Work with hubs and spokes

Stay organized with collections Save and categorize content based on your preferences.

This page describes how to list, create, describe, delete, and update Network Connectivity Center hubs and spokes.

For an introduction to Network Connectivity Center, see the Network Connectivity Center overview.

Before you begin

Before you get started, review the following sections.

Create or select a project

To make it easier to configure Network Connectivity Center, start by identifying a valid project.

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  4. Install the Google Cloud CLI.

  5. To initialize the gcloud CLI, run the following command: 

    gcloud init
    6.

  6. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  7. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  8. Install the Google Cloud CLI.

  9. To initialize the gcloud CLI, run the following command: 

    gcloud init
    10.

  1. If you are using the Google Cloud CLI, set your project ID by using the gcloud config set command.

    gcloud config set project PROJECT_ID

    Replace PROJECT_ID with your unique project ID.

    The gcloud CLI instructions on this page assume that you have set your project ID.

  1. To confirm that you set the project ID correctly, use the gcloud config list command.

    gcloud config list --format='text(core.project)'

Enable the Network Connectivity API

Before you can perform any tasks using Network Connectivity Center, you must enable the Network Connectivity API.

Console

To enable the Network Connectivity API:

  1. In the Google Cloud console, go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. Click Enable.

Alternatively, you can enable the API by using the Google Cloud console API Library, as described in Enabling APIs.

Get access

To work with Network Connectivity Center, you need the permissions described in Roles and permissions.

Identify resources

When you reference resources by using the gcloud CLI or the API, use the conventions described in the following table.

Convention Supported for Notes Example
Full URI All resources You must use one of these methods to reference router appliance instances. 
"https://www.googleapis.com/compute/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME"
Relative resource name All resources 
"projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME"
Name Regional and global resources This method can be used for hubs, spokes, VPN tunnels, and VLAN attachments. 
 "HUB_NAME"

Work with hubs

This section describes how to list, create, describe, and delete Network Connectivity Center hubs. You can also update a hub's labels or description.

Create a hub

To use Network Connectivity Center, you must create at least one hub and one spoke. You can create spokes at the same time that you create hubs, or you can add the spokes later.

When you create a hub, you can optionally apply labels to the hub. For more information about labels, see Requirements for labels.

For information about the maximum number of spokes permitted per project, see Quotas and limits.

Console

  1. In the Google Cloud console, go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project pull-down menu, select a project.

  3. Click Create hub.

  4. Complete the Basic configuration section of the form:

    1. Enter a Hub name.
    2. Optional: Enter a Description.
    3. Optional: To add a label, click Add Item, and then enter a Key and Value.
    4. Verify that the form displays the correct Project ID. If the project ID is incorrect, select a different project by using the pull-down menu at the top of the page.

  5. Do one of the following:

gcloud

To create a hub, use the gcloud network-connectivity hubs create command.

  gcloud network-connectivity hubs create HUB_NAME \
    --description="DESCRIPTION" \
    --labels="KEY"="VALUE"

Replace the following values:

  • HUB_NAME: the name of the new hub
  • DESCRIPTION: optional text that describes the hub
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text

API

To create a hub, use the networkconnectivity.hubs.create method.

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs
  {
    "name":"HUB_NAME",
    "description":"DESCRIPTION",
    "labels": {
      "KEY": "VALUE"
    }
  }

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the new hub
  • HUB_NAME: the name of the new hub
  • DESCRIPTION: optional text that describes the hub
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text

List hubs

To list the hubs associated with a project, use the following guidance.

Console

  1. In the Google Cloud console, go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project pull-down menu, select a project.

    The page lists all hubs associated with the project, along with the following information about each hub:

    • The name of the hub
    • The description of the hub
    • Any labels that have been applied to the hub
    • The number of spokes associated with the hub
    • The types of spokes associated with the hub

gcloud

To list the hubs associated with a project, use the gcloud network-connectivity hubs list command.

  gcloud network-connectivity hubs list

The command output includes the name and description of each hub.

