facing toward the on-premises router can be a trunk port or an access port. This covers the case where a router port is dedicated to a single VLAN.
  • When enabling trunk mode on the switch side, the on-premises router must support subinterfaces with necessary encapsulation (dot1q tags).
  • This configuration uses a 1460-byte MTU. However, you can use a 1500- or 8896-byte MTU if you adjust the router interface configuration accordingly, and if the MTU of the attachment and the MTU of the connected VPC network are also 1500 or 8896 bytes.
  • For EBGP multi-hop configuration, check the Dataplane version of your VLAN attachment by using the gcloud compute interconnects attachments describe command. The command returns a dataplaneVersion field if the Dataplane version is 2 or higher. If the command output does not contain a dataplaneVersion field, the Dataplane version is 1.
    • If your VLAN attachment uses Dataplane version 1, you must configure multi-hop for the EBGP neighbor. The recommended value for this setting is 4.
    • If your VLAN attachment uses Dataplane version 2 or higher, you are not required to configure multi-hop for the EBGP neighbor. Do not configure EBGP multi-hop if you plan to use Bidirectional Forwarding Detection (BFD) in the BGP sessions of your VLAN attachment, and if BFD multi-hop is inherited from your BGP multi-hop configuration. Google Cloud supports only BFD single-hop mode. See Configuring BFD.

Device configuration

VLAN 1010 (Cisco) switch

The following listing shows a Layer 2/Layer 3 sample configuration for on-premises Switch1 (Cisco) on VLAN 1010:

          vlan 1010
          name cloud_vlan1010

          interface E1/1
            description connected_to_google_edge_device
            Channel-group 1 mode active

          interface port-channel1
            description connected_to_google_edge_device
            Switchport trunk encapsulation dot1q
            Switchport mode trunk
            Switchport trunk allowed vlan 1,1010

          interface E1/2
            description connected_to_onprem_router
            channel-group 2 mode active

          interface port-channel2
            description connected_to_onprem_router
            Switchport trunk encapsulation dot1q
            Switchport mode trunk
            Switchport trunk allowed vlan 1,1010
        

VLAN 1010 (Cisco) router

The following listing shows a Layer 2/Layer 3 sample configuration for on-premises Router1 (Cisco) on VLAN 1010:

        interface E0/0
          description connected_to_onprem_switch
          channel-group 2 mode active
          no shut

        interface Po2
          description my-interconnect1
          no shut

        interface Po2.1010
          description attachment_vlan1010
          encapsulation dot1Q 1010
          ip address 169.254.10.2 255.255.255.248
          ip mtu 1460

        ip prefix-list TO_GCP seq 5 permit 192.168.12.0/24

        route-map TO_GCP_OUTBOUND permit 10
          match ip address prefix-list TO_GCP

        router bgp 64500
          bgp graceful-restart restart-time 1
          neighbor 169.254.10.1 description peering_to_cloud_router
          neighbor 169.254.10.1 remote-as 65200
          neighbor 169.254.10.1 ebgp-multihop 4
          neighbor 169.254.10.1 timers 20 60
          neighbor 169.254.10.1 update-source Po2.1010
          neighbor 169.254.10.1 route-map TO_GCP_OUTBOUND out
      

VLAN 1020 (Juniper) switch

The following listing shows a Layer 2/Layer 3 sample configuration for on-premises Switch2 (Juniper) on VLAN 1020:

        set vlans cloud_vlan1020 vlan-id 1020

        set interfaces xe-0/1/1 description "connected_to_google_edge_device"
        set interfaces xe-0/1/1 ether-options 802.3ad ae1

        set interfaces ae1 aggregated-ether-options lacp active
        set interfaces ae1 unit 0 description "connected_to_google_edge_device"
        set interfaces ae1 unit 0 family ethernet-switching port-mode trunk
        set interfaces ae1 unit 0 family ethernet-switching vlan member cloud_vlan1020

        set interfaces xe-0/1/2 description "connected_to_onprem_router"
        set interfaces xe-0/1/2 ether-options 802.3ad ae2

        set interfaces ae2 unit 0 description "connected_to_onprem_router"
        set interfaces ae2 unit 0 family ethernet-switching port-mode trunk
        set interfaces ae2 unit 0 family ethernet-switching vlan member cloud_vlan1020
      

