Configuring on-premises routers

This document describes how to configure on-premises routers for Partner Interconnect. If you are creating a Dedicated Interconnect connection, see Configuring on-premises routers for Dedicated Interconnect.

When to configure your on-premises router

An on-premises router in this context means a Layer 2 (L2) or Layer 3 (L3) device you configure to enable Partner Interconnect.

  • For Layer 2 (L2) connections, configure your on-premises router after your service provider has configured your VLAN attachments as described in the Partner Interconnect overview
  • For Layer 3 (L3) connections, configuring BGP on your on-premises router is not required as the service provider configures BGP on their edge routers as described in the Partner Interconnect overview.

This document provides a sample topology and configuration for Layer 2 connections that you can use as a guide when configuring your on-premises router.

Topology for Layer 2 connections

In this topology, the Cloud Interconnect connection or connections terminate on an on-premises router, which performs BGP peering with Cloud Router.

This sample topology uses the following Google Cloud resources:

  • The project Sample Interconnect Project
  • The network my-network
  • The region us-east1

There are two Partner Interconnect attachments, my-attachment1 and my-attachment2, which are already active and have BGP configured.

Physical

The following diagram shows the physical topology for Layer 2 connections. Google and your service provider set up and manage the physical connections between Google Cloud and your service provider's network.

Sample physical Layer 2 topology (click to enlarge)
Sample physical topology for Layer 2 connections (click to enlarge)

Logical

The following diagram shows the logical topology for Layer 2 connections.

Sample logical Layer 2 topology (click to enlarge)
Sample logical topology for Layer 2 connections (click to enlarge)

Configuring your on-premises router

This section describes how to configure Layer 2 topologies for production use. The sample configuration describes all device settings.

On-premises router settings

Based on the configuration in the sample Google Cloud project, the following table summarizes the on-premises router settings to use for the example topology.

See the Topology reference for the sample project name, VPC network, and region used on the Google Cloud side.

The hold timer and keepalive timer values allow Google to quickly transfer traffic to redundant connections in the event of an issue. Set their values as shown in the table.

Graceful restart prevents BGP sessions from packet drops and route withdrawal during Cloud Router maintenance. If your on-premises device supports BGP graceful restart, enable it and set the graceful restart and stalepath timers as shown in the table.

For more information on BGP timer settings, see the recommended values for BGP timers in the Cloud Router documentation.

Settings my-attachment1 my-attachment2
VLAN number 1010 1020
VLAN interface IP address 169.254.10.2/29 169.254.20.2/29
On-premises ASN 64500 64500
Cloud Router ASN 16550 16550
Cloud Router BGP IP address For cr1-us-east1:
169.254.10.1
For cr2-us-east1:
169.254.20.1
BGP timers Keepalive: 20 sec Keepalive: 20 sec
Hold timer: 60 sec Hold timer: 60 sec
Graceful Restart: 1 sec Graceful Restart: 1 sec
Stalepath timer: 300 sec Stalepath timer: 300 sec
On-premises LAN subnet range 192.168.12.0/24 192.168.12.0/24

Configuration guidelines

Use the following information on your on-premises switch or router to establish a BGP session with your Cloud Router:

  • The interface IP address and peering IP address provided by your activated Partner Interconnect VLAN attachment
  • The VLAN ID provided by your service provider
  • An MTU size of 1440 bytes
  • The EBGP neighbor must have multihop configured. The recommended value for this setting is 4.

Device configuration

VLAN 1010 (Cisco) router

The following listing shows a sample configuration for an on-premises Layer 2 topology using Router1 (Cisco) on VLAN 1010:

    interface E0/0
      description connected_to_service_provider_device
      no shut

    interface E0/0.1010
      description attachment_vlan1010
      encapsulation dot1Q 1010
      ip address 169.254.10.2 255.255.255.248
      ip mtu 1440

    ip prefix-list TO_GCP seq 5 permit 192.168.12.0/24

    route-map TO_GCP_OUTBOUND permit 10
      match ip address prefix-list TO_GCP

    router bgp 64500
      bgp graceful-restart restart-time 1
       neighbor 169.254.10.1 description peering_to_cloud_router
       neighbor 169.254.10.1 remote-as 16550
       neighbor 169.254.10.1 ebgp-multihop 4
       neighbor 169.254.10.1 timers 20 60
       neighbor 169.254.10.1 update-source E0/0.1010
       neighbor 169.254.10.1 route-map TO_GCP_OUTBOUND out
  

VLAN 1020 (Juniper) router

The following listing shows a sample configuration for an on-premises Layer 2 topology using Router2 (Juniper) on VLAN 1020:

    set interfaces xe-0/0/0 description "connected_to_service_provider_device"
    set interfaces xe-0/0/0 flexible-vlan-tagging
    set interfaces xe-0/0/0 unit 1020 family inet mtu 1440
    set interfaces xe-0/0/0 unit 1020 vlan-id 1020
    set interfaces xe-0/0/0 unit 1020 family inet address 169.254.20.2/29

    set routing-options autonomous-system 64500

    set policy-options prefix-list TO_GCP 192.168.12.0/24

    set policy-options policy-statement TO_GCP_OUTBOUND term 1 from protocol direct
    set policy-options policy-statement TO_GCP_OUTBOUND term 1 from prefix-list TO_GCP
    set policy-options policy-statement TO_GCP_OUTBOUND term 1 then accept
    set policy-options policy-statement TO_GCP_OUTBOUND term 2 then reject

    set protocols bgp group config_vlan_1020 type external
    set protocols bgp group config_vlan_1020 multihop ttl 4
    set protocols bgp group config_vlan_1020 local-address 169.254.20.2
    set protocols bgp group config_vlan_1020 peer-as 16550
    set protocols bgp group config_vlan_1020 neighbor 169.254.20.1 export TO_GCP_OUTBOUND
    set protocols bgp group config_vlan_1020 neighbor 169.254.20.1 graceful-restart restart-time 1

Best practices

Follow these best practices to ensure effective connectivity to Google Cloud from your on-premises devices when using Cloud Interconnect 99.9% and 99.99% topologies.

Configuring devices for active/active forwarding

  • Ensure that the same MED values are exchanged across all BGP sessions.
  • Enable Equal-cost multi-path routing (ECMP) in your BGP configuration.
  • Enable Graceful restart or distribute interconnect attachments among multiple Cloud Routers in same region. That is, ensure that no two Cloud Routers are restarted at same time for code upgrades.
  • If you are configuring two on-premises devices, connect both devices to each other using any routing protocol. If you are configuring your device to use redistribution, use either IBGP or IGP.

Configuring devices for active/passive forwarding

  • Make sure that higher MED values are applied on the Cloud Router side, and on the on-premises device side, to avoid asymmetric routing.
  • Enable Graceful restart or distribute interconnect attachments among multiple Cloud Routers in same region. That is, ensure that no two Cloud Routers are restarted at same time for code upgrades.
  • If you are configuring two on-premises devices, make sure that both devices have Layer 3 connectivity to each other. If you are configuring your device to use redistribution, use either IBGP or IGP.

What's next

Check that your BGP sessions are working between your on-premises network and your Google Virtual Private Cloud network. For more information, see Viewing Router Status and Advertised Routes in the Cloud Router documentation.