API

To list the hubs associated with a project, use the networkconnectivity.hubs.list method.

  GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs

Replace PROJECT_ID with the project ID of the project that contains the hubs to list.

For each hub, this method returns the following details:

  • The name of the hub
  • A timestamp that shows when the hub was created
  • A timestamp of the last update
  • Any labels applied to the hub
  • The description of the hub, if one exists
  • The unique ID of the hub
  • The state of the hub
  • A list of routingVpcs, which are VPC networks associated with the spokes for the hub

Describe a hub

Use the following guidance to retrieve details about a project's hub.

Console

  1. In the Google Cloud console, go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project pull-down menu, select a project to view information about that project's hub.

  3. To view details about the hub's spokes, click the Spokes tab.

gcloud

To get detailed information about an existing hub, use the gcloud network-connectivity hubs describe command.

gcloud network-connectivity hubs describe HUB_NAME

Replace HUB_NAME with the name of the hub.

Output from this command includes the following information:

  • The time the hub was created
  • The hub's description
  • Any labels applied to the hub
  • The VPC networks (routingVpcs) that are associated with this hub's spoke resources
  • The hub's unique identifier
  • The time the hub was last updated

If you want information about the spokes attached to a hub, see List spokes and Describe a spoke.

API

To get detailed information about an existing hub, use the networkconnectivity.hubs.get method.

  GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the hubs to describe
  • HUB_NAME: the name of the hub to describe

Output from this command includes the following information:

  • The time the hub was created
  • The hub's description
  • Any labels applied to the hub
  • The VPC networks (routingVpcs) that are associated with this hub's spoke resources
  • The hub's unique identifier
  • The time the hub was last updated

The following snippet illustrates a typical response to this API call:

 {
   "name": "projects/myproject/locations/global/hubs/myhub",
   "createTime": "2021-08-29T23:40:25.844970812Z",
   "updateTime": "2021-08-30T04:20:36.738801209Z",
   "labels": {
     "environment": "test"
   },
   "description": "in review",
   "uniqueId": "d6d3e375-4224-4352-a3b6-776042419430",
   "state": "ACTIVE",
   "routingVpcs": [ {
     "uri": "https://www.googleapis.com/compute/v1/projects/myproject/global/networks/myvpcnetwork"
   } ]
 }

If you want information about the spokes attached to a hub, see List spokes and Describing a spoke.

Update a hub

After a hub has been created, you can add or change either of the following:

  • The labels applied to the hub; for information about labels, see Requirements for labels
  • The description of the hub

No other changes to an existing hub are permitted.

Console

  1. In the Google Cloud console, go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project pull-down menu, select a project.

  3. Click the name of the hub that you want to modify.

  4. On the Hub details page, click Edit hub.

  5. Update the hub description and/or labels.

  6. Click Save.

gcloud

To update a hub's description or add labels to a hub, use the gcloud network-connectivity hubs update command.

  gcloud network-connectivity hubs update HUB_NAME \
    --description="DESCRIPTION" \
    --update-labels="KEY"="VALUE"

Replace the following values:

  • HUB_NAME: the name of the hub
  • DESCRIPTION: an optional new description for the hub
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text

To remove one or more labels, use the --remove-labels flag. To remove all labels, use the --clear-labels flag. For more information, see the gcloud network connectivity hubs update command.

API

To update a hub's description or add labels to a hub, use the networkconnectivity.hubs.patch method.

  PATCH https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME
  {
    "description": "DESCRIPTION",
    "labels": {
      "KEY": "VALUE"
    }
  }

Replace the following values:

  • PROJECT_ID: the ID of the project that contains the hub
  • HUB_NAME: the name of the hub
  • DESCRIPTION: an optional description of the hub
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text

Delete a hub

Before you can delete a hub, you must delete its spokes, as described in Delete a spoke.

