Propose a VPC spoke in a different project

When you create a spoke, you must associate it with a hub. If your spoke is in a different project from the hub, the hub administrator must approve your proposed spoke before it can become active. To create a VPC spoke that you want to connect to a hub in a different project, follow these steps.

For information about how to work with spokes including creating, listing, updating, and deleting spokes, see Work with spokes.

Before you begin

Before you get started, review the following sections.

Create or select a project

To make it easier to configure Network Connectivity Center, start by identifying a valid project.

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Install the Google Cloud CLI.
  5. To initialize the gcloud CLI, run the following command:

    gcloud init
  6. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  7. Make sure that billing is enabled for your Google Cloud project.

  8. Install the Google Cloud CLI.
  9. To initialize the gcloud CLI, run the following command:

    gcloud init
  1. If you are using the Google Cloud CLI, set your project ID by using the gcloud config set command.

    gcloud config set project PROJECT_ID

    Replace PROJECT_ID with your unique project ID.

    The gcloud CLI instructions on this page assume that you have set your project ID.

  1. To confirm that you set the project ID correctly, use the gcloud config list command.

    gcloud config list --format='text(core.project)'

Enable the Network Connectivity API

Before you can perform any tasks using Network Connectivity Center, you must enable the Network Connectivity API.

Console

To enable the Network Connectivity API:

  1. In the Google Cloud console, go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. Click Enable.

Alternatively, you can enable the API by using the Google Cloud console API Library, as described in Enabling APIs.

Console

  1. In the Google Cloud console, go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project menu, select a project in which you want to create the spoke.

  3. Click the Spokes tab.

  4. Click Add spokes.

  5. In the Select hub section, to attach the new spoke to a hub in another
    project, select the hub location as In another project.

  6. Enter the Project ID and the Hub name to which you want to attach your new spoke.

  7. Enter a Spoke name and optionally, a Description.

  8. For Spoke type, the following options are available:

    • For a hub in a different project, the default Spoke type is VPC spoke.
    • For a hub in the same project, allowed spoke types are determined by pre-existing spoke types.
    • If there are no spokes, you can select any spoke type, although the preselected option is Cloud VPN tunnel.
  9. To add a VPC network to the spoke, select the VPC network from the list.

  10. Optionally, you can add a VPC spoke filter to customize how routes are advertised by entering an IP address range to exclude export from the spoke to hub. You cannot change this filter after the spoke is created.

  11. Click Done.

  12. If you want to add more spokes, click Add spoke and begin the process again, starting with entering a Spoke name.

  13. When you are finished adding spokes, click Create. The Network Connectivity Center page updates to show details about the spokes that you created.

    The spoke status remains Inactive until the hub administrator reviews and accepts your proposed spoke.

gcloud

To create a VPC spoke, use the gcloud network-connectivity spokes linked-vpc-network create command.

gcloud network-connectivity spokes linked-vpc-network create SPOKE_NAME \
  --hub=HUB_URI \
  --global \
  --vpc-network=VPC_URI \
  --exclude-export-filters=[CIDR_RANGE]

Replace the following:

  • SPOKE_NAME: a name for the spoke that you are creating
  • HUB_URI: the URI of a hub in a different project that you want to create the spoke in
  • VPC_URI: the VPC network that this spoke points to The VPC_URI should be in the same project as the spoke
  • [CIDR_RANGE]: IP ranges to be excluded from exporting to the hub (up to 16 CIDR ranges), such as 10.1.0.0/16, 192.168.0.0/24, 172.16.1.1/32 The specified ranges must be longer than or equal to the individually configured subnets within the VPC

API

To create a VPC spoke, use the networkconnectivity.spokes.create method.

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/spokes
  {
    "name":"NAME",
    "hub":"HUB_URI",
    "linkedVpcNetwork": {
       "uri": VPC_URI,
       "exclude_export_ranges": "[CIDR_RANGE]",
    },
  }

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the new spoke
  • HUB_URI: the full hub URI including the project, since the hub is in a different project from the spoke
  • VPC_URI: The VPC network that this spoke points to, such as vpc_uri
  • [CIDR_RANGE]: IP ranges to be excluded from exporting to the hub (up to 16 CIDR ranges), such as 10.1.0.0/16, 192.168.0.0/24, 172.16.1.1/32. The specified ranges must be longer than or equal to the individually configured subnets within the VPC.

What's next