Advertise specific VPC subnets
You can create custom advertised routes to limit the subnets in your Virtual Private Cloud (VPC) network that the Cloud Router advertises. The subnets that you advertise are the only ones visible to on-premises clients. Cloud Router doesn't dynamically advertise new subnets unless you configure Cloud Router to advertise all subnets. If you choose to advertise only specific subnets and want to advertise new subnets, you must add them as custom advertised routes.
For IPv6-enabled BGP sessions, you can configure custom advertised routes for specific internal (ULA) and external (GUA) IPv6 subnet ranges. For information about IPv6 subnet types, see IPv6 subnet ranges.
To specify custom advertised routes when you create a Cloud Router or configure a BGP session, see Create Cloud Routers or Establish BGP sessions.
Before you begin
gcloud
If you want to use the command-line examples in this guide, do the following:
- Install or update to the latest version of the Google Cloud CLI.
- Set a default region and zone.
API
If you want to use the API examples in this guide, set up API access.
Specify custom advertised routes on a Cloud Router
To specify custom advertised routes on an existing Cloud Router, follow these steps.
Console
In the Google Cloud console, go to the Cloud Routers page.
Select the Cloud Router to update.
On the Router details page, click
Edit.In the Advertised routes section, for Routes, select Create custom routes.
If the Advertise all subnets visible to the Cloud Router checkbox is selected, clear it.
Select Add custom route to add a custom advertised route.
Configure the custom advertised route:
- Source: Select a predefined list of subnets. Cloud Router lists all subnets available to it, which depends on the VPC network's dynamic routing mode.
IP address range: You can modify the advertised subnet IP range. For example, you can specify a more narrow range so that the Cloud Router advertises part of the subnet. You can specify both IPv4 and IPv6 custom IP ranges. However, IPv6 custom ranges are advertised only in BGP sessions where IPv6 is enabled.
If you provide an IP address prefix without a subnet mask, it is interpreted as a
/32
subnet mask for IPv4 and a/128
for IPv6. For information about the maximum number of custom learned routes that you can have, see Limits.Description: Add a description to help you identify the purpose of this custom advertised route, and then click Done.
After you finish adding custom advertised routes, click Save.
gcloud
Before you begin, record the IP ranges of the subnets to advertise.
Run the update
command. To specify the subnet IP ranges to advertise,
use the --set-advertisement-ranges
flag. To append IP ranges to
existing advertisements, use the --add-advertisement-ranges
flag.
Use the
--set-advertisement-ranges
flag; any existing custom advertised routes are replaced:gcloud compute routers update ROUTER_NAME \ --advertisement-mode custom \ --set-advertisement-ranges=ADVERTISED_IP_RANGES
Replace the following:
ROUTER_NAME
: the name of the Cloud RouterADVERTISED_IP_RANGES
: the contents of the new array of IP address ranges. You can specify both IPv4 and IPv6 custom IP ranges. However, IPv6 custom ranges are advertised only in BGP sessions where IPv6 is enabled.If you provide an IP address prefix without a subnet mask, it is interpreted as a
/32
subnet mask for IPv4 and a/128
for IPv6. For information about the maximum number of custom learned routes that you can have, see Limits.
The following example updates the
my-router
Cloud Router to advertise the192.0.2.0/24
and198.51.100.0/24
subnets; existing custom advertised routes are replaced:gcloud compute routers update my-router \ --advertisement-mode=custom \ --set-advertisement-ranges='192.0.2.0/24,198.51.100.0/24'
The following example updates the
my-router
Cloud Router to advertise the192.0.2.0/24
and198.51.100.0/24
IPv4 subnets, plus the2001:db8:abcd:12::/64
IPv6 subnet:gcloud compute routers update my-router \ --advertisement-mode=custom \ --set-advertisement-ranges='192.0.2.0/24,198.51.100.0/24,2001:db8:abcd:12::/64'
Cloud Router advertises IPv6 ranges only in BGP sessions that are enabled for IPv6.
The following example uses the
--add-advertisement-ranges
flag to append IP ranges to an existing advertisement:gcloud compute routers update my-router \ --add-advertisement-ranges='203.0.113.0/24'
The following example adds the
2001:db8:abcd:12::/64
custom IPv6 range to the Cloud Router's advertisements:gcloud compute routers update my-router \ --add-advertisement-ranges='2001:db8:abcd:12::/64'
Cloud Router advertises IPv6 ranges only in BGP sessions that are enabled for IPv6.