VLAN 1020 (Juniper) router

The following listing shows a Layer 2/Layer 3 sample configuration for on-premises Router2 (Juniper) on VLAN 1020:


      set interfaces xe-0/0/0 ether-options 802.3ad ae1
      set interfaces xe-0/0/0 description connected_to_onprem_switch

      set interfaces ae1 description my-interconnect2
      set interfaces ae1 flexible-vlan-tagging
      set interfaces ae1 aggregated-ether-options minimum-links 1
      set interfaces ae1 aggregated-ether-options lacp active
      set interfaces ae1 unit 1020 family inet mtu 1460
      set interfaces ae1 unit 1020 vlan-id 1020
      set interfaces ae1 unit 1020 family inet address 169.254.20.2/29

      set routing-options autonomous-system 64500

      set policy-options prefix-list TO_GCP 192.168.12.0/24

      set policy-options policy-statement TO_GCP_OUTBOUND term 1 from protocol direct
      set policy-options policy-statement TO_GCP_OUTBOUND term 1 from prefix-list TO_GCP
      set policy-options policy-statement TO_GCP_OUTBOUND term 1 then accept
      set policy-options policy-statement TO_GCP_OUTBOUND term 2 then reject

      set protocols bgp group config_vlan_1020 type external
      set protocols bgp group config_vlan_1020 multihop ttl 4
      set protocols bgp group config_vlan_1020 local-address 169.254.20.2
      set protocols bgp group config_vlan_1020 peer-as 65200
      set protocols bgp group config_vlan_1020 neighbor 169.254.20.1 export TO_GCP_OUTBOUND
      set protocols bgp group config_vlan_1020 neighbor 169.254.20.1 graceful-restart restart-time 1
      

Set up on-premises routers for IPv4 and IPv6 traffic

This section provides vendor-specific configuration examples that you can use to set up your on-premises routers to exchange IPv4 and IPv6 traffic with Cloud Interconnect and Cloud Router.

You can exchange IPv4 and IPv6 traffic in Dedicated Interconnect by using multiprotocol BGP (MP-BGP) in the BGP sessions of your dual-stack (IPv4 and IPv6) VLAN attachment in Dedicated Interconnect. Dual-stack VLAN attachments are not supported for Partner Interconnect or for HA VPN over Cloud Interconnect deployments.

Cloud Router allows you to use MP-BGP in IPv4 or IPv6 BGP sessions. However, the following instructions provide configuration examples only for IPv4 BGP sessions. These instructions do not provide IPv6 BGP configuration examples. IPv6 BGP session support is in Preview.

To exchange IPv6 routes between your dual-stack Virtual Private Cloud (VPC) network and the IPv6-addressed hosts in your on-premises network, you can enable IPv6 route exchange in your IPv4 BGP sessions. If you do, the IPv6 route exchange occurs over IPv4-based BGP sessions. This setup also requires that you configure IPv6 next hop addresses on your on-premises router.

Before you begin

Before you configure your on-premises router for IPv4 and IPv6 traffic, you need several pieces of information from Cloud Router.

To obtain BGP session details from Cloud Router, run the gcloud compute routers describe command and specify the name of the Cloud Router used by your VLAN attachments.

