Pode usar os exemplos seguintes para implementar gateways de VPN de HA.
Para saber como aplicar ou remover uma configuração do Terraform, consulte os comandos básicos do Terraform.
Entre VPCs
Pode usar recursos do Terraform para ativar um exemplo de gateway de VPN de alta disponibilidade entre Google Cloud redes. Para informações sobre esta configuração, consulte o guia de configuração principal.
resource "google_compute_ha_vpn_gateway" "ha_gateway1" {
region = "us-central1"
name = "ha-vpn-1"
network = google_compute_network.network1.id
}
resource "google_compute_ha_vpn_gateway" "ha_gateway2" {
region = "us-central1"
name = "ha-vpn-2"
network = google_compute_network.network2.id
}
resource "google_compute_network" "network1" {
name = "network1"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
}
resource "google_compute_network" "network2" {
name = "network2"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "network1_subnet1" {
name = "ha-vpn-subnet-1"
ip_cidr_range = "10.0.1.0/24"
region = "us-central1"
network = google_compute_network.network1.id
}
resource "google_compute_subnetwork" "network1_subnet2" {
name = "ha-vpn-subnet-2"
ip_cidr_range = "10.0.2.0/24"
region = "us-west1"
network = google_compute_network.network1.id
}
resource "google_compute_subnetwork" "network2_subnet1" {
name = "ha-vpn-subnet-3"
ip_cidr_range = "192.168.1.0/24"
region = "us-central1"
network = google_compute_network.network2.id
}
resource "google_compute_subnetwork" "network2_subnet2" {
name = "ha-vpn-subnet-4"
ip_cidr_range = "192.168.2.0/24"
region = "us-east1"
network = google_compute_network.network2.id
}
resource "google_compute_router" "router1" {
name = "ha-vpn-router1"
region = "us-central1"
network = google_compute_network.network1.name
bgp {
asn = 64514
}
}
resource "google_compute_router" "router2" {
name = "ha-vpn-router2"
region = "us-central1"
network = google_compute_network.network2.name
bgp {
asn = 64515
}
}
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "ha-vpn-tunnel1"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
shared_secret = "a secret message"
router = google_compute_router.router1.id
vpn_gateway_interface = 0
}
resource "google_compute_vpn_tunnel" "tunnel2" {
name = "ha-vpn-tunnel2"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
shared_secret = "a secret message"
router = google_compute_router.router1.id
vpn_gateway_interface = 1
}
resource "google_compute_vpn_tunnel" "tunnel3" {
name = "ha-vpn-tunnel3"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
shared_secret = "a secret message"
router = google_compute_router.router2.id
vpn_gateway_interface = 0
}
resource "google_compute_vpn_tunnel" "tunnel4" {
name = "ha-vpn-tunnel4"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
shared_secret = "a secret message"
router = google_compute_router.router2.id
vpn_gateway_interface = 1
}
resource "google_compute_router_interface" "router1_interface1" {
name = "router1-interface1"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.0.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name
}
resource "google_compute_router_peer" "router1_peer1" {
name = "router1-peer1"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.0.2"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface1.name
}
resource "google_compute_router_interface" "router1_interface2" {
name = "router1-interface2"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.1.2/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name
}
resource "google_compute_router_peer" "router1_peer2" {
name = "router1-peer2"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.1.1"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface2.name
}
resource "google_compute_router_interface" "router2_interface1" {
name = "router2-interface1"
router = google_compute_router.router2.name
region = "us-central1"
ip_range = "169.254.0.2/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel3.name
}
resource "google_compute_router_peer" "router2_peer1" {
name = "router2-peer1"
router = google_compute_router.router2.name
region = "us-central1"
peer_ip_address = "169.254.0.1"
peer_asn = 64514
advertised_route_priority = 100
interface = google_compute_router_interface.router2_interface1.name
}
resource "google_compute_router_interface" "router2_interface2" {
name = "router2-interface2"
router = google_compute_router.router2.name
region = "us-central1"
ip_range = "169.254.1.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel4.name
}
resource "google_compute_router_peer" "router2_peer2" {
name = "router2-peer2"
router = google_compute_router.router2.name
region = "us-central1"
peer_ip_address = "169.254.1.2"
peer_asn = 64514
advertised_route_priority = 100
interface = google_compute_router_interface.router2_interface2.name
}Para uma rede de pares externa
Pode usar recursos do Terraform para ativar um exemplo de gateway de VPN de alta disponibilidade para um par externo. Para informações sobre esta configuração, consulte o guia de configuração principal.
Para ver exemplos de VPN de alta disponibilidade através do Cloud Interconnect, consulte os exemplos do Terraform para VPN de alta disponibilidade através do Cloud Interconnect.
resource "google_compute_ha_vpn_gateway" "ha_gateway" {
region = "us-central1"
name = "ha-vpn"
network = google_compute_network.network.id
}
resource "google_compute_external_vpn_gateway" "external_gateway" {
name = "external-gateway"
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
description = "An externally managed VPN gateway"
interface {
id = 0
ip_address = "8.8.8.8"
}
}
resource "google_compute_network" "network" {
name = "network-1"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "network_subnet1" {
name = "ha-vpn-subnet-1"
ip_cidr_range = "10.0.1.0/24"
region = "us-central1"
network = google_compute_network.network.id
}
resource "google_compute_subnetwork" "network_subnet2" {
name = "ha-vpn-subnet-2"
ip_cidr_range = "10.0.2.0/24"
region = "us-west1"
network = google_compute_network.network.id
}
resource "google_compute_router" "router1" {
name = "ha-vpn-router1"
network = google_compute_network.network.name
bgp {
asn = 64514
}
}
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "ha-vpn-tunnel1"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.id
peer_external_gateway = google_compute_external_vpn_gateway.external_gateway.id
peer_external_gateway_interface = 0
shared_secret = "a secret message"
router = google_compute_router.router1.id
vpn_gateway_interface = 0
}
resource "google_compute_vpn_tunnel" "tunnel2" {
name = "ha-vpn-tunnel2"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.id
peer_external_gateway = google_compute_external_vpn_gateway.external_gateway.id
peer_external_gateway_interface = 0
shared_secret = "a secret message"
router = " ${google_compute_router.router1.id}"
vpn_gateway_interface = 1
}
resource "google_compute_router_interface" "router1_interface1" {
name = "router1-interface1"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.0.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name
}
resource "google_compute_router_peer" "router1_peer1" {
name = "router1-peer1"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.0.2"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface1.name
}
resource "google_compute_router_interface" "router1_interface2" {
name = "router1-interface2"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.1.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name
}
resource "google_compute_router_peer" "router1_peer2" {
name = "router1-peer2"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.1.2"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface2.name
}