Creating router appliance instances

Router appliance is one of several supported spoke types for Network Connectivity Center, Google Cloud's hub-and-spoke model for network connectivity management. This page describes how to create a router appliance instance and complete the related setup tasks. Depending on the approach that you choose, some of these tasks might be automated. However, all of the tasks must be completed before you can establish connectivity with a Router appliance spoke.

These tasks include the following:

  1. Create a router appliance instance. You can do this by using a partner solution, or by using your own custom image.

  2. Ensure that the router appliance instance is accessible to BGP traffic through TCP port 179. To do this, you might need to create a firewall rule.

  3. Create a spoke that uses your router appliance instance.

  4. Set up a Cloud Router. This step includes the following substeps:

    1. Create a Cloud Router in the same region as the router appliance instance.

    2. Create two interfaces on the Cloud Router.

    3. Configure BGP peering on the Cloud Router.

  5. Configure BGP peering on the router appliance instance.

The way that you complete these steps can vary significantly. For example, if you create a router appliance instance by using a partner solution, some of the later steps might be automated for you.

Sample configuration

This page describes how to set up a sample configuration. In this setup, two router appliance instances provide connectivity between a Virtual Private Cloud (VPC) network and an on-premises network. Network Connectivity Center uses equal-cost multipath (ECMP) routing to load balance traffic across the router appliance instances. It uses Border Gateway Protocol (BGP) to distribute routes between the networks.

The sample configuration places the router appliance instances in the same subnetwork (subnet). However, each router appliance instance resides in a different zone.

Each router appliance instance maintains BGP sessions with the same Cloud Router. This Cloud Router has two interfaces. Each router appliance instance peers with each of these interfaces, for a total of four peering sessions.

Creating BGP sessions for router appliances
Creating BGP sessions for router appliance instances (click to enlarge)

Before you begin

Before you get started, review the following sections.

Create or select a project

To make it easier to complete the procedures on this page, complete the following steps:

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Install and initialize the Cloud SDK.
  1. If you are using the gcloud command-line tool, set your project ID with the following command. The gcloud instructions on this page assume that you have set your project ID before issuing commands. For this reason, the commands don't include the --project option.
        gcloud config set project PROJECT_ID
        
  2. You can also use the project ID that has already been set:
        gcloud config list --format='text(core.project)'
        

Get access

To work with Network Connectivity Center, you need the permissions described in Access control.

This page also describes how to work with other Google Cloud resources, including VPC networks, subnets, and firewall rules. For more information about the permissions you need to work with these resources, see the Compute Engine access control documentation.

API considerations

During public preview, commands listed in this guide use the alpha version of the Network Connectivity API and the beta version of the Compute Engine API.

VM interfaces and routing

For an overview of how Compute Engine virtual machine (VM) interfaces are used for routing, see the use case for data transfer between sites in the Router appliance overview.

IP addresses and router appliance instances

To set up a router appliance instance, you must establish peering between the instance and the Cloud Router. To set up peering, the VM must use an RFC 1918 internal IP address. You cannot peer these two resources if the VM uses a different type of address.

For information about how to view a VM's IP addresses, see the following documents:

For definitions and detailed information about IP address types, see IP addresses.

Reserving a static internal IP address (recommended)

We recommend that you give your router appliance instance a static internal IP address so that the address doesn't change during reboot. If the address changes, BGP peering fails.

You have several options for assigning a reserved IP address. You can reserve the IP address in advance. Alternatively, you can reserve the IP address when you create the VM. If you mistakenly give the VM an ephemeral address, you can later convert the address into a static address. For more information about static IP addresses, see Reserving static IP addresses.

IP addresses for BGP peering

A router appliance instance uses its internal IP address to peer with the Cloud Router. The instance does not use a link-local address (such as 169.254.x.x) for BGP peering.

Similarly, the Cloud Router uses two RFC 1918 internal IP addresses to peer with the router appliance instance, one address for each interface. These IP addresses can be manually or automatically assigned from the subnet that contains both the router appliance instance interface and the Cloud Router interface.

Creating VPC resources

The following sections describe how to create a VPC network and subnet.

Create a VPC network

If you haven't already, create a VPC network. Set the network's dynamic routing mode to global.

The following steps create a custom mode VPC network named network-a.

