Configure a hub

This page provides information about how to create a hub to which VPC spokes in a different project can be attached. It also provides details about how to select the preset options for mesh or star connectivity topologies for VPC spokes during hub creation.

As a hub administrator, you can update a spoke group by using the gcloud network-connectivity hubs groups update command. You can add a list of project IDs or project numbers to enable auto-accept for spokes. When auto-accept is enabled, the spoke from the auto-accept project is automatically connected to the hub without the need for individual spoke proposal review and goes into the ACTIVE state. For projects not included in the auto-accept list, the spoke remains in the INACTIVE state until you review and accept the spoke.

You can list the center and edge groups as nested resources for a specific hub by using the gcloud network-connectivity hubs groups list --hub command. For hubs created with the mesh topology, the output returns the default group. For hubs created with the star topology, the output returns center and edge groups.

Before you begin

Before you get started, review the following sections.

Create or select a project

To make it easier to configure Network Connectivity Center, start by identifying a valid project.

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Install the Google Cloud CLI.

To initialize the gcloud CLI, run the following command:

gcloud init

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Install the Google Cloud CLI.

To initialize the gcloud CLI, run the following command:

gcloud init

If you are using the Google Cloud CLI, set your project ID by using the gcloud config set command.
```
gcloud config set project PROJECT_ID
```
Replace PROJECT_ID with your unique project ID.

The gcloud CLI instructions on this page assume that you have set your project ID.
To confirm that you set the project ID correctly, use the gcloud config list command.
```
gcloud config list --format='text(core.project)'
```

Enable the Network Connectivity API

Before you can perform any tasks using Network Connectivity Center, you must enable the Network Connectivity API.

Console

To enable the Network Connectivity API:

In the Google Cloud console, go to the Network Connectivity Center page.

Go to Network Connectivity Center
Click Enable.

Alternatively, you can enable the API by using the Google Cloud console API Library, as described in Enabling APIs.

Get access

To work with Network Connectivity Center, you need the permissions described in Roles and permissions.

Identify resources

When you reference resources by using the gcloud CLI or the API, use the conventions described in the following table.

Convention	Supported for	Notes	Example
Full URI	All resources	Use one of these methods to reference router appliance instances.	"https://www.googleapis.com/compute/projects/`PROJECT_ID`/zones/`ZONE`/instances/`INSTANCE_NAME`"
Relative resource name	All resources		"projects/`PROJECT_ID`/zones/`ZONE`/instances/`INSTANCE_NAME`"
Name	Regional and global resources	Use this method for hubs, spokes, VPN tunnels, and VLAN attachments.	"`HUB_NAME`"

Permissions required for this task

To perform this task, you must have been granted the following permissions or the following IAM roles.

Permissions

networkconnectivity.hubs.create to create a hub
networkconnectivity.hubs.delete to delete a hub
networkconnectivity.hubs.listSpokes to list spokes
Additionally, if you are working in the Google Cloud console:
- networkconnectivity.hubs.get
- networkconnectivity.hubs.list
- networkconnectivity.spokes.list
- compute.projects.get

Roles

Hub & Spoke Admin (roles/networkconnectivity.hubAdmin)
If you are working in the Google Cloud console, Compute Network Viewer (roles/compute.networkViewer)

Create a hub

To create a hub, follow these steps.

Console

In the Google Cloud console, go to the Network Connectivity Center page.

Go to Network Connectivity Center
In the project menu, select a project.
Click Create hub.
Complete the Basic configuration section of the form:
1. Enter a Hub name.
2. Optional: Enter a Description.
3. Choose the preset topology type.
4. Optional: To add a label, click Add Item, and then enter a Key and Value.
5. Verify that the form displays the correct Project ID. If the project ID is incorrect, select a different project by using the menu at the top of the page.
In the Private Service Connect connection propagation section, enable or disable Private Service Connect connection propagation by clicking On or Off (Preview).
Do one of the following:
- If you want to create a spoke that is attached to this hub, click Next step and complete the spoke-creation section of the form. For instructions, see Create a VPC spoke.
- If you don't want to create a spoke right now, click Create to finish creating your new hub.