gcloud compute routers describe ROUTER_NAME /
   --project PROJECT_ID /
   --region REGION
Example output:
 bgp:
    advertiseMode: DEFAULT
    asn: 65200
    keepaliveInterval: 20
  bgpPeers:
  - advertiseMode: DEFAULT
    bfd:
      minReceiveInterval: 1000
      minTransmitInterval: 1000
      multiplier: 5
      sessionInitializationMode: DISABLED
    enable: 'TRUE'
    enableIpv6: true
    interfaceName: if-bgp-1
    ipAddress: 169.254.10.1
    ipv6NexthopAddress: 2600:2d00:0:1:8000:12:0:2d0
    name: bgp-1
    peerAsn: 64500
    peerIpAddress: 169.254.10.2
    peerIpv6NexthopAddress: 2600:2d00:0:1:8000:12:0:2da
  - advertiseMode: DEFAULT
    bfd:
      minReceiveInterval: 1000
      minTransmitInterval: 1000
      multiplier: 5
      sessionInitializationMode: DISABLED
    enable: 'TRUE'
    enableIpv6: true
    interfaceName: if-bgp-2
    ipAddress: 169.254.20.1
    ipv6NexthopAddress: 2600:2d00:0:1:8000:12:0:2d1
    name: bgp-2
    peerAsn: 64500
    peerIpAddress: 169.254.20.2
    peerIpv6NexthopAddress: 2600:2d00:0:1:8000:12:0:2d2
  creationTimestamp: '2022-08-26T08:07:41.827-07:00'

In the output, locate the following fields in the bgpPeers section for the BGP sessions that you want to configure for IPv4 and IPv6 traffic and record their values.

  • peerIpv6NexthopAddress: the IPv6 next hop addresses that is allocated to the BGP peer. Google Cloud automatically allocates these addresses when you enable IPv6 prefix exchange on your BGP session.
  • peerIpAddress: the BGP IPv4 link-local address assigned to your third party router interface.
  • ipAddress: the BGP IPv4 link-local address assigned to the Cloud Router. interface

Device configuration

Use the following procedures to configure your on-premises routers for IPv4 and IPv6 dual-stack traffic with Dedicated Interconnect.

VLAN 1010 / VLAN 1020 router (Arista EOS)

The following procedure describes how to set up your Arista EOS router to support IPv4 and IPv6 traffic on your VLAN attachments.

Configure Arista EOS interfaces

Enable and configure the IPv6 addresses on each BGP peer interface that is also configured with link-local addresses for IPv4 BGP peering. To configure two interfaces, you run the following configuration commands:

interface Ethernet1.1010
encapsulation dot1q vlan 1010
ip address BGP_PEER_IPV4_ADDRESS_1/29
ipv6 enable
ipv6 address BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1/125
!
!
interface Ethernet2.1020
encapsulation dot1q vlan 1020
ip address BGP_PEER_IPV4_ADDRESS_2/29
ipv6 enable
ipv6 address BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2/125

Replace the following:

  • BGP_PEER_IPV4_ADDRESS_1: the link-local IPv4 address of the first BGP peer, which is configured as the first interface on your Arista EOS device
  • BGP_PEER_IPV4_ADDRESS_2: the link-local IPv4 address of the second BGP peer, which is configured as the second interface on your Arista EOS device
  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the first BGP peer in Cloud Router
  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the second BGP peer in Cloud Router

For example, your configuration might look like the following:

interface Ethernet1.1010
encapsulation dot1q vlan 1010
ip address 169.254.10.2/29
ipv6 enable
ipv6 address 2600:2d00:0:1:8000:12:0:2d2/125
!
!
interface Ethernet2.1020
encapsulation dot1q vlan 1020
ip address 169.254.20.2/29
ipv6 enable
ipv6 address 2600:2d00:0:1:8000:12:0:2da/125

Create route-maps

Next, create route-maps that change the next-hop for the IPv6 peer to the addresses created in the previous step.

route-map IPv6-NextHop-1 permit 10
set ipv6 next-hop BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1
!
route-map IPv6-NextHop-2 permit 10
set ipv6 next-hop BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2

Replace the following:

  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the first BGP peer in Cloud Router
  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the second BGP peer in Cloud Router

For example, your configuration might look like the following:

route-map IPv6-NextHop-1 permit 10
set ipv6 next-hop 2600:2d00:0:1:8000:12:0:2d2
!
route-map IPv6-NextHop-2 permit 10
set ipv6 next-hop 2600:2d00:0:1:8000:12:0:2da

Create BGP for the IPv6 address family

Next, configure BGP for IPv6 address family, and specify the IPv6 networks that you want to advertise.

