Puoi utilizzare i seguenti esempi per eseguire il deployment dei gateway VPN ad alta disponibilità.
Per scoprire come applicare o rimuovere una configurazione Terraform, consulta Comandi Terraform di base.
Tra i VPC
Puoi utilizzare le risorse Terraform per creare un gateway VPN ad alta disponibilità di esempio tra reti Google Cloud . Per informazioni su questa configurazione, consulta la guida alla configurazione principale.
resource "google_compute_ha_vpn_gateway" "ha_gateway1" {
region = "us-central1"
name = "ha-vpn-1"
network = google_compute_network.network1.id
}
resource "google_compute_ha_vpn_gateway" "ha_gateway2" {
region = "us-central1"
name = "ha-vpn-2"
network = google_compute_network.network2.id
}
resource "google_compute_network" "network1" {
name = "network1"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
}
resource "google_compute_network" "network2" {
name = "network2"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "network1_subnet1" {
name = "ha-vpn-subnet-1"
ip_cidr_range = "10.0.1.0/24"
region = "us-central1"
network = google_compute_network.network1.id
}
resource "google_compute_subnetwork" "network1_subnet2" {
name = "ha-vpn-subnet-2"
ip_cidr_range = "10.0.2.0/24"
region = "us-west1"
network = google_compute_network.network1.id
}
resource "google_compute_subnetwork" "network2_subnet1" {
name = "ha-vpn-subnet-3"
ip_cidr_range = "192.168.1.0/24"
region = "us-central1"
network = google_compute_network.network2.id
}
resource "google_compute_subnetwork" "network2_subnet2" {
name = "ha-vpn-subnet-4"
ip_cidr_range = "192.168.2.0/24"
region = "us-east1"
network = google_compute_network.network2.id
}
resource "google_compute_router" "router1" {
name = "ha-vpn-router1"
region = "us-central1"
network = google_compute_network.network1.name
bgp {
asn = 64514
}
}
resource "google_compute_router" "router2" {
name = "ha-vpn-router2"
region = "us-central1"
network = google_compute_network.network2.name
bgp {
asn = 64515
}
}
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "ha-vpn-tunnel1"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
shared_secret = "a secret message"
router = google_compute_router.router1.id
vpn_gateway_interface = 0
}
resource "google_compute_vpn_tunnel" "tunnel2" {
name = "ha-vpn-tunnel2"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
shared_secret = "a secret message"
router = google_compute_router.router1.id
vpn_gateway_interface = 1
}
resource "google_compute_vpn_tunnel" "tunnel3" {
name = "ha-vpn-tunnel3"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
shared_secret = "a secret message"
router = google_compute_router.router2.id
vpn_gateway_interface = 0
}
resource "google_compute_vpn_tunnel" "tunnel4" {
name = "ha-vpn-tunnel4"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id
peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id
shared_secret = "a secret message"
router = google_compute_router.router2.id
vpn_gateway_interface = 1
}
resource "google_compute_router_interface" "router1_interface1" {
name = "router1-interface1"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.0.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name
}
resource "google_compute_router_peer" "router1_peer1" {
name = "router1-peer1"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.0.2"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface1.name
}
resource "google_compute_router_interface" "router1_interface2" {
name = "router1-interface2"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.1.2/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name
}
resource "google_compute_router_peer" "router1_peer2" {
name = "router1-peer2"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.1.1"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface2.name
}
resource "google_compute_router_interface" "router2_interface1" {
name = "router2-interface1"
router = google_compute_router.router2.name
region = "us-central1"
ip_range = "169.254.0.2/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel3.name
}
resource "google_compute_router_peer" "router2_peer1" {
name = "router2-peer1"
router = google_compute_router.router2.name
region = "us-central1"
peer_ip_address = "169.254.0.1"
peer_asn = 64514
advertised_route_priority = 100
interface = google_compute_router_interface.router2_interface1.name
}
resource "google_compute_router_interface" "router2_interface2" {
name = "router2-interface2"
router = google_compute_router.router2.name
region = "us-central1"
ip_range = "169.254.1.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel4.name
}
resource "google_compute_router_peer" "router2_peer2" {
name = "router2-peer2"
router = google_compute_router.router2.name
region = "us-central1"
peer_ip_address = "169.254.1.2"
peer_asn = 64514
advertised_route_priority = 100
interface = google_compute_router_interface.router2_interface2.name
}A una rete peer esterna
Puoi utilizzare le risorse Terraform per creare un gateway VPN ad alta disponibilità di esempio per un peer esterno. Per informazioni su questa configurazione, consulta la guida alla configurazione principale.
Per esempi di VPN ad alta disponibilità su Cloud Interconnect, consulta Esempi di Terraform per la VPN ad alta disponibilità su Cloud Interconnect.
resource "google_compute_ha_vpn_gateway" "ha_gateway" {
region = "us-central1"
name = "ha-vpn"
network = google_compute_network.network.id
}
resource "google_compute_external_vpn_gateway" "external_gateway" {
name = "external-gateway"
redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
description = "An externally managed VPN gateway"
interface {
id = 0
ip_address = "8.8.8.8"
}
}
resource "google_compute_network" "network" {
name = "network-1"
routing_mode = "GLOBAL"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "network_subnet1" {
name = "ha-vpn-subnet-1"
ip_cidr_range = "10.0.1.0/24"
region = "us-central1"
network = google_compute_network.network.id
}
resource "google_compute_subnetwork" "network_subnet2" {
name = "ha-vpn-subnet-2"
ip_cidr_range = "10.0.2.0/24"
region = "us-west1"
network = google_compute_network.network.id
}
resource "google_compute_router" "router1" {
name = "ha-vpn-router1"
network = google_compute_network.network.name
bgp {
asn = 64514
}
}
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "ha-vpn-tunnel1"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.id
peer_external_gateway = google_compute_external_vpn_gateway.external_gateway.id
peer_external_gateway_interface = 0
shared_secret = "a secret message"
router = google_compute_router.router1.id
vpn_gateway_interface = 0
}
resource "google_compute_vpn_tunnel" "tunnel2" {
name = "ha-vpn-tunnel2"
region = "us-central1"
vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.id
peer_external_gateway = google_compute_external_vpn_gateway.external_gateway.id
peer_external_gateway_interface = 0
shared_secret = "a secret message"
router = " ${google_compute_router.router1.id}"
vpn_gateway_interface = 1
}
resource "google_compute_router_interface" "router1_interface1" {
name = "router1-interface1"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.0.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name
}
resource "google_compute_router_peer" "router1_peer1" {
name = "router1-peer1"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.0.2"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface1.name
}
resource "google_compute_router_interface" "router1_interface2" {
name = "router1-interface2"
router = google_compute_router.router1.name
region = "us-central1"
ip_range = "169.254.1.1/30"
vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name
}
resource "google_compute_router_peer" "router1_peer2" {
name = "router1-peer2"
router = google_compute_router.router1.name
region = "us-central1"
peer_ip_address = "169.254.1.2"
peer_asn = 64515
advertised_route_priority = 100
interface = google_compute_router_interface.router1_interface2.name
}