Use the following best practices to help build your network topology.
- Enable graceful restart on your on-premises BGP device. With graceful restart, traffic between networks won't be disrupted in the event of a Cloud Router or BGP device failure as long as the BGP session is re-established within the graceful restart period.
- If graceful restart is not supported or enabled on your device, you should configure two on-premises devices with one tunnel each to provide redundancy. If you don't, VPN tunnel traffic can be disrupted in the event of Cloud Router or on-premises BGP device failure.
- For high reliability, set up redundant routers and BGP sessions even if your on-premises device supports graceful restart. In the event of non-transient failures, you'll be protected even if one path fails. For more information, see Redundant Cloud VPN tunnels.
- If you want to connect your on-premises network to multiple GCP projects using dynamic routing, use Shared VPC with Cloud Router. Create a Shared VPC host project network and connect it to your on-premises network. Then, share this network with service projects that require access to your on-premises network. The service projects can use the Cloud Router and VPN in the host project to communicate with the on-premises network. Cloud Router doesn't support route propagation to other Cloud Routers. For example, you can't create a hub and spoke network in GCP.