When you configure the neighbors for the IPv4 peers, you configure the route-map to change the next-hop to the interfaces specified in the previous step.

router bgp ASN
maximum-paths 8
neighbor BGP_IPV4_ADDRESS_1 remote-as ROUTER_ASN
neighbor BGP_IPV4_ADDRESS_2 remote-as ROUTER_ASN
!
address-family ipv4
neighbor BGP_IPV4_ADDRESS_1 activate
neighbor BGP_IPV4_ADDRESS_2 activate
!
address-family ipv6
neighbor BGP_IPV4_ADDRESS_1 activate
neighbor BGP_IPV4_ADDRESS_1 route-map IPv6-NextHop-1 out
neighbor BGP_IPV4_ADDRESS_2 activate
neighbor BGP_IPV4_ADDRESS_2 route-map IPv6-NextHop-2 out
network YOUR_IPV6_NETWORK

Replace the following:

  • ASN: the ASN for the Arista side of the BGP session
  • CLOUD_ROUTER_ASN the ASN for the Cloud Router side of the BGP session
  • BGP_IPV4_ADDRESS_1: the IPv4 link local address, or ipAddress, of the Cloud Router interface of the first BGP peer
  • BGP_IPV4_ADDRESS_2: the IPv4 link local address, or ipAddress, of the Cloud Router interface of the second BGP peer
  • YOUR_IPV6_NETWORK: The on-premises IPv6 network that you want to advertise

For example, your configuration might look like the following:

router bgp 65201
maximum-paths 8
neighbor 169.254.10.1 remote-as 65200
neighbor 169.254.20.1 remote-as 65200
!
address-family ipv4
neighbor 169.254.10.1 activate
neighbor 169.254.20.1 activate
!
address-family ipv6
neighbor 169.254.10.1 activate
neighbor 169.254.10.1 route-map IPv6-NextHop-1 out
neighbor 169.254.20.1 activate
neighbor 169.254.20.1 route-map IPv6-NextHop-2 out
network 2001:db8::/32

Enable IP routing and IPv6 routing

Make sure that IP routing and IPv6 routing is enabled:

ip routing
!
ipv6 unicast-routing

Verify status

After you have configured both IP and IPv6 routing, you can verify BGP status on your with Arista EOS device with the following command:

show ipv6 route

VLAN 1010 / VLAN 1020 router (Cisco)

The following procedure describes how to set up your Cisco IOS and IOS-XE routers to support IPv4 and IPv6 traffic on your VLAN attachments.

Configure Cisco interfaces

Configure the IPv6 addresses on each BGP peer interface that is also configured with link-local addresses for IPv4 BGP peering. Then enable IPv6.

To configure two interfaces, you supply the following configuration commands:

interface Po2.1010
no shutdown
encapsulation dot1Q 1010
ip address BGP_PEER_IPV4_ADDRESS_1 255.255.255.248
ipv6 address BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1/125
ipv6 enable
!
interface Po3.1020
no shutdown
encapsulation dot1Q 1020
ip address BGP_PEER_IPV4_ADDRESS_2 255.255.255.248
ipv6 address BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2/125
ipv6 enable

Replace the following:

  • BGP_PEER_IPV4_ADDRESS_1: the link-local IPv4 address of the first BGP peer, or peerIpAddress, which is configured as the first interface on your Cisco device
  • BGP_PEER_IPV4_ADDRESS_2: the link-local IPv4 address of the second BGP peer, or peerIpAddress, which is configured as the second interface on your Cisco device
  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the first BGP peer in Cloud Router
  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the second BGP peer in Cloud Router

For example, your configuration might look like the following:

interface Po2.1010
no shutdown
encapsulation dot1Q 1010
ip address 169.254.10.2 255.255.255.248
ipv6 address 2600:2d00:0:1:8000:12:0:2d2/125
ipv6 enable
!
interface Po3.1020
no shutdown
encapsulation dot1Q 1020
ip address 169.254.20.2 255.255.255.248
ipv6 address 2600:2d00:0:1:8000:12:0:2da/125
ipv6 enable

Create route-maps

Next, create route-maps that change the next-hop for the IPv6 peer to the addresses created in the previous step.

