How Cloud Router works

Cloud Router is an API abstraction implemented by multiple and redundant BGP tasks, a dynamic route control plane, and Virtual Private Cloud (VPC) network control and data planes. Understanding how these three software components work together helps you understand Cloud Router operations and how learned-route-best-path-selection options work.

Software components of Cloud Router

There are several software components within Cloud Router and VPC:

Cloud Router BGP task

Cloud Router BGP tasks are grouped together within a region. Each BGP task communicates with a dynamic route control plane for its region and group. BGP tasks don't handle packet data processing. Instead, BGP tasks manage BGP sessions to send and receive BGP prefixes.

Dynamic route control plane

Each region contains a dynamic route control plane that communicates with BGP tasks for its region and group. In global dynamic routing mode, dynamic route control planes in one region also communicate with dynamic route control planes in other regions. Each dynamic route control plane sends messages to the VPC network control plane.

VPC network control and data planes

Google Cloud uses the Andromeda network virtualization stack (PDF download) as the distributed control and data plane for VPC networking, and includes the following components:

VPC network control plane: Each region contains a VPC network control plane that receives information from the groups of dynamic route control planes in their own region. Each VPC network control plane programs dynamic routes in receiving VPC networks. VPC network control planes also enforce dynamic route quotas.
VPC network data plane: Each region contains a VPC network data plane that evaluates and implements dynamic routes using information from the VPC network control plane. The VPC network data plane performs packet forwarding.

Cloud Router BGP tasks

The following table shows how many BGP tasks a Cloud Router uses for common scenarios:

Example scenario	Number of BGP tasks used to implement the Cloud Router
One or more interfaces, each connected to a Classic VPN tunnel.	One BGP task
One or more interfaces, each connected to a VLAN attachment, where the VLAN attachments are in the same edge availability domain.	One BGP task
Any number of interfaces, each connected to an HA VPN tunnel, where the tunnels are all connected to the same interface number on one or more HA VPN gateways—for example, two tunnels, each connected to `interface 0` on different HA VPN gateways.	One BGP task
At least two interfaces, one connected to a VLAN attachment in a single edge availability domain, and another connected to a single HA VPN tunnel, where the edge availability domain and VPN gateway interface numbers are the same—for example, the first edge availability domain in a pair of edge availability domains and the first VPN gateway interface.	One BGP task
At least two interfaces, each connected to a Router appliance instance, where one of the interfaces is configured as a redundant interface. To create a redundant interface, use the `redundant-interface` flag (Google Cloud CLI) or the `redundantInterface` field (Compute Engine API). Router appliance is part of Network Connectivity Center.	Two BGP tasks
At least two interfaces, each connected to a VLAN attachment, where the VLAN attachments are in different edge availability domains.	Two BGP tasks
At least two interfaces, each connected to an HA VPN tunnel, where each tunnel is connected to different HA VPN gateway interface numbers—for example, one tunnel connected to `interface 0` of an HA VPN gateway and another tunnel connected to `interface 1` of the same gateway or a different gateway.	Two BGP tasks
A Cloud Router with at least the following: One interface connected to a VLAN attachment in `edge availability domain 0` and/or one interface connected to an HA VPN tunnel that is connected to `interface 0` of an HA VPN gateway. One interface connected to a VLAN attachment in `edge availability domain 1` and/or one interface connected to an HA VPN tunnel that is connected to `interface 1` of an HA VPN gateway. One interface connected to a Classic VPN tunnel.	Three BGP tasks

Software maintenance

Google Cloud performs regular maintenance events to release new features and to improve reliability. During maintenance, new BGP tasks take over as BGP speakers and responders.

Cloud Router maintenance is an automatic process, and it is designed so that it does not interrupt routing. Maintenance events are expected to take no more than 60 seconds. Before maintenance, the Cloud Router sends a graceful restart notification (a TCP FIN packet) to the on-premises router.

If your on-premises router can process graceful restart events, it logs a graceful restart event during Cloud Router maintenance. For on-premises routers that don't support graceful restart, ensure that the on-premises router's hold timer is set to 60 seconds.

The BGP hold timer determines how long learned routes are preserved when the peered BGP router is unavailable. The BGP hold timer is negotiated to the lower of the two values from both sides. Cloud Router uses a default value of 60 seconds for the BGP hold timer. We recommend that you set the BGP hold timer on your on-premises router to 60 seconds or greater. As a result, both routers preserve their routes during these upgrades and traffic continues to flow. For more information, see Manage BGP timers.

Cloud Router maintenance events are not announced in advance because routes are not lost on properly configured on-premises routers. For more information about completed maintenance events, see Identify router maintenance events.

For information about how graceful restart works with Bidirectional Forwarding Detection (BFD), see Graceful restart and BFD.