Router appliance overview

Router appliance works with Network Connectivity Center to enable dynamic route exchange with Google's network. It enables connectivity to a Virtual Private Cloud (VPC) network and permits data transfer between on-premises sites.

Network Connectivity Center is a hub-and-spoke model for network connectivity management in Google Cloud. It reduces operational complexity by using a centralized hub to exchange routing information between remote on-premises sites. Router appliance is one of several supported spoke types for Network Connectivity Center hubs.

For more information about Network Connectivity Center, including detailed definitions of hub and spoke, see the overview.

Types of router appliance instances

Network Connectivity Center supports many router appliance configurations provided by you or a third party. During the Preview period, you can configure a router appliance instance by installing your own image or an image from the vendor of your choice onto one or more Compute Engine VMs.

How it works

After the router appliance instance is installed, you configure interfaces on the Cloud Router to establish peering with the router appliance instance by using the Border Gateway Protocol (BGP). BGP enables the dynamic exchange of routes between the Cloud Router and the router appliance instance. Route exchange, in turn, enables data transfer traffic between sites. It also permits connectivity from the site through the router appliance instance to the VPC network. That is, the routes propagated by the router appliance instance can be used by VMs and other resources that have IP addresses in the same VPC network.

Cloud Router uses interfaces configured with RFC 1918 internal IP addresses to establish BGP peering with router appliance instances.

There are no separate APIs or Google Cloud resources for Router appliance. The existing Identity and Access Management (IAM) permissions for Compute Engine VMs also remain unchanged.

Use case: Data transfer between on-premises sites

You can use Router appliance to enable data transfer between environments outside of Google Cloud—for example, between your on-premises branch offices or stores.

The following example topology shows two on-premises sites that use Router appliance spokes to communicate with each other by using a Network Connectivity Center hub.

Router appliance topology
Router appliance topology (click to enlarge)
  1. On-premises Customer network A and Customer network B are each connected through customer premises equipment (CPE) to a router appliance instance. CPEs typically use a connectivity mechanism, such as an SD-WAN overlay tunnel or an IPsec VPN tunnel, to establish connectivity with the router appliance instance.

    Each router appliance instance is located in the Google Cloud region closest to its associated customer network. Both router appliance instances reside in a single VPC network. Because the router appliance instances sit in different regions, the VPC network has its dynamic routing mode set to global.

    You can create router appliance instances only in locations where Network Connectivity Center is supported. For more information, see the Network Connectivity Center locations page.

  2. Both router appliance instances are attached as spokes to the Network Connectivity Center hub.

  3. Each router appliance instance establishes BGP peering with the Cloud Router in the router appliance instance's respective region. The Cloud Router receives and advertises route prefixes from the on-premises location.

  4. The Cloud Routers in both regions dynamically exchange all received routes with each other. This configuration provides end-to-end dynamic route exchange and data plane connectivity between Customer network A and Customer network B.

For detailed configuration steps for a load-balanced single-site topology, see Creating router appliance instances.


Follow these requirements when deploying router appliance instances.

BGP configuration

  • The router appliance image that you install must support the BGP routing protocol.
  • To enable BGP peering between a router appliance instance and a Cloud Router, attach each router appliance instance as a spoke to a Network Connectivity Center hub.
  • Create a Cloud Router in the same region as the subnet that contains the peering interface of the router appliance instance.
  • Manually create BGP interfaces on the router appliance instance. These interfaces must be in the same subnet as the router appliance instance.
  • Manually create BGP sessions with Cloud Router from the router appliance instance.
  • For VMs that have multiple network interfaces configured as part of the router appliance instance, you can establish BGP sessions with Cloud Routers that reside in the same subnet as the VM interface. For more information about VM interfaces, see Multiple network interfaces overview and examples.

Availability recommendations

  • The standard service-level agreement (SLA) for Compute Engine VMs also applies to the availability of router appliance instances. This availability SLA is 99.5% for a single VM and 99.99% for VMs in multiple zones. For more information, see the Compute Engine SLA.
  • For a pair of router appliance instances, each for a different on-premises location, run at least two VMs in different zones. Each VM must peer with a pair of redundant Cloud Router interfaces. For more information about zones, see Regions and zones.


General considerations

  • Router appliance requires Network Connectivity Center to operate. That is, you can't configure standalone router appliance instances that peer with a Cloud Router or with other peer routers. You must configure router appliance instances as part of a Network Connectivity Center spoke.

  • If your deployment includes more than 1,000 VMs, you might be unable to establish BGP sessions between the router appliance instance and the Cloud Router. This 1,000-VM limit includes any VMs that are accessible through VPC Network Peering.

API considerations

During public preview, commands listed in this guide use the alpha version of the Network Connectivity API and the beta version of the Compute Engine API.

Routing considerations

  • If multiple router appliance instances announce the same routing prefixes with the same MED, Google Cloud uses equal-cost multipath (ECMP) routing across all the router appliance instances.
  • We recommend not advertising the same prefixes through a mix of different spoke types (router appliance instances, Cloud VPN gateways, and VLAN attachments). If the same prefixes are reachable through a mix of spoke types, using ECMP across the mixed spoke types can lead to imbalanced traffic across each link.
  • If a single Cloud Router learns a prefix with multiple next hops, Cloud Router selects the next hops with the shortest AS path length first, and then uses the MED to break ties. For more information, see AS path length in the Cloud Router documentation.

What's next