Console

  1. In the Google Cloud console, go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project pull-down menu, select a project.

  3. Click Delete hub.

  4. In the confirmation dialog, do one of the following:

    • Click Cancel if you don't want to delete the hub.
    • Click Delete to delete the hub.

gcloud

To delete a hub, use the gcloud network-connectivity hubs delete command.

  gcloud network-connectivity hubs delete HUB_NAME

Replace HUB_NAME with the name of the hub.

API

To delete a hub, use the networkconnectivity.hubs.delete method.

  DELETE https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the hub to delete
  • HUB_NAME: the name of the hub to delete

Work with spokes

This section describes how to list, create, describe, delete, and update Network Connectivity Center spokes.

Spoke guidelines

When you create a spoke, you specify the type of Google Cloud network resource that you plan to associate with the spoke.

  • For a list of supported resource types, see the Spokes section of the Network Connectivity Center overview.
  • For the number of resources that you can associate with a spoke, see the Quotas and limits page.

We recommend creating spokes in the region closest to the site that the spoke connects to. A site could be an on-premises data center, a branch office, or another cloud provider.

Requirements

You must create each spoke in the same Google Cloud region as the Network Connectivity resource that you want to associate with the spoke. For example, suppose you have a VPN tunnel that uses an HA VPN gateway in us-central1. If you want to create a spoke that uses this tunnel, you must create the spoke in us-central1.

Limitations

After you create a spoke, many of its attributes cannot be changed. If you want to modify an attribute that cannot be changed, you must delete the spoke and re-create it.

For example, the following attributes cannot be changed:

  • The value of the site-to-site data transfer field.

  • The HA VPN tunnels or VLAN attachments associated with the spoke.

  • The VPC network associated with the spoke's backing resources. This limitation is relevant only to Router appliance spokes, because they have modifiable resources.

For a list of spoke attributes that can be changed after the spoke is created, see Update a spoke.

Recommendations for attaching multiple resources to a spoke

When creating a spoke, you can add more than one resource, but all resources must be of the same type. For example, you can add multiple HA VPN tunnels, but you can't add HA VPN tunnels and VLAN attachments.

Also, for VLAN attachments and VPN tunnels, the following restriction exists: although a spoke can be associated with multiple resources, each resource can be associated with only one spoke. In contrast, a router appliance instance can be associated with multiple spokes if it has interfaces in multiple VPC networks, and if the site-to-site data transfer field is set to false. However, each interface can be associated with only one spoke.

Additionally, see the resource-specific recommendations described in the sections Create a Router appliance spoke, Create a VLAN attachment spoke, and Create a VPN spoke.

ASN spoke assignment

You must assign ASNs as described in ASN requirements.

Validate spoke resources

Before you create a spoke, the corresponding resource must be configured correctly. For more information, see the resource-specific recommendations described in the sections Create a Router appliance spoke, Create a VLAN attachment spoke, and Create a VPN spoke.

Create a Router appliance spoke

If you are using a Router appliance spoke to connect to sites outside of Google Cloud, use the following guidance:

  • Unlike VLAN attachments and VPN spokes, a Router appliance spoke doesn't have to be associated with a single location outside of Google Cloud. However, because router appliance instances are regional resources, we recommend that you configure them to receive data from nearby locations.

  • If you configure multiple router appliance instances to receive data from the same set of sites, we recommend that you associate those instances with the same spoke.

If you are using a Router appliance spoke for site-to-site data transfer, use the following guidance:

  • If you link multiple router appliance instances to a spoke, be aware that Network Connectivity Center doesn't provide site-to-site data transfer between those instances. To use site-to-site data transfer, you must set up multiple spokes. In response, Network Connectivity Center permits data transfer between those spokes.

After you create a Router appliance spoke, you must set up BGP peering between the router appliance instance and a Cloud Router located in the same region. For details, see Create router appliance instances.

