Stay organized with collections
Save and categorize content based on your preferences.
Best practices for Cloud Router
When working with Cloud Router, use the following best practices.
If your on-premises Border Gateway Protocol (BGP) router supports Bidirectional Forwarding Detection (BFD),
enable it on your on-premises BGP device and on the Cloud Router to
provide a high-availability network link that can respond faster to link
failures.
If your peer router supports it, consider enabling MD5 authentication on
your BGP sessions. By default, BGP sessions are unauthenticated.
Enable graceful restart on your on-premises BGP device. With graceful
restart, traffic between networks isn't disrupted in the event of a
Cloud Router or on-premises BGP device failure as long as the BGP
session is re-established within the graceful restart period.
If graceful restart is not supported or enabled on your device, configure
two on-premises BGP devices with one tunnel each to provide redundancy. If you
don't configure two separate on-premises devices, Cloud VPN tunnel traffic
can be disrupted in the event of a Cloud Router or an on-premises BGP
device failure.
If appropriate, you can manually configure custom
learned routes and apply them to a BGP session. Dynamic routes created
from custom learned routes are programmed and withdrawn just like dynamic
routes that are BGP received.
What's next
To become familiar with Cloud Router terminology, see
Key terms.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Best practices for Cloud Router\n===============================\n\nWhen working with Cloud Router, use the following best practices.\n\n- If your on-premises Border Gateway Protocol (BGP) router supports [Bidirectional Forwarding Detection (BFD)](/network-connectivity/docs/router/concepts/bfd), enable it on your on-premises BGP device and on the Cloud Router to provide a high-availability network link that can respond faster to link failures.\n- If your peer router supports it, consider enabling [MD5 authentication](/network-connectivity/docs/router/how-to/use-md5-authentication) on your BGP sessions. By default, BGP sessions are unauthenticated.\n- Enable graceful restart on your on-premises BGP device. With graceful restart, traffic between networks isn't disrupted in the event of a Cloud Router or on-premises BGP device failure as long as the BGP session is re-established within the graceful restart period.\n- If graceful restart is not supported or enabled on your device, configure two on-premises BGP devices with one tunnel each to provide redundancy. If you don't configure two separate on-premises devices, Cloud VPN tunnel traffic can be disrupted in the event of a Cloud Router or an on-premises BGP device failure.\n- To ensure that you don't exceed Cloud Router [quotas](/network-connectivity/docs/router/quotas#quotas), use Cloud Monitoring to create [alerting policies](/monitoring/alerts). For example, you can use the metrics for learned routes to create alerting policies for the [unique Cloud Router\n dynamic route prefixes quotas](/network-connectivity/docs/router/quotas#from-own-region-limit).\n- If appropriate, you can manually configure [custom\n learned routes](/network-connectivity/docs/router/concepts/learned-routes) and apply them to a BGP session. Dynamic routes created from custom learned routes are programmed and withdrawn just like dynamic routes that are BGP received.\n\nWhat's next\n-----------\n\n- To become familiar with Cloud Router terminology, see [Key terms](/network-connectivity/docs/router/concepts/key-terms)."]]