gcloud

To create a hub, use the gcloud network-connectivity hubs create command.

  gcloud network-connectivity hubs create hub HUB_NAME \
      --policy-mode="POLICY_MODE" \
      --preset-topology="TOPOLOGY_TYPE" \
      --description="DESCRIPTION" \
      --labels="KEY"="VALUE"

If you want to enable Private Service Connect propagated connection (Preview) globally for the Network Connectivity Center hub, use the --export-psc flag. This feature only applies to VPC spokes.

  gcloud network-connectivity hubs create HUB_NAME \
      --description="DESCRIPTION" \
      --labels="KEY"="VALUE" \
      --export-psc

Replace the following values:

HUB_NAME: the name of the new hub
POLICY_MODE: Optional: the policy mode to enable a preset topology, for example, PRESET
TOPOLOGY_TYPE: the preset topology type. The supported values are STAR or MESH. The default is MESH.
DESCRIPTION: optional text that describes the hub
KEY: the key in the key-value pair for the optional label text
VALUE: the value in the key-value pair for the optional label text

To enable Private Service Connect connection propagation on an existing hub, see Update a hub. If you want to disable the Private Service Connect connection propagation feature on existing hubs, use the --no-export-psc flag. Existing propagation connections are removed asynchronously.

API

To create a hub, use the networkconnectivity.hubs.create method.

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs
  {
    "name":"HUB_NAME",
    "description":"DESCRIPTION",
    "labels": {
      "KEY": "VALUE"
    }
  }

To choose a preset topology, use the same method and specify the topology:

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs
  {
    "name":"HUB_NAME",
    "description":"DESCRIPTION",
    "preset_topology": "TOPOLOGY_TYPE"
  }

If you want to enable Private Service Connect propagated connection (Preview) globally for the Network Connectivity Center hub, set the export-psc value to "true". This feature only applies to VPC spokes.

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs
  {
    "export_psc": true
  }

Replace the following values:

PROJECT_ID: the project ID of the project that contains the new hub
HUB_NAME: the name of the new hub
DESCRIPTION: optional text that describes the hub
KEY: the key in the key-value pair for the optional label text
VALUE: the value in the key-value pair for the optional label text
TOPOLOGY_TYPE: the preset topology type. The supported values are STAR or MESH. The default is MESH.

To enable Private Service Connect connection propagation on an existing hub, see Update a hub. If you want to disable the Private Service Connect connection propagation feature on an existing hub, set the export_psc value to "false". Existing propagation connections are removed asynchronously.

For detailed information about additional hub commands, such as list, describe, and update, see Work with hubs and spokes.

Manage auto-accept projects for spoke groups

To update auto-accept projects for a spoke group, follow these steps.

Console

In the Google Cloud console, go to Network Connectivity Center.

Go to Network Connectivity Center
In the project menu, select the project in which the hub resides.
Click the hub name for which you want to update the auto-accept projects.
On the Hub details page, under Groups, click Edit next to the group name. For mesh topology connectivity, there is a single default group. For star topology connectivity, the groups are center and edge.
On the Edit group pane, perform one of these steps:
- To add projects you want to auto-accept spokes from, click Add project ID and type the Project ID. To add more projects, click Add project ID.
- To remove a project ID from the auto-accept list, click Delete next to Project ID.
Click Save.

gcloud

To update a spoke group, use the gcloud network-connectivity hubs groups update command.

gcloud network-connectivity hubs groups update GROUP_NAME \
  --hub=HUB_NAME \
  --description=DESCRIPTION \
  --add-auto-accept-projects=PROJECT_NAME_1,PROJECT_NAME_2

Replace the following:

GROUP_NAME: the name of the group
HUB_NAME: the name of the hub
DESCRIPTION: optional text that describes the group
PROJECT_NAME_1, PROJECT_NAME_2: a comma-separated list of one or more project IDs or project numbers that you want to enable auto-accept for