route-map IPv6-NextHop-1 permit 10
set ipv6 next-hop BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1
!
route-map IPv6-NextHop-2 permit 10
set ipv6 next-hop BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2

Replace the following:

  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the first BGP peer in Cloud Router
  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the second BGP peer in Cloud Router

For example, your configuration might look like the following:

route-map IPv6-NextHop-1 permit 10
set ipv6 next-hop 2600:2d00:0:1:8000:12:0:2d2
!
route-map IPv6-NextHop-2 permit 10
set ipv6 next-hop 2600:2d00:0:1:8000:12:0:2dA

Create BGP for the IPv6 address family

Next, configure BGP for IPv6 address family, and specify the networks you want to advertise.

The neighbor configuration for the IPv4 peers have the route-map configured to change the next-hop to the interfaces specified in the previous step.

router bgp ASN
bgp log-neighbor-changes
neighbor BGP_IPV4_ADDRESS_1 remote-as CLOUD_ROUTER_ASN
neighbor BGP_IPV4_ADDRESS_2 remote-as CLOUD_ROUTER_ASN
!
...
!
address-family ipv6
maximum-paths eibgp 8
network YOUR_IPV6_NETWORK
neighbor BGP_IPV4_ADDRESS_1 activate
neighbor BGP_IPV4_ADDRESS_1 route-map IPv6-NextHop-1 out
neighbor BGP_IPV4_ADDRESS_2 activate
neighbor BGP_IPV4_ADDRESS_2 route-map IPv6-NextHop-2 out
exit-address-family

Replace the following:

  • ASN: the ASN for the Cisco side of the BGP session
  • CLOUD_ROUTER_ASN the ASN for the Cloud Router side of the BGP session
  • retrieved from peerIpv6NexthopAddress for the first BGP peer
  • BGP_IPV4_ADDRESS_1: the IPv4 link local address, or ipAddress, of the Cloud Router interface of the first BGP peer
  • BGP_IPV4_ADDRESS_2: the IPv4 link local address, or ipAddress, of the Cloud Router interface of the second BGP peer
  • YOUR_IPV6_NETWORK: The on-premises IPv6 network that you want to advertise

For example, your configuration might look like the following:

router bgp 64500
bgp log-neighbor-changes
neighbor 169.254.10.1 remote-as 65200
neighbor 169.254.20.1 remote-as 65200
!
...
!
address-family ipv6
maximum-paths eibgp 8
network 2001:db8::/32
neighbor 169.254.10.1 activate
neighbor 169.254.10.1 route-map IPv6-NextHop-1 out
neighbor 169.254.20.1 activate
neighbor 169.254.20.1 route-map IPv6-NextHop-2 out
exit-address-family

Verify status

After you have completed the configuration, you can verify BGP status with the following commands:

show ipv6 route
show ip route

VLAN 1010 / VLAN 1020 router (Juniper)

The following sections describe how to configure IPv4 and IPv6 (dual-stack) traffic on your Juniper JunOS router for your Dedicated Interconnect connection.

Configure Juniper JunOS interfaces

Configure the IPv6 addresses on each BGP peer interface that is also configured with link-local addresses for IPv4 BGP peering.

set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 0 vlan-id 1010
set interfaces ge-0/0/0 unit 0 family inet address BGP_PEER_IPV4_ADDRESS_1/29
set interfaces ge-0/0/0 unit 0 family inet6 address BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1/125

set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 0 vlan-id 1020
set interfaces ge-0/0/1 unit 0 family inet address BGP_PEER_IPV4_ADDRESS_2/29
set interfaces ge-0/0/1 unit 0 family inet6 address BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2/125

Replace the following:

  • BGP_PEER_IPV4_ADDRESS_1: the link-local IPv4 address of the first BGP peer, or peerIpAddress, which is configured as the first interface on your Juniper device
  • BGP_PEER_IPV4_ADDRESS_2: the link-local IPv4 address of the second BGP peer, or peerIpAddress, which is configured as the second interface on your Cisco device
  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the first BGP peer in Cloud Router
  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the second BGP peer in Cloud Router

