Best practices for Cloud Router
Use the following best practices to help build your network topology:
- If your on-premises Border Gateway Protocol (BGP) device supports Bidirectional Forwarding Detection (BFD), enable it on your on-premises BGP device and on the Cloud Router to provide a high-availability network link that can respond faster to link failures.
- If your peer router supports it, consider enabling MD5 authentication on your BGP sessions. By default, BGP sessions are unauthenticated.
- Enable graceful restart on your on-premises BGP device. With graceful restart, traffic between networks isn't disrupted in the event of a Cloud Router or on-premises BGP device failure as long as the BGP session is re-established within the graceful restart period.
- If graceful restart is not supported or enabled on your device, configure two on-premises BGP devices with one tunnel each to provide redundancy. If you don't configure two separate on-premises devices, Cloud VPN tunnel traffic can be disrupted in the event of a Cloud Router or an on-premises BGP device failure.
- For high reliability, set up redundant routers and BGP sessions even if your on-premises device supports graceful restart. In the event of non-transient failures, you are protected even if one path fails. For more information, see Redundant Cloud VPN tunnels.
- To use dynamic routing to connect your on-premises network to multiple Google Cloud projects, see the scenarios for VPC Network Peering and Shared VPC.
- To ensure that you do not exceed Cloud Router limits, use Cloud Monitoring to create alerting policies. For example, you can use the metrics for learned routes to create alerting policies for the limits for learned routes.
- To become familiar with Cloud Router terminology, see Key terms.