For more information about creating VPC networks, see Creating networks.

gcloud

To create a custom VPC network, enter this command:

  gcloud compute networks create NAME \
      --subnet-mode custom \
      --bgp-routing-mode global

Replace NAME with the name of the VPC network—for example, network-a.

API

To create a custom VPC network by using the Compute Engine API, see Using VPC.

Create a subnet

Create one subnet in network-a to contain the VM instances used as router appliance instances.

gcloud

To create a VPC subnet, enter this command:

  gcloud compute networks subnets create NAME \
      --network=NETWORK \
      --region=REGION \
      --range=RANGE

Replace the following:

  • NAME: the name of the subnet that contains the router appliance VM—for example, subnet-a-1
  • NETWORK: the network that contains the subnet—for example, network-a
  • REGION: the region that contains the subnet—for example, us-west1
  • RANGE: the IP range of the subnet in CIDR notation—for example, 10.0.1.0/24

API

To create a VPC subnet by using the Compute Engine API, see Using VPC.

Creating router appliance VMs

Create the Compute Engine VMs that act as router appliance instances. The sample configuration uses two VMs, router-app-a and router-app-b.

At a high level, you create a router appliance image by creating a VM that uses a network virtual appliance image. This image can be any of the following:

For more information about specifying images, see the following resources:

For detailed information about creating VMs, see Creating and starting a VM instance.

The examples in this section assume that you have reserved IP addresses for the router appliance instance. For more information, see IP addresses for Router appliance.

gcloud

To create the two router appliance VMs used in the example configuration, run the following command twice. Replace INSTANCE_NAME with the name of the VM acting as a router appliance instance.

In the following example, you assign the static internal IP address and static external IP address that you reserved earlier to the VM. You also specify the project that contains a vendor-provided image for the VM along with the name of the image.

  gcloud compute instances create INSTANCE_NAME \
      --project=PROJECT \
      --zone=ZONE \
      --machine-type=MACHINE_TYPE \
      --network-tier=NETWORK_TIER \
      --network-interface=[subnet=SUBNET,private-network-ip=INTERNAL_IP_ADDRESS] \
      --can-ip-forward \
      --image-project=IMAGE_PROJECT \
      --image=IMAGE

Replace the following:

  • INSTANCE_NAME: the name of the VM acting as a router appliance instance—for example, router-app-a or router-app-b
  • PROJECT: the name of the project that contains the router appliance VMs—for example, my-project
  • ZONE: the Google Cloud zone that the VM is located in—for example, us-west1-a
  • MACHINE_TYPE: the machine type resource to use for the VM—for example, n1-standard-2
  • NETWORK_TIER: when creating the router appliance VMs, set the network tier to premium; this choice maximizes the extent to which traffic uses Google's network
  • SUBNET: the subnet assigned to the primary network interface for the VM—for example, subnet-a-1
  • INTERNAL_IP_ADDRESS: the RFC 1918 internal IP address that is assigned to the VM interface that connects to the Cloud Router—for example, 10.0.1.10
  • IMAGE_PROJECT: the name of the project that contains the image specified in the image field—for example, debian-cloud
  • IMAGE: the name of the image to install—for example, debian-10-buster-v20210217

API

To create the two router appliance VMs used in the example configuration, use the compute.instances.insert method.

For additional creation methods, see Creating and starting a VM instance.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT/zones/ZONE/instances
 {
   "machineType": "zones/ZONE/machineTypes/MACHINE_TYPE",
   "name": "INSTANCE_NAME",
   "canIpForward": "true",
   "networkInterfaces": [{
     "subnetwork": "regions/REGION/subnetworks/SUBNET",
     "networkIP": "INTERNAL_IP_ADDRESS",
     "accessConfigs": [{
         "networkTier": "NETWORK_TIER,
       }]
     }],
    "disks": [{
      "initializeParams": {
          "sourceImage": "projects/IMAGE_PROJECT/global/images/IMAGE"
      },
      "boot": true
   }]
 }

Replace the following:

  • PROJECT: the name of the project that contains the router appliance VMs—for example, my-project
  • ZONE: the Google Cloud zone that the VM is located in—for example, us-west1-a
  • MACHINE_TYPE: the machine type resource to use for the VM—for example, zones/us-west1-a/machineTypes/n1-standard-2
  • INSTANCE_NAME: the name of the VM—for example, router-app-a or router-app-b
  • REGION: the region that contains the VM—for example, us-west1
  • SUBNET: the subnet assigned to the primary network interface for the VM—for example, regions/us-west1/subnetworks/subnet-a-1
  • INTERNAL_IP_ADDRESS: the RFC 1918 internal IP address that is assigned to the VM; configure the address for the VM interface that connects to the Cloud Router—for example, 10.0.1.10
  • NETWORK_TIER: when creating the router appliance VMs, set the network tier to premium; this choice maximizes the extent to which traffic uses Google's network
  • IMAGE_PROJECT: the name of the project that contains the image that you specify when creating the VM—for example, debian-cloud
  • IMAGE: the name of the image to use when creating the VM—for example, debian-10-buster-v20210217

Creating a firewall rule to allow BGP

Create a firewall rule that allows BGP traffic to network-a on TCP port 179.

For more information about firewall commands, see Using firewall rules.

gcloud

To create a VPC firewall rule by using the gcloud command-line tool, see Using VPC firewall rules.

API

To create a VPC firewall rule by using the Compute Engine API, see Using VPC firewall rules.

Creating a Router appliance spoke

Create a Router appliance spoke that uses the two router appliance instances that you just created. Creating a spoke is required for enabling BGP peering between the router appliance instance and the Cloud Router, which you create in the next step.

For more information about how to create a spoke, see Creating a router appliance spoke.

gcloud

To create a Router appliance spoke, use the gcloud alpha network-connectivity spokes create command. When you structure the command, use one instance of the --router-appliance flag for each router appliance instance that you want to associate with the spoke. For example, to use two router appliance instances, enter the following command:

  gcloud alpha network-connectivity spokes create NAME \
    --hub="HUB_URI" \
    --description="DESCRIPTION" \
    --router-appliance=instance="ROUTER_APPLIANCE_URI",ip=IP_ADDRESS \
    --router-appliance=instance="ROUTER_APPLIANCE_URI",ip=IP_ADDRESS \
    --region=REGION \
    --labels="KEY"="VALUE"
 

Replace the following values:

  • NAME: the name of the spoke
  • HUB_URI: the URI of the hub that you are attaching the spoke to
  • DESCRIPTION: optional text that describes the spoke—for example, us-vpn-spoke
  • ROUTER_APPLIANCE_URI: the URI of the router appliance instance—for example,
    https://www.googleapis.com/compute/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME 
  • IP_ADDRESS: the internal IP address of the router appliance instance—for example, 10.0.1.10
  • REGION: the Google Cloud region where you want to locate the spoke—for example, us-west1
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text

    For example, the following command creates a router appliance spoke that uses router-app-a and router-app-b as its underlying resources:

    gcloud alpha network-connectivity spokes create my-spoke \
        --hub="http://networkconnectivity.googleapis.com/v1/projects/my-project/locations/global/hubs/my-hub" \
        --description="Test spoke 1" \
        --router-appliance=instance="https://www.googleapis.com/compute/v1/projects/my-project/zones/us-west1-a/instances/router-app-a",ip=10.0.1.10 \
        --router-appliance=instance="https://www.googleapis.com/compute/v1/projects/my-project/zones/us-west1-b/instances/router-app-b",ip=10.0.1.11 \
        --region=us-west1 \
        --labels="environment"="test"
    

API

To create a Router appliance spoke, use the networkconnectivity.spokes.create method. For each router appliance instance that you want to associate with the spoke, add an item to the linkedRouterApplianceInstances array.

  POST https://networkconnectivity.googleapis.com/v1alpha1/projects/PROJECT_ID/locations/REGION/spokes/SPOKE_NAME
  {
    "hub": "HUB_URI",
    "labels: {"KEY": "VALUE"},
    "linkedRouterApplianceInstances": [
     {
      "virtual_machine": "ROUTER_APPLIANCE_URI",
      "ip_address": "INTERNAL_IP_ADDRESS",
     },
     {
      "virtual_machine": "ROUTER_APPLIANCE_URI",
      "ip_address": "INTERNAL_IP_ADDRESS",
     }],
   }
 

Replace the following values:

  • PROJECT_ID: the project ID of your project
  • REGION: the Google Cloud region where you want to locate the spoke—for example, us-west1
  • SPOKE_NAME: the name you want to give the spoke
  • HUB_URI: the URI of the hub that you are attaching the spoke to—for example,
    https://www.googleapis.com/compute/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME 
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text
  • ROUTER_APPLIANCE_URI: the URI of the router appliance instance
  • INTERNAL_IP_ADDRESS: the internal IP address of router appliance instance