For information about configuring the resources that are required to create a Router appliance spoke, see the following documentation:

Console

Enter basic spoke details

  1. In the Google Cloud console, go to the Network Connectivity Center page.
    2. Go to Network Connectivity Center
  2. In the project pull-down menu, select a project.
  3. Click the Spokes tab.
  4. Click Add spokes.
  5. In the New spoke form, set the Spoke type.
  6. Enter a Spoke name and optionally, a Description.
  7. Select the Region field for the new spoke.
  8. Under Site-to-site data transfer, select On or Off. If the region you selected does not support data transfer, the field is disabled. For more information about this use case, see Site-to-site data transfer overview.
  9. In the VPC network drop-down list, select a network. If you have more than one spoke that uses the data transfer feature, all of these spokes must be in the same VPC network. So if you have already created a spoke that uses data transfer, the VPC network value is prepopulated and cannot be changed.

Enter router appliance details

  1. Choose a router appliance instance:
    1. Click Add instance.
    2. From the Instances drop-down menu, select an existing router appliance instance.
  2. To add more router appliance instances to this spoke, repeat the preceding step. When you are finished, click Done and continue to Save your spoke.

Save your spoke

  1. If you want to add more spokes, click Add spoke and begin the process again, starting with entering a Spoke name.
  2. When you are finished adding spokes, click Create. The Network Connectivity Center page updates to show details about the spokes that you created.

gcloud

To create a Router appliance spoke, use the gcloud network-connectivity spokes linked-router-appliances create command.

For example, to create a spoke that has two router appliance instances and uses site-to-site data transfer, run the following command:

  gcloud network-connectivity spokes linked-router-appliances create NAME \
    --hub=HUB_NAME \
    --description="DESCRIPTION" \
    --router-appliance=instance="ROUTER_APPLIANCE_URI",ip=IP_ADDRESS \
    --router-appliance=instance="ROUTER_APPLIANCE_URI_2",ip=IP_ADDRESS_2 \
    --region=REGION \
    --labels="KEY"="VALUE" \
    --site-to-site-data-transfer

Replace the following values:

  • NAME: the name of the spoke
  • HUB_NAME: the name of the hub
  • DESCRIPTION: optional text that describes the spoke
  • ROUTER_APPLIANCE_URI: the URI of the first router appliance instance—for example, 
    https://www.googleapis.com/compute/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME
  • IP_ADDRESS: the internal IP address of the first router appliance instance
  • ROUTER_APPLIANCE_URI_2: the URI of the second router appliance instance
  • IP_ADDRESS_2: the internal IP address of the second router appliance instance
  • REGION: the Google Cloud region where the spoke is located—for example, us-west1
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text

Use the site-to-site-data-transfer flag if you want to enable data transfer for the spoke. For more information about this use case, see Site-to-site data transfer overview.

API

To create a Router appliance spoke, use the networkconnectivity.spokes.create method. For example, to create a spoke that contains two router appliance instances, use the following request:

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes/SPOKE_NAME
  {
    "hub": "HUB_NAME",
    "labels": {"KEY": "VALUE"},
    "linkedRouterApplianceInstances": {
      "instances": [
        {
          "virtualMachine": "ROUTER_APPLIANCE_URI",
          "ipAddress": "IP_ADDRESS",
        },
        {
          "virtualMachine": "ROUTER_APPLIANCE_URI_2,
          "ipAddress": "IP_ADDRESS_2",
        }
      ],
      "siteToSiteDataTransfer": BOOLEAN
    }
  }

Replace the following values:

  • PROJECT_ID: the project ID of your project
  • REGION: the Google Cloud region where you want to locate the spoke—for example, us-west1
  • SPOKE_NAME: the name for the spoke
  • HUB_NAME: the name of the hub that you are attaching the spoke to
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text
  • ROUTER_APPLIANCE_URI: the URI of the first router appliance instance—for example, 
    https://www.googleapis.com/compute/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME
  • IP_ADDRESS: the internal IP address of the first router appliance instance
  • ROUTER_APPLIANCE_URI_2: the URI of the second router appliance instance
  • IP_ADDRESS_2: the internal IP address of the second router appliance instance

