Creating VLAN attachments

VLAN attachments for Partner Interconnect connections (also known as interconnectAttachments) connect your Virtual Private Cloud (VPC) networks with your on-premises network through your service provider's network by allocating VLANs on your service provider's connection.

Before you can create VLAN attachments for Partner Interconnect, you must already have connectivity with a supported service provider.

Billing for VLAN attachments starts when your service provider completes their configurations, whether or not you pre-activated your attachments. Your service provider configures your attachments when they are in the PENDING_CUSTOMER or ACTIVE state. Billing stops when you or the service provider deletes the attachments (when they are in the DEFUNCT state).

For VLAN attachments for Dedicated Interconnect, see Creating VLAN attachments for Dedicated Interconnect.

For definitions of terms used on this page, see Cloud Interconnect key terms.

To help you solve common issues that you might encounter when using Partner Interconnect, see Troubleshooting.

Utilizing multiple VLAN attachments

VLAN attachments only support up to 50-Gbps/6.25 M packets per second (pps) of traffic (over 100-Gbps connections). To achieve higher throughput into a VPC network, you must configure multiple VLAN attachments into the VPC network. For each BGP session, you should use the same MED values to let the traffic use equal-cost multipath (ECMP) routing over all the configured VLAN attachments.

If you have multiple VLAN attachments, including attachments in different projects, you can pair them with a Partner Interconnect connection from the same service provider, or with Partner Interconnect connections from different service providers.

Creating VLAN attachments

Console

  1. In the Google Cloud Console, go to the Cloud Interconnect VLAN attachments tab.

    Go to VLAN attachments

  2. Click Add VLAN attachment.

  3. Select Partner Interconnect, and then click Continue.

  4. Select I already have a service provider.

  5. Select Create a redundant pair of VLANs. Redundancy provides higher availability than a single connection. Both attachments serve traffic, and the traffic is load balanced between them. If one attachment goes down, for example during scheduled maintenance, the other attachment continues to serve traffic. For more information, see Redundancy and SLA.

    If you're creating an attachment for testing purposes or don't require high availability, select Create a single VLAN to create only one VLAN attachment.

  6. For the Network and Region fields, select the VPC network and Google Cloud region where your attachments will connect.

  7. Specify the details of your VLAN attachments:

    • Cloud Router: A Cloud Router to associate with this attachment. You can only choose a Cloud Router in the VPC network and region that you selected with an ASN of 16550. If you don't have an existing Cloud Router, create one with an ASN of 16550. For redundancy, each VLAN attachment must be associated with a unique Cloud Router. Google automatically adds an interface and a BGP peer on the Cloud Router.
    • VLAN attachment name: A name for the attachment. This name is displayed in the Cloud Console and is used by the gcloud command-line tool to reference the attachment, such as my-attachment.
    • Maximum transmission unit (MTU) for the attachment: To make use of the 1500-byte MTU, the VPC network using the attachment must have an MTU set to 1500. In addition, the on-premises VMs and routers must have an MTU set to 1500. If your network has the default MTU of 1460, leave the field at 1440.
  8. To create the attachments, click Create. This action takes a few minutes to complete.

  9. After creation is complete, copy the pairing keys. You share these keys with your service provider when you request a connection with them.

    If you're requesting a Layer 3 connection from your service provider, you can pre-activate the attachment by selecting Enable. Activating attachments enables you to confirm that you're connecting to the expected service provider. Pre-activating attachments enables you to skip the activation step and lets the attachments start passing traffic immediately after your service provider completes their configuration.

  10. To view a list of your VLAN attachments, click OK.

gcloud

Before you create a VLAN attachment, you must have an existing Cloud Router in the network and region that you want to reach from your on-premises network. If you don't have an existing Cloud Router, create one. The Cloud Router must have a BGP ASN of 16550.

  1. Create an interconnectAttachment of type PARTNER, specifying the names of your Cloud Router and the edge availability domain (metro availability zone) of the VLAN attachment. Google automatically adds an interface and a BGP peer on the Cloud Router. The attachment generates a pairing key that you need to share with your service provider.

    You can specify the MTU of your attachment. Valid values are 1440 (default) and 1500. To specify an MTU of 1500, use the --mtu parameter (--mtu 1500). To make use of the 1500-byte MTU, the VPC network using the attachment must have an MTU set to 1500. In addition, the on-premises VMs and routers must have an MTU set to 1500.

    The following example creates a VLAN attachment in edge availability domain availability-domain-1 and is associated with the Cloud Router my-router, which is in the region us-central1.

    gcloud compute interconnects attachments partner create my-attachment \
        --region us-central1 \
        --router my-router \
        --edge-availability-domain availability-domain-1
    

    If you're requesting a Layer 3 connection from your service provider, you can pre-activate the attachment by selecting --admin-enabled flag. Activating attachments enables you to confirm that you're connecting to the expected service provider. Pre-activating attachments enables you to skip the activation step and lets the attachments start passing traffic immediately after your service provider completes their configuration.

    gcloud compute interconnects attachments partner create my-attachment \
        --region us-central1 \
        --router my-router \
        --edge-availability-domain availability-domain-1 \
        --admin-enabled
    
  2. Describe the attachment to retrieve its pairing key; you need to share this key with your service provider when you request a connection with them:

    gcloud compute interconnects attachments describe my-attachment \
        --region us-central1
    

    Output:

    adminEnabled: false
    edgeAvailabilityDomain: AVAILABILITY_DOMAIN_1
    creationTimestamp: '2017-12-01T08:29:09.886-08:00'
    id: '7976913826166357434'
    kind: compute#interconnectAttachment
    labelFingerprint: 42WmSpB8rSM=
    name: my-attachment
    pairingKey: 7e51371e-72a3-40b5-b844-2e3efefaee59/us-central1/1
    region: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1
    router: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1/routers/my-router
    selfLink: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1/interconnectAttachments/my-attachment
    state: PENDING_PARTNER
    type: PARTNER
    

    The pairingKey field contains the pairing key that you need to share with your service provider. Treat the pairing key as sensitive information until your VLAN attachment is configured.

    The state of the VLAN attachment is PENDING_PARTNER until you request a connection with your service provider and they complete your VLAN attachment configuration. After the configuration is complete, the state of the attachment changes to ACTIVE or PENDING_CUSTOMER.

If you're building redundancy with a duplicate VLAN attachment, repeat these steps for the second attachment but specify a different edge availability domain. Also, when you request connections from your service provider, you must select the same metropolitan area (city) for both attachments for them to be redundant. For more information, see Redundancy and SLA.

Restricting Partner Interconnect usage

By default, any VPC network can use Cloud Interconnect. To control which VPC networks can use Cloud Interconnect, you can set an organization policy. For more information, see Restricting Cloud Interconnect usage.