    For example, to create a spoke that uses router-app-a and router-app-b as its underlying resources, the body of your request should be structured as follows:

    {
    "hub": "http://networkconnectivity.googleapis.com/v1/projects/my-project/locations/global/hubs/my-hub",
    
        "labels": {
           "environment" : "test"
         },
    
         "linked_router_appliance_instances": [
         {
            "virtual_machine": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-west1-a/instances/router-app-a",
            "ip_address": "10.0.1.10",
         },
         {
            "virtual_machine": "https://www.googleapis.com/compute/v1/projects/my-project/zones/us-west1-b/instances/router-app-b",
            "ip_address":  "10.0.1.11",
         },
        ]
    }
    
    

Setting up a Cloud Router

Router appliance uses a Cloud Router to exchange routes with your VPC network. For this reason, you must create a Cloud Router and complete a few other setup tasks.

Create a Cloud Router

Create the resource in the same network and region where the router VM resides. In the sample configuration, these resources are network-a and us-west1.

For more information, see Creating Cloud Routers.

gcloud

To create a Cloud Router, enter the following command:

  gcloud beta compute routers create NAME \
      --region=REGION \
      --network=NETWORK \
      --asn=ASN \
      --project=PROJECT_ID

Replace the following:

  • NAME: the name of the Cloud Router—for example, cloud-router-a
  • REGION: the region that contains the Cloud Router—for example, us-west1
  • NETWORK: the VPC network that contains the Cloud Router—for example, network-a
  • ASN: the autonomous system number (ASN) for the Cloud Router—this ASN must be a 16-bit or 32-bit private ASN as defined in RFC 6996—for example, 65000
  • PROJECT_ID: the project ID for the Cloud Router—for example, my-project

API

To create a Cloud Router, use the compute.routers.insert method.

POST https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/routers
{
 "name": "NAME",
 "network": "NETWORK",
 "bgp": {
   "asn": ASN
  }
}

Replace the following:

  • PROJECT_ID: the project ID for the Cloud Router—for example, my-project
  • REGION: the region that contains the Cloud Router—for example, us-west1
  • NAME: the name of the Cloud Router—for example, cloud-router-a
  • NETWORK: the URI of the VPC network that contains the Cloud Router—for example, /global/networks/network-a
  • ASN: the autonomous system number (ASN) for the Cloud Router—this ASN must be a 16-bit or 32-bit private ASN as defined in RFC 6996—for example, 65000

Create two redundant interfaces on the Cloud Router

Create two redundant Cloud Router interfaces that, in the sample configuration, are associated with subnet-a-1.

The Cloud Router interface uses a regional internal IP address.

If you explicitly specify the internal IP address for the interface, the IP address must belong to the subnet's primary IP address range. It must not already be in use by another resource, such as a VM or a different Cloud Router interface. To reserve an IP address from the subnet in advance, create an address resource and then use the reserved IP address for the Cloud Router interface.

gcloud

To create two redundant interfaces on the Cloud Router, enter the following commands.

If you don't specify the --ip-address option, Google tries to find a free IP address from the subnet's primary IP range to assign to the interface.

  1. Create the first Cloud Router interface:

    gcloud beta compute routers add-interface NAME \
        --interface-name=INTERFACE_NAME \
        --ip-address=IP_ADDRESS \
        --subnetwork=SUBNET \
        --region=REGION \
        --project=PROJECT_ID
    
  2. Create the redundant Cloud Router interface:

    gcloud beta compute routers add-interface NAME \
        --interface-name=INTERFACE_NAME \
        --ip-address=IP_ADDRESS \
        --subnetwork=SUBNET \
        --redundant-interface=REDUNDANT_INTERFACE \
        --region=REGION \
        --project=PROJECT_ID
    

    Replace the following:

    • NAME: the name of the Cloud Router to update—for example, cloud-router-a
    • INTERFACE_NAME: the name of the interface—for example, router-appliance-interface-0 or router-appliance-interface-1
    • IP_ADDRESS: the RFC 1918 internal IP address to use for the interface—for example, 10.0.1.5 or 10.0.1.6
    • SUBNET: the subnet where the internal IP address resides—for example, subnet-a-1
    • REDUNDANT_INTERFACE: the redundant Cloud Router interface that peers with the same router appliance instance as the primary interface—for example, router-appliance-interface-0
    • REGION: the Google Cloud region where the Cloud Router resides—for example, us-west1
    • PROJECT_ID: the project ID for the Cloud Router—for example, my-project
  • The following command creates the first interface on the Cloud Router as described in the sample configuration:

    gcloud beta compute routers add-interface cloud-router-a \
        --interface-name=router-appliance-interface-0 \
        --ip-address=10.0.1.5 \
        --subnetwork=subnet-a-1 \
        --region=us-west1 \
        --project=my-project
    
  • The following command creates the redundant interfaces on the Cloud Router as described in the sample configuration:

    gcloud beta compute routers add-interface cloud-router-a \
        --interface-name=router-appliance-interface-1 \
        --ip-address=10.0.1.6 \
        --subnetwork=subnet-a-1 \
        --redundant-interface=router-appliance-interface-0 \
        --region=us-west1 \
        --project=my-project
    

API

To create two redundant interfaces on the Cloud Router, use the compute.routers.patch method.

If you don't specify the privateIpAddress option, Google tries to find a free IP address from the subnet's primary IP range to assign to the interface.

  1. Create the first Cloud Router interface:

    "PATCH
    https"://www.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/routers/NAME
    {
      "region":"REGION",
      "interfaces":[
        {
          "name":"INTERFACE_NAME",
          "privateIpAddress:"IP_ADDRESS",
          "subnetwork": "https":"//www.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET"
        }
      ]
    }
    
  2. Create the redundant Cloud Router interface:

    "PATCH
    https"://www.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/routers/NAME
    {
      "region":"REGION",
      "interfaces":[
        {
          "name":"INTERFACE_NAME_1",
          "privateIpAddress:"IP_ADDRESS",
          "subnetwork": "https://www.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET"
        },
        {
          "name":"INTERFACE_NAME_2",
          "privateIpAddress:"IP_ADDRESS",
          "subnetwork": "https://www.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET",
          "redundantInterface": "INTERFACE_NAME_1"
        }
      ]
    }
    

    Replace the following:

    • PROJECT_ID: the project ID for the Cloud Router—for example, my-project
    • REGION: the Google Cloud region where the Cloud Router resides—for example, us-west1
    • NAME: the name of the Cloud Router to update—for example, cloud-router-a
    • NETWORK: the VPC network that contains the Cloud Router—for example,network-a
    • INTERFACE_NAME: the name of the interface—for example, router-appliance-interface-0 or router-appliance-interface-1
    • SUBNET: the URL for the subnet that contains the RFC 1918 internal IP address
    • IP_ADDRESS: the internal IP address to use for the interface—for example, 10.0.1.5 or 10.0.1.6
    • REDUNDANT_INTERFACE: the redundant Cloud Router interface that peers with the same router appliance instance as the primary interface—for example, router-appliance-interface-0
  • The following command creates the first interface on cloud-router-a as described in the sample configuration:

    "PATCH https"://www.googleapis.com/compute/beta/projects/my-project/regions/us-west1/routers/cloud-router-a
    {
    "region":"us-west1",
    "interfaces":[
      {
        "name":"router-appliance-interface-0",
        "privateIpAddress:"10.0.1.5",
        "subnetwork": "https://www.googleapis.com/compute/beta/projects/my-project/regions/us-west1/subnetworks/>"
      }
    ]
    }
    
  • The following command creates the redundant interfaces on cloud-router-a as described in the sample configuration:

    "PATCH https"://www.googleapis.com/compute/beta/projects/my-project/regions/us-west1/routers/cloud-router-a
    {
    "region":"us-west1",
    "interfaces":[
      {
        "name":"router-appliance-interface-0",
        "privateIpAddress:"10.0.1.5",
        "subnetwork": "https://www.googleapis.com/compute/beta/projects/my-project/regions/us-west1/subnetworks/subnet-a-1"
      },
      {
        "name":"router-appliance-interface-0",
        "privateIpAddress:"10.0.1.6",
        "subnetwork": "https://www.googleapis.com/compute/beta/projects/my-project/regions/us-west1/subnetworks/subnet-a-1",
        "redundantInterface": "router-appliance-interface-0"
      }
    ]
    }
    

Configuring BGP peering on the Cloud Router

For each router appliance instance, you must create two BGP peers on the Cloud Router—one for each Cloud Router interface. The BGP peer IP address must be the primary internal IP address for the VM that is configured as a router appliance instance.