For example, your configuration might look like the following:

set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 0 vlan-id 1010
set interfaces ge-0/0/0 unit 0 family inet address 169.254.10.2/29
set interfaces ge-0/0/0 unit 0 family inet6 address 2600:2d00:0:1:8000:12:0:2d2/125

set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 0 vlan-id 1020
set interfaces ge-0/0/1 unit 0 family inet address 169.254.20.2/29
set interfaces ge-0/0/1 unit 0 family inet6 address 2600:2d00:0:1:8000:12:0:2da/125
Configuration block example:
interfaces {
    ge-0/0/0 {
            vlan-tagging;
            unit 0 {
                    vlan-id 1010;
                    family inet {
                                address 169.254.10.2/29;
                    }
                    family inet6 {
                                address 2600:2d00:0:1:8000:12:0:2d2/125;
                    }
            }
    }
    ge-0/0/1 {
            vlan-tagging;
            unit 0 {
                    vlan-id 1020;
                    family inet {
                                address 169.254.20.2/29;
                    }
                    family inet6 {
                                address 2600:2d00:0:1:8000:12:0:2da/125;
                    }
            }
    }
}

Create policy statements

Next, create policy statements that change the next-hop for the IPv6 peer to the addresses created above:

set policy-options policy-statement set-v6-next-hop-1 term 1 from family inet6
set policy-options policy-statement set-v6-next-hop-1 term 1 from prefix-list ipv6
set policy-options policy-statement set-v6-next-hop-1 term 1 then next-hop BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1
set policy-options policy-statement set-v6-next-hop-1 term 1 then accept
set policy-options policy-statement set-v6-next-hop-2 term 1 from family inet6
set policy-options policy-statement set-v6-next-hop-2 term 1 from prefix-list ipv6
set policy-options policy-statement set-v6-next-hop-2 term 1 then next-hop BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2
set policy-options policy-statement set-v6-next-hop-2 term 1 then accept

Replace the following:

  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_1: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the first BGP peer in Cloud Router
  • BGP_PEER_IPV6_NEXT_HOP_ADDRESS_2: the IPv6 next hop address, or peerIpv6NexthopAddress, assigned to the second BGP peer in Cloud Router

For example, your configuration might look like the following:

set policy-options policy-statement set-v6-next-hop-1 term 1 from family inet6
set policy-options policy-statement set-v6-next-hop-1 term 1 from prefix-list ipv6
set policy-options policy-statement set-v6-next-hop-1 term 1 then next-hop 2600:2d00:0:1:8000:12:0:2d2
set policy-options policy-statement set-v6-next-hop-1 term 1 then accept
set policy-options policy-statement set-v6-next-hop-2 term 1 from family inet6
set policy-options policy-statement set-v6-next-hop-2 term 1 from prefix-list ipv6
set policy-options policy-statement set-v6-next-hop-2 term 1 then next-hop 2600:2d00:0:1:8000:12:0:2da
set policy-options policy-statement set-v6-next-hop-2 term 1 then accept
Configuration block example:
 policy-statement set-v6-next-hop-1 {
        term 1 {
                from {
                        family inet6;
                     }
                then {
                        next-hop 2600:2d00:0:1:8000:12:0:2d2;
                        accept;
                     }
        }
}
policy-statement set-v6-next-hop-2 {
        term 1 {
                from {
                        family inet6;
                      }
                then {
                        next-hop 2600:2d00:0:1:8000:12:0:2da;
                        accept;
                     }
        }
}

Configure BGP for IPv6 route exchange

Next, configure BGP for IPv6 and set the "include-mp-next-hop" statement to send the next-hop attribute to the peer.