Create a VLAN attachment spoke

Before creating VLAN attachment spokes, consider the following guidelines:

  • If you have either Dedicated Interconnect or Partner Interconnect connections configured in a redundant configuration to the same site, you should configure both connections together as a single spoke. The redundant VLAN attachments associated with these Interconnect connections must be located in the same Google Cloud region. For more information about redundant configurations, see Best practices for Cloud Interconnect.
  • If you want to use Interconnect connections from different regions, you must configure them as different spokes.

For information about configuring the resources that are required to create a VLAN attachment spoke, see the following documentation:

For information about verifying VLAN attachment resources, see the following documentation:

Console

Enter basic spoke details

  1. In the Google Cloud console, go to the Network Connectivity Center page.
    2. Go to Network Connectivity Center
  2. In the project pull-down menu, select a project.
  3. Click the Spokes tab.
  4. Click Add spokes.
  5. In the New spoke form, set the Spoke type.
  6. Enter a Spoke name and optionally, a Description.
  7. Select the Region field for the new spoke.
  8. Under Site-to-site data transfer, select On or Off. If the region you selected does not support data transfer, the field is disabled. For more information about this use case, see Site-to-site data transfer overview.
  9. In the VPC network drop-down list, select a network. If you have more than one spoke that uses the data transfer feature, all of these spokes must be in the same VPC network. So if you have already created a spoke that uses data transfer, the VPC network value is prepopulated and cannot be changed.

Enter VLAN attachment details

  1. Choose a VLAN attachment:
    1. Click Add attachment.
    2. From the VLAN attachment drop-down menu, select an existing attachment.
  2. To add more attachments to this spoke, repeat the preceding step. When you are finished, click Done and continue to Save your spoke.

Save your spoke

  1. If you want to add more spokes, click Add spoke and begin the process again, starting with entering a Spoke name.
  2. When you are finished adding spokes, click Create. The Network Connectivity Center page updates to show details about the spokes that you created.

gcloud

To create a VLAN attachment spoke, use the gcloud network-connectivity spokes linked-interconnect-attachments create command.

For example, to create a spoke that has two VLAN attachments and uses site-to-site data transfer, run the following command:

  gcloud network-connectivity spokes linked-interconnect-attachments create SPOKE_NAME \
    --hub=HUB_NAME \
    --description="DESCRIPTION" \
    --interconnect-attachments=VLAN_ATTACHMENT_NAME,VLAN_ATTACHMENT_NAME_2 \
    --region=REGION \
    --labels="KEY"="VALUE"
    --site-to-site-data-transfer

Replace the following values:

  • SPOKE_NAME: the name for the spoke
  • HUB_NAME: the name of the hub, in URI format, that you are attaching the spoke to—for example,
    projects/myproject/locations/global/hubs/us-west-to-uk
  • DESCRIPTION: optional text that describes the spoke
  • VLAN_ATTACHMENT_NAME: the name of the first VLAN attachment to add to the spoke
  • VLAN_ATTACHMENT_NAME_2: the name of the second VLAN attachment; if you include a second attachment, make sure you omit a space between the comma and the name of the attachment
  • REGION: the Google Cloud region where the spoke is located
  • KEY: the key in the key-value pair for the label text
  • VALUE: the value in the key-value pair for the label text

Use the site-to-site-data-transfer flag if you want to enable data transfer for the spoke. For more information about this use case, see Site-to-site data transfer overview.

