Puoi utilizzare i seguenti esempi per eseguire il deployment di gateway VPN ad alta disponibilità.
Per scoprire come applicare o rimuovere una configurazione Terraform, consulta Comandi Terraform di base.
Tra VPC
Puoi utilizzare le risorse Terraform per visualizzare un gateway VPN ad alta disponibilità di esempio tra le reti Google Cloud. Per informazioni su questa configurazione, consulta la guida alla configurazione principale.
resource "google_compute_ha_vpn_gateway" "ha_gateway1" {
region = "us-central1"
name = "ha-vpn-1"
network = google_compute_network.network1.id
}
resource "google_compute_ha_vpn_gateway" "ha_gateway2" {
region = "us-central1"
name = "ha-vpn-2"
network = google_compute_network.network2.id
}
resource "google_compute_network" "network1" {
name = "network1"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
}
resource "google_compute_network" "network2" {
name = "network2"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "network1_subnet1" {
name = "ha-vpn-subnet-1"
ip_cidr_range = "10.0.1.0/24"
region = "us-central1"
network = google_compute_network.network1.id
}
resource "google_compute_subnetwork" "network1_subnet2" {
name = "ha-vpn-subnet-2"
ip_cidr_range = "10.0.2.0/24"
region = "us-west1"
network = google_compute_network.network1.id
}
resource "google_compute_subnetwork" "network2_subnet1" {
name = "ha-vpn-subnet-3"
ip_cidr_range = "192.168.1.0/24"
region = "us-central1"
network = google_compute_network.network2.id
}
resource "google_compute_subnetwork" "network2_subnet2" {
name = "ha-vpn-subnet-4"
ip_cidr_range = "192.168.2.0/24"
region = "us-east1"
network = google_compute_network.network2.id
}
resource "google_compute_router" "router1" {
name = "ha-vpn-router1"
region = "us-central1"
network = google_compute_network.network1.name
bgp {
asn = 64514
}
}
resource "google_compute_router" "router2" {
name = "ha-vpn-router2"
region = "us-central1"
network = google_compute_network.network2.name
bgp {
asn = 64515
}
}
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "ha-vpn-tunnel1"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
shared_secret = "a secret message"
router = google_compute_router.router1.id
vpn_gateway_interface = 0
}
resource "google_compute_vpn_tunnel" "tunnel2" {
name = "ha-vpn-tunnel2"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
shared_secret = "a secret message"
router = google_compute_router.router1.id
vpn_gateway_interface = 1
}
resource "google_compute_vpn_tunnel" "tunnel3" {
name = "ha-vpn-tunnel3"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
shared_secret = "a secret message"
router = google_compute_router.router2.id
vpn_gateway_interface = 0
}
resource "google_compute_vpn_tunnel" "tunnel4" {
name = "ha-vpn-tunnel4"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
shared_secret = "a secret message"
router = google_compute_router.router2.id
vpn_gateway_interface = 1
}
resource "google_compute_router_interface" "router1_interface1" {
name = "router1-interface1"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.0.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name
}
resource "google_compute_router_peer" "router1_peer1" {
name = "router1-peer1"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.0.2"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface1.name
}
resource "google_compute_router_interface" "router1_interface2" {
name = "router1-interface2"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.1.2/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name
}
resource "google_compute_router_peer" "router1_peer2" {
name = "router1-peer2"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.1.1"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface2.name
}
resource "google_compute_router_interface" "router2_interface1" {
name = "router2-interface1"
router = google_compute_router.router2.name
region = "us-central1"
ip_range = "169.254.0.2/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel3.name
}
resource "google_compute_router_peer" "router2_peer1" {
name = "router2-peer1"
router = google_compute_router.router2.name
region = "us-central1"
peer_ip_address = "169.254.0.1"
peer_asn = 64514
advertised_route_priority = 100
interface = google_compute_router_interface.router2_interface1.name
}
resource "google_compute_router_interface" "router2_interface2" {
name = "router2-interface2"
router = google_compute_router.router2.name
region = "us-central1"
ip_range = "169.254.1.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel4.name
}
resource "google_compute_router_peer" "router2_peer2" {
name = "router2-peer2"
router = google_compute_router.router2.name
region = "us-central1"
peer_ip_address = "169.254.1.2"
peer_asn = 64514
advertised_route_priority = 100
interface = google_compute_router_interface.router2_interface2.name
}
A una rete peer esterna
Puoi utilizzare le risorse Terraform per avviare un gateway VPN ad alta disponibilità di esempio su un peer esterno. Per informazioni su questa configurazione, consulta la guida alla configurazione principale.
Per esempi di VPN ad alta disponibilità su Cloud Interconnect, consulta Esempi di Terraform per VPN ad alta disponibilità su Cloud Interconnect.
resource "google_compute_ha_vpn_gateway" "ha_gateway" {
region = "us-central1"
name = "ha-vpn"
network = google_compute_network.network.id
}
resource "google_compute_external_vpn_gateway" "external_gateway" {
name = "external-gateway"
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
description = "An externally managed VPN gateway"
interface {
id = 0
ip_address = "8.8.8.8"
}
}
resource "google_compute_network" "network" {
name = "network-1"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "network_subnet1" {
name = "ha-vpn-subnet-1"
ip_cidr_range = "10.0.1.0/24"
region = "us-central1"
network = google_compute_network.network.id
}
resource "google_compute_subnetwork" "network_subnet2" {
name = "ha-vpn-subnet-2"
ip_cidr_range = "10.0.2.0/24"
region = "us-west1"
network = google_compute_network.network.id
}
resource "google_compute_router" "router1" {
name = "ha-vpn-router1"
network = google_compute_network.network.name
bgp {
asn = 64514
}
}
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "ha-vpn-tunnel1"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.id
peer_external_gateway = google_compute_external_vpn_gateway.external_gateway.id
peer_external_gateway_interface = 0
shared_secret = "a secret message"
router = google_compute_router.router1.id
vpn_gateway_interface = 0
}
resource "google_compute_vpn_tunnel" "tunnel2" {
name = "ha-vpn-tunnel2"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.id
peer_external_gateway = google_compute_external_vpn_gateway.external_gateway.id
peer_external_gateway_interface = 0
shared_secret = "a secret message"
router = " ${google_compute_router.router1.id}"
vpn_gateway_interface = 1
}
resource "google_compute_router_interface" "router1_interface1" {
name = "router1-interface1"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.0.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name
}
resource "google_compute_router_peer" "router1_peer1" {
name = "router1-peer1"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.0.2"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface1.name
}
resource "google_compute_router_interface" "router1_interface2" {
name = "router1-interface2"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.1.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name
}
resource "google_compute_router_peer" "router1_peer2" {
name = "router1-peer2"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.1.2"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface2.name
}