If the advertisement group of your Cloud Router includes all
subnets, remove it to prevent the Cloud Router from advertising
additional subnets. Advertisement groups are Google-defined IP ranges
that the Cloud Router dynamically advertises. For a list of all
advertisement groups, see the
set-advertisement-groups
flag in the Google SDK documentation.
The following example uses the
describe
command to check the Cloud Router's advertised routes:gcloud compute routers describe my-router
If the output contains the
advertisedGroups
field with the valueall_subnets
, remove it. The following example uses theupdate
command with the--remove-advertisement-groups
flag:gcloud compute routers update my-router \ --remove-advertisement-groups all_subnets
API
Use the
routers.patch
method to update the bgp.advertisedIpRanges[]
field. You might also need to update the bgp.advertisedGroups[]
field
if it currently has a value of ALL_SUBNETS
.
The bgp.advertisedGroups[]
and bgp.advertisedIpRanges[]
fields accept arrays of advertised groups and advertised IP address ranges.
When you PATCH
these fields, you overwrite the existing arrays with the new
ones in your request.
Send a
GET
request to get the current arrays of advertised groups and advertised IP ranges on the router. For details, see Viewing Cloud Router status and routes.Send a
PATCH
request with new arrays of advertised groups and advertised IP address ranges:- Add any subnet IP address ranges that you want on the router to the
bgp.advertisedIpRanges[]
field. - If the
advertisedGroups[]
field currently specifies the valueALL_SUBNETS
, remove it by sending an empty array as shown in the following example. This prevents Cloud Router from advertising additional subnets.
PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME { "bgp": { "advertisedGroups": [], "advertisedIpRanges": [ ADVERTISED_IP_RANGES ] } }
Replace the following:
PROJECT_ID
: the project that contains the Cloud RouterREGION
: the region where the Cloud Router is locatedROUTER_NAME
: the name of the Cloud RouterADVERTISED_IP_RANGES
: the contents of the new array of IP address ranges. You can specify IPv6 custom IP address ranges in addition to IPv4 address ranges. However, IPv6 ranges are advertised only if you enable IPv6 exchange for this BGP session.
If you provide an IP address prefix without a subnet mask, it is interpreted as a
/32
subnet mask for IPv4 and a/128
for IPv6. For information about the maximum number of custom learned routes that you can have, see Limits.The following example contains two subnet IPv4 address ranges and one IPv6 address range:
{ "range": "192.0.2.0/24", "description": "First example range" }, { "range": "198.51.100.0/24", "description": "Second example range" }, { "range": "2001:db8:abcd:12::/64", "description: "Third example range" }
- Add any subnet IP address ranges that you want on the router to the
Specify custom advertised routes for a BGP session
To specify custom advertised routes for an existing BGP session, follow these steps.
Console
In the Google Cloud console, go to the Cloud Routers page.
Select the Cloud Router that contains the BGP session to update.
On the Router details page, select the BGP session to update.
On the BGP session details page, click
Edit.For Routes, select Create custom routes.
If the Advertise all subnets visible to the Cloud Router checkbox is selected, clear it.
Select Add custom route to add an advertised route.
Configure the custom advertised route:
Source: Select a predefined list of subnets. Cloud Router lists all subnets available to it, which depends on the VPC network's dynamic routing mode.
IP address range: You can modify the advertised subnet IP range. For example, you can specify a more narrow range so that the Cloud Router advertises part of the subnet. You can specify IPv6 custom IP address ranges in addition to IPv4 address ranges. However, IPv6 ranges are advertised only if you enable IPv6 exchange for this BGP session.
If you provide an IP address prefix without a subnet mask, it is interpreted as a
/32
subnet mask for IPv4 and a/128
for IPv6. For information about the maximum number of custom learned routes that you can have, see Limits.Description: Add a description to help you identify the purpose of this custom advertised route, and then click Done.
After you finish adding custom routes, click Save.
gcloud
Before you begin, record the IP ranges of the subnets to advertise.
Run the update-bgp-peer
command. To specify the subnet IP ranges to
advertise, use the --set-advertisement-ranges
flag. To append IP ranges to
existing advertisements, use the --add-advertisement-ranges
flag.
Use the
--set-advertisement-ranges
flag; any existing custom advertisements are replaced:gcloud compute routers update-bgp-peer ROUTER_NAME \ --peer-name=PEER_NAME \ --advertisement-mode=custom \ --set-advertisement-ranges=ADVERTISED_IP_RANGES
Replace the following:
ROUTER_NAME
: the name of the Cloud RouterPEER_NAME
: the name of your BGP peer- Optionally, add the
--enable-ipv6
flag if you are adding custom IPv6 ranges. ADVERTISED_IP_RANGES
: the contents of the new array of IP address ranges. You can specify both IPv4 and IPv6 custom IP ranges. However, IPv6 custom ranges are advertised only in BGP sessions where IPv6 is enabled.If you provide an IP address prefix without a subnet mask, it is interpreted as a
/32
subnet mask for IPv4 and a/128
for IPv6. For information about the maximum number of custom learned routes that you can have, see Limits.