To clear all projects from the auto-accept projects list, use the --clear-auto-accept-projects flag.

gcloud network-connectivity hubs groups update GROUP_NAME \
  --hub=HUB_NAME \
  --description=DESCRIPTION \
  --clear-auto-accept-projects

Replace the following:

GROUP_NAME: the name of the group
HUB_NAME: the name of the hub
DESCRIPTION: optional text that describes the hub

To remove specific projects from the auto-accept projects list, use the --remove-auto-accept-projects flag.

gcloud network-connectivity hubs groups update GROUP_NAME \
  --hub=HUB_NAME \
  --description=DESCRIPTION \
  --remove-auto-accept-projects=PROJECT_NAME_1,PROJECT_NAME_2

Replace the following:

GROUP_NAME: the name of the group
HUB_NAME: the name of the hub
DESCRIPTION: optional text that describes the hub
PROJECT_NAME_1, PROJECT_NAME_2: a comma-separated list of one or more project IDs or project numbers that you want to disable auto-accept for

API

To update auto-accept projects for a spoke group, use the

networkconnectivity.hubs.groups.update method.

  PATCH https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME/groups/GROUP_NAME/update
  {
   "auto_accept": {
       "auto_accept_projects": ["PROJECT_NAME_1","PROJECT_NAME_2"],
    }
  }

Replace the following:

PROJECT_ID: the project ID in which you created the hub
HUB_NAME: the name of the hub
GROUP_NAME: the name of the group
PROJECT_NAME_1, PROJECT_NAME_2: a comma-separated list of one or more project IDs or project numbers that you want to add or remove auto-accept for

Delete a hub

To delete a hub, follow these steps.

Before you can delete a hub, you must delete or reject all spokes attached to the hub. If the spoke is in a different project, you might not have permission to delete it. In that case, you must reject the spoke.

For steps to delete a spoke, see Delete a spoke.

Console

In the Google Cloud console, go to the Network Connectivity Center page.

Go to Network Connectivity Center
In the project menu, select a project.
Click the Hubs tab.
In the hub list, select the hub that you want to delete.
Click the Spoke tab. All the spokes that are attached to this hub are listed with their status.
From the list of active spokes, delete the active spokes. If you don't have permissions to delete the spoke, reject the spoke.
Click Delete hub.
In the confirmation dialog, do one of the following:
- Click Cancel if you don't want to delete the hub.
- Click Delete to delete the hub.

gcloud

To list all active spokes attached to the hub that you want to delete, use the gcloud network-connectivity hubs list-spokes command.
```
gcloud network-connectivity hubs list-spokes HUB_NAME \
    --filter="state:ACTIVE"
```
Replace HUB_NAME with the name of the hub that you want to delete.
Delete the active spokes. If you don't have permissions to delete the spoke, reject the spoke.
To delete a hub, use the gcloud network-connectivity hubs delete command.
```
gcloud network-connectivity hubs delete HUB_NAME
```
Replace HUB_NAME with the name of the hub.

API

To list all active spokes attached to the hub that you want to delete, use the networkconnectivity.hubs.listSpokes method.
```
 GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME:listSpokes
```
Replace the following values:
- PROJECT_ID: the project ID of the project that contains the hub for which you want to list spokes
- HUB_NAME: the name of the hub for which you want to list spokes
Delete the active spokes. If you don't have permissions to delete the spoke, reject the spoke.
To delete the hub, use the networkconnectivity.hubs.delete method.
```
 DELETE https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME
```
Replace the following values:
- PROJECT_ID: the project ID of the project that contains the hub to delete
- HUB_NAME: the name of the hub to delete

What's next

To create hubs and spokes, see Work with hubs and spokes.
To view a list of partners whose solutions are integrated with Network Connectivity Center, see Network Connectivity Center partners.
To find solutions for common issues, see Troubleshooting.
To get details about API and Google Cloud CLI commands, see APIs and reference.