API

To create a VLAN attachment spoke, use the networkconnectivity.spokes.create method. For example, to create a spoke that contains two VLAN attachments, use the following request:

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes/SPOKE_NAME
  {
    "hub": "HUB_NAME",
    "labels": {"KEY": "VALUE"},
    "linkedInterconnectAttachments": {
      "uris": [
        "VLAN_ATTACHMENT_NAME",
        "VLAN_ATTACHMENT_NAME_2"
      ],
      "siteToSiteDataTransfer": BOOLEAN
    }
  }

Replace the following values:

  • PROJECT_ID: the project ID of your project
  • REGION: the Google Cloud region where you want to locate the spoke—for example, us-west1
  • SPOKE_NAME: the name for the spoke
  • HUB_NAME: the name of the hub that you are attaching the spoke to
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text
  • VLAN_ATTACHMENT_NAME: the name of the first VLAN attachment to add to the spoke
  • VLAN_ATTACHMENT_NAME_2: the name of the second VLAN attachment
  • BOOLEAN: a value that determines whether site-to-site data transfer is enabled for this spoke; for more information about this use case, see Site-to-site data transfer overview

Create a VPN spoke

Before creating VPN spokes, consider the following guidelines:

  • When linking HA VPN tunnels to a spoke, we recommend that all tunnels connecting to a single site be configured together as a single spoke. The reverse is also true; two tunnels connecting to two different sites should be attached to different spokes. For example, suppose you want to connect an office in Dallas with an office in Tokyo. The tunnel that connects to Dallas must be part of a different spoke than the one that connects your VPC network to Tokyo.

  • When linking HA VPN tunnels to a spoke, you can't connect HA VPN gateways in different regions to each other in the same Google Cloud project. This is a limitation of HA VPN, not a limitation of Network Connectivity Center.

For information about configuring the resources that are required to create a VPN spoke, see the following documentation:

For information about verifying VPN resources, see Checking HA VPN status.

Console

Enter basic spoke details

  1. In the Google Cloud console, go to the Network Connectivity Center page.
    2. Go to Network Connectivity Center
  2. In the project pull-down menu, select a project.
  3. Click the Spokes tab.
  4. Click Add spokes.
  5. In the New spoke form, set the Spoke type.
  6. Enter a Spoke name and optionally, a Description.
  7. Select the Region field for the new spoke.
  8. Under Site-to-site data transfer, select On or Off. If the region you selected does not support data transfer, the field is disabled. For more information about this use case, see Site-to-site data transfer overview.
  9. In the VPC network drop-down list, select a network. If you have more than one spoke that uses the data transfer feature, all of these spokes must be in the same VPC network. So if you have already created a spoke that uses data transfer, the VPC network value is prepopulated and cannot be changed.

Enter VPN tunnel details

  1. Set the Spoke type drop-down list to VPN tunnels.
  2. Select the Region for the spoke.
  3. Choose a tunnel:
    1. Click Add tunnel.
    2. From the VPN tunnels drop-down menu, select an existing tunnel.
  4. To add more tunnels to this spoke, repeat the preceding step. When you are finished, click Done and continue to Save your spoke.

Save your spoke

  1. If you want to add more spokes, click Add spoke and begin the process again, starting with entering a Spoke name.
  2. When you are finished adding spokes, click Create. The Network Connectivity Center page updates to show details about the spokes that you created.

gcloud

To create a spoke that contains an HA VPN tunnel, use the gcloud network-connectivity spokes linked-vpn-tunnels create command.

For example, to create a spoke that has two HA VPN tunnels and uses site-to-site data transfer, enter the following command:

  gcloud network-connectivity spokes linked-vpn-tunnels create SPOKE_NAME \
    --hub=HUB_NAME \
    --description="DESCRIPTION" \
    --vpn-tunnels=TUNNEL_NAME,TUNNEL_NAME_2 \
    --region=REGION
    --labels="KEY"="VALUE"
    --site-to-site-data-transfer

Replace the following values:

  • SPOKE_NAME: the name for the spoke
  • HUB_NAME: the name of the hub, in URI format, that you are attaching the spoke to—for example,
    projects/PROJECT_ID/locations/global/hubs/us-west-to-uk
  • DESCRIPTION: optional text that describes the spoke—for example, us-vpn-spoke
  • TUNNEL_NAME: the name of the first HA VPN tunnel to add to the spoke
  • TUNNEL_NAME_2: the name of the second HA VPN tunnel; if you use a second tunnel, make sure you omit a space between the comma and the name of second tunnel
  • REGION: the Google Cloud region where the spoke is located
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text

Use the site-to-site-data-transfer flag if you want to enable data transfer for the spoke. For more information about this use case, see Site-to-site data transfer overview.

API

To create a VPN spoke, use the networkconnectivity.spokes.create method. For example, to create a spoke that contains two HA VPN tunnels, use the following request:

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes/SPOKE_NAME
  {
    "hub": "HUB_NAME",
    "labels": {"KEY": "VALUE"},
    "linkedVpnTunnels": {
      "uris": [
        "TUNNEL_NAME",
        "TUNNEL_NAME_2"
      ],
      "siteToSiteDataTransfer": BOOLEAN
    }
  }

Replace the following values:

  • PROJECT_ID: the project ID of your project
  • REGION: the Google Cloud region where you want to locate the spoke—for example, us-west1
  • SPOKE_NAME: the name for the spoke
  • HUB_NAME: the name of the hub that you are attaching the spoke to
  • KEY: the key in the key-value pair for the optional label text
  • VALUE: the value in the key-value pair for the optional label text
  • TUNNEL_NAME: the name of the first HA VPN tunnel to add to the spoke
  • TUNNEL_NAME_2: the name of the second HA VPN tunnel
  • BOOLEAN: a value that determines whether site-to-site data transfer is enabled for this spoke; for more information about this use case, see Site-to-site data transfer overview

List spokes

This set of commands lists spokes in the specified region. See also Describing a hub.

gcloud

To list existing spokes, use the gcloud network-connectivity spokes list command.

gcloud network-connectivity spokes list \
--region=REGION

Replace REGION with the appropriate region.

API

To list existing spokes, use the networkconnectivity.spokes.list method.

  GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the spokes to list
  • REGION: the region where the spoke is located—for example, us-west1

To get an aggregated list of existing spokes, where the values of multiple rows are grouped together to form a single summary value, use the networkconnectivity.spokes.list method with a hyphen (-) after locations as a wildcard.

  GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/-/spokes

Describe a spoke

To get detailed information about an existing spoke, use the following guidance.

Console

  1. Go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project pull-down menu, select a project.

  3. Click the Spokes tab.

  4. In the Spoke name column, select a spoke to view the Spoke details page.

gcloud

To describe a spoke, use the gcloud network-connectivity spokes describe command.

  gcloud network-connectivity spokes describe SPOKE_NAME \
    --region=REGION

Replace the following values:

  • SPOKE_NAME: the name of the spoke
  • REGION: the region where the spoke is located

API

To describe a spoke, use the networkconnectivity.spokes.get method.

 GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes/SPOKE_NAME

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the spoke
  • REGION: the region where the spoke is located—for example, us-west1
  • SPOKE_NAME: the name of the spoke

Update a spoke

After a spoke has been created, you can update the following:

  • The spoke's description
  • The labels applied to the spoke; for information about labels, see Requirements for labels
  • If the spoke is a Router appliance spoke, you can change its underlying resources; however, the new resources must be in the same VPC network as the original resources

Console

To change the resources used by a Router appliance spoke, complete the following steps:

  1. Go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project pull-down menu, select a project.

  3. Click the Spokes tab.

  4. Click the name of the spoke that you want to modify.

  5. Do either of the following:

    • To add resources, click Add instances and follow the prompts to select one or more VMs. When you are finished, click OK.
    • To remove resources, select the VMs that you want to remove and click Remove instances. In the confirmation dialog, click OK.