Create BGP peers for router-app-a

This section describes how to create two BGP peers for the router appliance instance named router-app-a in the sample configuration. The next section describes how to create two BGP peers on router-app-b.

The following example shows how to configure router-app-a as a BGP peer on both interfaces of Cloud Router cloud-router-a.

gcloud

To create two BGP peers on the Cloud Router for router-app-a, enter the following commands.

  1. Create the first BGP peer:

    gcloud beta compute routers add-bgp-peer NAME \
        --peer-name=PEER_NAME \
        --interface=INTERFACE \
        --peer-ip-address=PEER_IP_ADDRESS \
        --peer-asn=PEER_ASN \
        --instance=ROUTER_APPLIANCE \
        --instance-zone=ROUTER_APPLIANCE_ZONE \
        --region=REGION
    
  2. Create the second BGP peer:

    gcloud beta compute routers add-bgp-peer NAME \
        --peer-name=PEER_NAME \
        --interface=INTERFACE \
        --peer-ip-address=PEER_IP_ADDRESS \
        --peer-asn=PEER_ASN \
        --instance=ROUTER_APPLIANCE \
        --instance-zone=ROUTER_APPLIANCE_ZONE \
        --region=REGION
    

    Replace the following:

    • NAME: the name of the Cloud Router to update
    • PEER_NAME: the name of the BGP peering session to establish with the router appliance instance
    • INTERFACE: the name of the interface for this BGP peer
    • PEER_IP_ADDRESS: the internal IP address of the peer router (the router appliance instance)—this address must match the primary internal IP address for the VM's primary network interface (nic0)
    • PEER_ASN: the BGP autonomous system number (ASN) for this BGP peer—this ASN must be a 16-bit or 32-bit private ASN as defined in RFC 6996
    • ROUTER_APPLIANCE: the name of the VM acting as the router appliance instance
    • ROUTER_APPLIANCE_ZONE: the zone where the VM acting as the router appliance instance is located
    • REGION: the region where the VM acting as the router appliance instance is located

The following is an example of the sample configuration for router-app-a:

  gcloud beta compute routers add-bgp-peer cloud-router-a \
      --peer-name=router-appliance-bgp-peer-router-app-a-0 \
      --interface=router-appliance-interface-0 \
      --peer-ip-address=10.0.1.10 \
      --peer-asn=65001 \
      --instance=router-app-a \
      --instance-zone=us-west1-a \
      --region=us-west1
  gcloud beta compute routers add-bgp-peer cloud-router-a \
      --peer-name=router-appliance-bgp-peer-router-app-a-1 \
      --interface=router-appliance-interface-1 \
      --peer-ip-address=10.0.1.10 \
      --peer-asn=65001 \
      --instance=router-app-a \
      --instance-zone=us-west1-a \
      --region=us-west1

API

To create two BGP peers on the Cloud Router for router-app-a, use the compute.routers.patch method.

PATCH
https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/routers/NAME
{
  "bgpPeers": [
  {
    "name": "PEER_NAME",
    "interfaceName": "INTERFACE_NAME",
    "ipAddress": "IP_ADDRESS",
    "peerIpAddress": "PEER_IP_ADDRESS",
    "routerApplianceInstance": "https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zone/ROUTER_APPLIANCE_ZONE/instances/ROUTER_APPLIANCE_INSTANCE",
    "peerAsn": PEER_ASN,
  }
  {
    "name": "PEER_NAME",
    "interfaceName": "INTERFACE_NAME",
    "ipAddress": "IP_ADDRESS",
    "peerIpAddress": "PEER_IP_ADDRESS",
    "routerApplianceInstance": "https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zone/ROUTER_APPLIANCE_ZONE/instances/ROUTER_APPLIANCE_INSTANCE",
    "peerAsn": PEER_ASN
   }
 ]
}

Replace the following:

  • PROJECT_ID: the project ID for the Cloud Router
  • REGION: the region where the VM acting as the router appliance instance resides
  • NAME: the name of the Cloud Router to update
  • PEER_NAME: the name of the BGP peering session to establish with the router appliance instance
  • INTERFACE_NAME: the name of the Cloud Router interface to add the peer to
  • IP_ADDRESS: the RFC 1918 internal IP address to use for the Cloud Router interface
  • PEER_IP_ADDRESS: the internal IP address of the VM acting as a router appliance instance
  • ROUTER_APPLIANCE_INSTANCE: the name in URL format for the VM acting as the router appliance instance
  • ROUTER_APPLIANCE_ZONE: the zone where the VM acting as the router appliance instance resides
  • PEER_ASN: the BGP autonomous system number (ASN) for this BGP peer—this ASN must be a 16-bit or 32-bit private ASN as defined in RFC 6996

Following is an example of the sample configuration for router-app-a:

PATCH
https://compute.googleapis.com/compute/beta/projects/my-project/regions/us-west1/routers/cloud-router-a
{
  "bgpPeers": [
  {
    "name": "router-appliance-bgp-peer-router-app-a-0",
    "interfaceName": "router-appliance-interface-0",
    "ipAddress": "10.0.1.5",
    "peerIpAddress": "10.0.1.10",
    "routerApplianceInstance": "https://compute.googleapis.com/compute/v1/projects/my-project/zone/us-west1-a/instances/router-app-a",
    "peerAsn": 65001,
  }
  {
    "name": "router-appliance-bgp-peer-router-app-a-1",
    "interfaceName": "router-appliance-interface-1",
    "ipAddress": "10.0.1.6",
    "peerIpAddress": "10.0.1.10",
    "routerApplianceInstance": "https://compute.googleapis.com/compute/v1/projects/my-project/zone/us-west1-a/instances/router-app-a",
    "peerAsn": 65001
   }
 ]
}

Create BGP peers for router-app-b

As described previously, Cloud Router can establish BGP sessions to multiple VMs configured as router appliance instances. These VMs must all belong to the same subnet. To create this configuration, you create additional BGP peering sessions on the same Cloud Router interfaces.

The preceding section described how to set up BGP peering for router-app-a. This section describes how to additionally configure router-app-b as a BGP peer on both interfaces of Cloud Router cloud-router-a.

gcloud

To create two BGP peers on the Cloud Router for router-app-b, use the following commands.

  • Sample configuration for the first BGP peer:

    gcloud beta compute routers add-bgp-peer cloud-router-a \
        --peer-name=router-appliance-bgp-peer-router-app-b-0 \
        --interface=router-appliance-interface-0 \
        --peer-ip-address=10.0.1.11 \
        --peer-asn=65002 \
        --instance=router-app-b \
        --instance-zone=us-west1-a \
        --region=us-west1
    
  • Sample configuration for the second BGP peer:

    gcloud beta compute routers add-bgp-peer cloud-router-a \
        --peer-name=router-appliance-bgp-peer-router-app-b-1 \
        --interface=router-appliance-interface-1 \
        --peer-ip-address=10.0.1.11 \
        --peer-asn=65002 \
        --instance=router-app-b \
        --instance-zone=us-west1-a \
        --region=us-west1
    

API

To create two BGP peers on the Cloud Router for router-app-b, use the compute.routers.patch method.

Refer to this example of the sample configuration:

PATCH
https://compute.googleaps.com/compute/beta/projects/my-project/regions/us-west1/routers/cloud-router-a
{
  "bgpPeers": [
  {
    "name": "router-appliance-bgp-peer-router-app-b-0",
    "interfaceName": "router-appliance-interface-0",
    "ipAddress": "10.0.1.5",
    "peerIpAddress": "10.0.1.11",
    "routerApplianceInstance": "https://compute.googleapis.com/compute/v1/projects/my-project/zone/us-west1-a/instances/router-app-b",
    "peerAsn": 65002,
  }
  {
    "name": "router-appliance-bgp-peer-router-app-b-1",
    "interfaceName": "router-appliance-interface-1",
    "ipAddress": "10.0.1.6",
    "peerIpAddress": "10.0.1.11",
    "routerApplianceInstance": "https://compute.googleapis.com/compute/v1/projects/my-project/zone/us-west1-a/instances/router-app-b",
    "peerAsn": 65002
   }
 ]
}

Configuring BGP on the router appliance instance

To configure your router appliance instance for BGP connectivity to the Cloud Router, refer to the vendor documentation for your router appliance image.

What's next