The following example updates the
my-bgp-session
BGP session on themy-router
Cloud Router to advertise the192.0.2.0/24
,198.51.100.0/24
and2001:db8:abcd:12::/64
subnets; existing custom advertised routes are replaced:gcloud compute routers update-bgp-peer my-router \ --peer-name my-bgp-session \ --enable-ipv6 \ --advertisement-mode=custom \ --set-advertisement-ranges='192.0.2.0/24,198.51.100.0/24,2001:db8:abcd:12::/64'
The following example uses the
--add-advertisement-ranges
flag to append IP ranges to an existing advertisement:gcloud compute routers update-bgp-peer my-router \ --peer-name my-bgp-session \ --add-advertisement-ranges='203.0.113.0/24'
The following example adds the
2001:db8:abcd:12::/64
custom IPv6 address to the Cloud Router's advertised routes:gcloud compute routers update-bgp-peer my-router \ --peer-name my-bgp-session \ --enable-ipv6 \ --add-advertisement-ranges='2001:db8:abcd:12::/64'
If the advertisement group of your BGP session includes all subnets,
remove it to prevent the Cloud Router from advertising additional
subnets. Advertisement groups are Google-defined IP ranges that the
Cloud Router dynamically advertises. For a list of all
advertisement groups, see the
set-advertisement-groups
flag in the Google SDK documentation.
The following example uses the
describe
command to check the Cloud Router's advertised routes:gcloud compute routers describe my-router
If the related BGP session contains the
advertisedGroups
field with the valueall_subnets
, remove it. The following example uses theupdate
command with the--remove-advertisement-groups
flag:gcloud compute routers update-bgp-peer my-router \ --peer-name my-bgp-session \ --remove-advertisement-groups=all_subnets
API
Use the
routers.patch
method to update the bgpPeers[]
field.
The bgpPeers[]
field accepts an array of BGP peers. When you PATCH
this
field, you overwrite the existing array of BGP peers with the new array
included in your request.
Send a
GET
request to get the current array of BGP peers for the router. For details, see View BGP session configuration.Send a
PATCH
request with a new array of BGP peers. For each BGP peer for which you want to add custom advertised routes, do the following:Add any subnet IP address range advertisements that you want to the
bgpPeers[].advertisedIpRanges[]
field.If you provide an IP address prefix without a subnet mask, it is interpreted as a
/32
subnet mask for IPv4 and a/128
for IPv6. For information about the maximum number of custom learned routes that you can have, see Limits.If the
bgpPeers[].advertisedGroups[]
field currently specifies the valueALL_SUBNETS
, remove it to prevent the BGP session from advertising additional subnets.
PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME { "bgpPeers": [ BGP_PEERS ] }
Replace the following:
PROJECT_ID
: the project that contains the Cloud RouterREGION
: the region where the Cloud Router is locatedROUTER_NAME
: the name of the Cloud RouterBGP_PEERS
: the contents of the new array of BGP peers
The following example contains two BGP peers with custom advertised routes:
{ "name": "peer-1", "interfaceName": "if-peer-1", "ipAddress": "169.254.10.1", "peerIpAddress": "169.254.10.2", "peerAsn": 64512, "enableIpv6": true, "advertisedRoutePriority": 100, "advertiseMode": "CUSTOM", "advertisedGroups": [], "advertisedIpRanges": [ { "range": "192.0.2.0/24", "description": "First example subnet" }, { "range": "198.51.100.0/24", "description": "Second example subnet" }, { "range": "2001:db8:abcd:12::/64", "description: "Third example subnet" } ] }, { "name": "peer-2", "interfaceName": "if-peer-2", "ipAddress": "169.254.20.1", "peerIpAddress": "169.254.20.2", "peerAsn": 64513, "advertisedRoutePriority": 100, "advertiseMode": "CUSTOM", "advertisedGroups": [], "advertisedIpRanges": [ { "range": "203.0.113.0/24", "description": "Fourth example subnet" } ] }
What's next
To view the configuration of a Cloud Router, its BGP sessions, and the routes that Cloud Router is advertising, see View Cloud Router details.
To troubleshoot issues with custom advertised routes, see Troubleshooting.