gcloud

To update a spoke, use one of the following commands:

Update description and labels

To update a Router appliance spoke's description and label, run the following command:

  gcloud network-connectivity spokes linked-router-appliances update SPOKE_NAME \
    --description="DESCRIPTION" \
    --region=REGION \
    --update-labels="KEY"="VALUE"

Replace the following values:

  • SPOKE_NAME: the name of the spoke to update
  • DESCRIPTION: a new description for the spoke
  • REGION: the Google Cloud region where the spoke is located—for example, us-west1
  • KEY: the key in the key-value pair
  • VALUE: the value in the key-value pair

Update a Router appliance spoke's underlying resources

If needed, you can update a Router appliance spoke to use a different router appliance instance, as long as the new resource is in the same VPC network as the original one. To replace the existing resource with a new one, run the following command:

  gcloud network-connectivity spokes linked-router-appliances update SPOKE_NAME \
     --region=REGION \
     --router-appliance=instance="ROUTER_APPLIANCE_URI",ip=IP_ADDRESS

Replace the following values:

  • SPOKE_NAME: the name of the spoke
  • REGION: the Google Cloud region where the spoke is located—for example, us-west1
  • ROUTER_APPLIANCE_URI: the URI of the new router appliance instance to associate with the spoke—for example, 
    "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME"
  • IP_ADDRESS: the internal IP address of the new router appliance instance

API

To update a spoke, use the networkconnectivity.spokes.patch method.

Update description and labels

To update a Router appliance spoke's description and label, use the following request:

 PATCH https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes/SPOKE_NAME
 {
   "description": "DESCRIPTION"
   "labels": {
     "KEY": "VALUE"
   }
 }

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the spoke
  • REGION: the region where the spoke is located—for example, us-west1
  • SPOKE_NAME: the name of the spoke to update
  • DESCRIPTION: a new description for the spoke
  • KEY: the key in the key-value pair
  • VALUE: the value in the key-value pair

Update a Router appliance spoke's underlying resources

If needed, you can update a Router appliance spoke to use a different router appliance instance, as long as the new resource is in the same VPC network as the original one. To replace the existing resource with a new one, use the following request:

 PATCH https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes/SPOKE
 {
   "linkedRouterApplianceInstances": {
     "instances": [
       {
         "virtualMachine": "ROUTER_APPLIANCE_URI",
         "ipAddress": "IP_ADDRESS",
       }
     ]
   }
 }

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the spoke
  • REGION: the region where the spoke is located—for example, us-west1
  • SPOKE: the name of the spoke
  • ROUTER_APPLIANCE_URI: the URI of the new router appliance instance to associate with the spoke—for example, 
    "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME"
  • IP_ADDRESS: the internal IP address of the new router appliance instance

Delete a spoke

When you delete a spoke, you also detach the resources from that spoke. That is, deleting a spoke does not delete the resources; it only disassociates them from the spoke.

Console

  1. Go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project pull-down menu, select a project.

  3. Click the Spokes tab.

  4. View the list of Spoke names for the project.

  5. Select the spokes to delete.

  6. Click Delete spokes.

  7. In the confirmation dialog, do one of the following:

    • Click Cancel if you don't want to delete the spokes.
    • Click Delete to delete the spokes.

gcloud

To delete a spoke, use the gcloud network-connectivity spokes delete command.

  gcloud network-connectivity spokes delete SPOKE_NAME \
    --region=REGION

Replace the following values:

  • SPOKE_NAME: the name of the spoke to delete
  • REGION: the region where the spoke is located; this option is required in addition to the region listed in the full spoke name

API

To delete an existing spoke, use the networkconnectivity.spokes.delete method.

  DELETE https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes/SPOKE_NAME

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the spoke to delete
  • REGION: the region where the spoke is located—for example, us-west1
  • SPOKE_NAME: the name of the spoke to delete

What's next