VPC-to-VPC topology that uses a third-party appliance

Stay organized with collections Save and categorize content based on your preferences.

Network Connectivity Center lets you use a third-party network virtual appliance to establish connectivity between your Virtual Private Cloud (VPC) networks. To establish this type of connectivity, you use the Router appliance feature. Using Router appliance in this way is supported in all Google Cloud regions.

When you use Router appliance, you install the image of a virtual appliance on a Compute Engine virtual machine (VM) that uses Border Gateway Protocol (BGP). We recommend using an image provided by a supported Network Connectivity Center partner. For more information about Router appliance, see the Router appliance overview.

This page uses a firewall appliance as an example. However, you could use the topology described on this page when setting up an SD-WAN router, a load-balancing appliance, or another type of device.

Network Connectivity Center lets you use a hub-and-spoke architecture for network connectivity. For information about Network Connectivity Center, see the Network Connectivity Center overview. For more information about Router appliance, see the Router appliance overview.

Sample topology

In the following topology, the router appliance instance hosts a firewall appliance image. The firewall appliance mediates connectivity between two Virtual Private Cloud (VPC) networks.

The VM that hosts the router appliance instance has interfaces in both VPC networks. Each interface has been used to create a Router appliance spoke.

The router appliance instance engages in a total of four Border Gateway Protocol (BGP) peering sessions: In VPC network A, Cloud Router A establishes two sessions with the router appliance instance. In VPC network B, Cloud Router B establishes two sessions with the router appliance instance.

In this scenario, Cloud Router A learns the 192.168.10.0/24 subnet through the firewall Router appliance. This route is installed on the routing table in VPC network A. Similarly, Cloud Router B learns the 10.1.3.0/24 subnet through the firewall Router appliance, and the route is installed on the routing table in VPC network B. Now, VM A and VM B can communicate—subject to the firewall rules that you've defined for your appliance.

Using Router appliance in this way is supported in all Google Cloud regions.

Manage connectivity between VPC networks.
Use a firewall appliance (click to enlarge)

To set up Router appliance spokes in this way, follow the procedure in Establish connectivity by using a third-party appliance. Although "Connect to Google Cloud" describes a site-to-cloud connectivity scenario, the Network Connectivity Center steps are the same as in the preceding diagram.

What's next