Configure the export statement to the policy statement created above to change the next-hop to the IPv6 address specified.

set protocols bgp group ebgp-peers type external
set protocols bgp group ebgp-peers family inet unicast
set protocols bgp group ebgp-peers family inet6 unicast

set protocols bgp group ebgp-peers neighbor BGP_IPV4_ADDRESS_1 export set-v6-next-hop-1
set protocols bgp group ebgp-peers neighbor BGP_IPV4_ADDRESS_1 peer-as CLOUD_ROUTER_ASN
set protocols bgp group ebgp-peers neighbor BGP_IPV4_ADDRESS_1 include-mp-next-hop
set protocols bgp group ebgp-peers neighbor BGP_IPV4_ADDRESS_2 export set-v6-next-hop-2
set protocols bgp group ebgp-peers neighbor BGP_IPV4_ADDRESS_2 peer-as CLOUD_ROUTER_ASN
set protocols bgp group ebgp-peers neighbor BGP_IPV4_ADDRESS_2 include-mp-next-hop

Replace the following:

  • CLOUD_ROUTER_ASN the ASN for the Cloud Router side of the BGP session
  • retrieved from peerIpv6NexthopAddress for the first BGP peer
  • BGP_IPV4_ADDRESS_1: the IPv4 link local address, or ipAddress, of the Cloud Router interface of the first BGP peer
  • BGP_IPV4_ADDRESS_2: the IPv4 link local address, or ipAddress, of the Cloud Router interface of the second BGP peer

set protocols bgp group ebgp-peers type external
set protocols bgp group ebgp-peers family inet unicast
set protocols bgp group ebgp-peers family inet6 unicast

set protocols bgp group ebgp-peers neighbor 169.254.10.1 export set-v6-next-hop-1
set protocols bgp group ebgp-peers neighbor 169.254.10.1 peer-as 65200
set protocols bgp group ebgp-peers neighbor 169.254.10.1 include-mp-next-hop
set protocols bgp group ebgp-peers neighbor 169.254.20.1 export set-v6-next-hop-2
set protocols bgp group ebgp-peers neighbor 169.254.20.1 peer-as 65200
set protocols bgp group ebgp-peers neighbor 169.254.20.1  include-mp-next-hop
Configuration block example:
protocols {
        bgp {
            group ebgp-peers {
                    type external;
                    family inet {
                                unicast;
                    }
                    family inet6 {
                                unicast;
                    }
                    neighbor 169.254.10.1 {
                                export set-v6-next-hop-1;
                                peer-as 65200;
                                include-mp-next-hop;
                    }
                    neighbor 169.254.20.1 {
                                export set-v6-next-hop-2;
                                peer-as 65200;
                                include-mp-next-hop;
                    }
            }
     }
}
routing-options {
        autonomous-system 64500;
}

Verify BGP connectivity

To verify BGP connectivity after you have configured your Juniper JunOS device, run the following command.

show route protocol bgp

In the output, verify that your IPv6 networks are being advertised over BGP.

Best practices

Follow these best practices to ensure effective connectivity to Google Cloud from your on-premises devices when using Cloud Interconnect 99.9% and 99.99% topologies.

Configuring devices for active/active forwarding

  • Ensure that the same MED values are exchanged across all BGP sessions.
  • Enable equal-cost multipath (ECMP) routing in your BGP configuration.
  • Enable graceful restart on your BGP sessions to minimize the impact of Cloud Router task restarts. When you connect two attachments through different edge availability domains, as described in the recommended topologies, the Cloud Router uses one task per edge availability domain. To avoid downtime, software tasks are scheduled independently.
  • If you are configuring two on-premises devices, use any routing protocol to connect both devices to each other. If you are configuring your device to use redistribution, use either IBGP or IGP.

Configuring devices for active/passive forwarding

  • To avoid asymmetric routing, make sure that higher MED values are applied on the Cloud Router side and on the on-premises device side.
  • Enable graceful restart on your BGP sessions to minimize the impact of Cloud Router task restarts. When you connect two attachments through different edge availability domains, as described in the recommended topologies, the Cloud Router uses one task per edge availability domain. To avoid downtime, software tasks are scheduled independently.
  • If you are configuring two on-premises devices, make sure that both devices have Layer 3 connectivity to each other. If you are configuring your device to use redistribution, use either IBGP or IGP.

Verifying BGP sessions

Check that your BGP sessions are working between your on-premises network and your Google Virtual Private Cloud (VPC) network. For more information, see Viewing Cloud Router status and routes in the Cloud Router documentation.