Google Gloud Cloud

Google Cloud: Establishing Dynamic VPN gateways with Cloud Routers

0 s08GJIjw4PvAN5vg

The Cloud Routers will implement VPN gateways configured with Border Gateway Protocol (BGP). BGP provides dynamic network discovery and eliminates the need to configure or maintain static routes. When configuration is complete, you can ping the internal IP of the VM in a newly discovered subnetwork via an auto-populated route.

In this lab, you learn how to perform the following tasks:

  • Create two networks to represent your VPC and on-premises network, with a VM in each network to test connectivity
  • Connect the two networks using Cloud Routers
  • Add a new subnetwork and verify that Dynamic BGP routing is working

Task 1. Create the networks

Create the first network

  1. Click Create VPC Network.
  2. Specify the following, and leave the remaining settings as their defaults:

4. For Subnet creation mode, click Custom.

5. Specify the following, and leave the remaining settings as their defaults:

1*cNF6YRF14IVefjwyiETl6Q

6. Click Done.

7. Click Create

1*oPsIsyF0ublvoJlrKrs82Q

Create the second network

  1. Click Create VPC Network.
  2. Specify the following, and leave the remaining settings as their defaults:
1*6YA7eFcYNV6Owe1tk5KusA

3. For Subnet creation mode, click Custom.

4. Specify the following, and leave the remaining settings as their defaults:

1*9UAj3zWYKjnSFrwSJV8e8g

5. Click Done.

6. Click Create.

1*IHgnyFjBz937FqsTJml Cw
1*i4zU0LyWKEkpnovREsQZfA

Task 2. Create the utility VMs

Create the first instance

  1. On the Navigation menu, click Compute Engine > VM instances.
  2. Click Create.
  3. Specify the following, and leave the remaining settings as their defaults:
1*nIEDexUVPTkp1yfREg 9RQ

4. Click Management, security, disks, networking, sole tenancy.

5. Click Networking.

6. For Network interfaces, click the Edit icon.

7. Specify the following, and leave the remaining settings as their defaults:

1*X6WpJTc03lU1Z DmadAKA

8. Click Done.

9. Click Create.

Create the second instance

  1. Click Create Instance.
  2. Specify the following, and leave the remaining settings as their defaults:
1*JqlSGYGq0bOp1MF2P8rhIw

3. Click Management, security, disks, networking, sole tenancy.

4. Click Networking.

5. For Network interfaces, click the Edit icon.

6. Specify the following, and leave the remaining settings as their defaults:

1*v MikEneZoEH

7. Click Done.

8. Click Create.

Task 3. Create the firewall rules

Allow traffic to gcp-vpc

  1. Click Create Firewall Rule.
  2. Specify the following, and leave the remaining settings as their defaults:

4. For tcp, specify port 22.

5. For Other protocols, specify the icmp protocol.

6. Click Create.

1*ScoZ79e6FdgBdtYhgVdhvw

Allow traffic to on-prem

  1. Specify the following, and leave the remaining settings as their defaults:
1*WCuyvnpdWgyUB6LkBakycA

3. For tcp, specify port 22.

4. For Other protocols, specify the icmp protocol.

5. Click Create.

1*M16ZBlSuz R9npsows HTQ

Task 4. Verify network connectivity

Test connectivity from gcp-server to on-prem-1

  1. Note the external and internal IP addresses for on-prem-1.
  2. For gcp-server, click SSH to launch a terminal and connect.
  3. To test connectivity to on-prem-1’s external IP address, run the following command, replacing on-prem-1’s external IP address with the value noted earlier:

ping -c 3 <Enter on-prem-1’s external IP address here>

5. To test connectivity to on-prem-1’s internal IP address, run the following command, replacing on-prem-1’s internal IP address with the value noted earlier:

ping -c 3 <Enter on-prem-1’s internal IP address here>

1*RWccwnoQaXawXOVfvNI0Kg

You should see 100% packet loss when pinging the internal IP address.

6. Exit the SSH terminal

Test connectivity from on-prem-1 to gcp-server

  1. For on-prem-1, click SSH to launch a terminal and connect.
  2. To test connectivity to gcp-server’s external IP address, run the following command, replacing gcp-server’s external IP address with the value noted earlier:

ping -c 3 <Enter gcp-server’s external IP address here>

4. To test connectivity to gcp-server’s internal IP address, run the following command, replacing gcp-server’s internal IP address with the value noted earlier:

ping -c 3 <Enter gcp-server’s internal IP address here>

1*4aGmM3l38FVO9usLWwXn5A

You should see similar results.

5. Exit the SSH terminal.

Why are we testing both gcp-server to on-prem-1 and on-prem-1 to gcp-server?

For the purposes of this lab, the path from subnet-a to subnet-b is not the same as the path from subnet-b to subnet-a. We are using separate tunnels to pass traffic in each direction. And if both tunnels are not established, you won’t be able to ping the remote server on its internal IP. The ping might reach the remote server, but the response can’t be returned.

This makes it much easier to debug the lab during class. In practice, a single tunnel could be used with symmetric configuration. However, it is more common to have multiple tunnels or multiple gateways and VPNs for production work because a single tunnel could be a single point of failure.

Task 5. Create the Cloud Routers

Create the gcp-vpc Cloud Router

2. Click Create router.

3. Specify the following, and leave the remaining settings as their defaults:

1*VYDXtIPImEDhePjMUTOT3g
1*sI9WMEQOZrY75uOo2Y3mEQ

4. Click Create.

Create the on-prem Cloud Router

  1. Specify the following, and leave the remaining settings as their defaults:
1*XH6AXuTU715cZEOoWq0Ehg

3. Click Create.

1*FtHuzos46iQQImHK6DL zg

Prepare for VPN Gateways configuration

You need a static External IP address for each gateway. Create them now and note the IP addresses. You will use them later in the lab.

  1. On the Navigation menu, click VPC network > External IP addresses.
  2. Click Reserve Static Address.
  3. Specify the following, and leave the remaining settings as their defaults:
1*hSzLnXpyk z7DH9KyvgNfQ
1*NhkXMRq5pBf7C6sdS9YCug

4. Click Reserve.

5. Click Reserve Static Address.

6. Specify the following, and leave the remaining settings as their defaults:

1*UR8FUY0E25c vCntqcZt3Q

7. Click Reserve.

8. Note both IP addresses. You need to manually enter them in the next steps, where they are referred to as gcp-vpc-ip-address and on-prem-ip-address.

1*eVrSbrSgrNJOv1H9Ws4nUg

Create the first VPN

  1. Click Create VPN connection.
  2. Select Classic VPN option and click Continue.
  3. Specify the following, and leave the remaining settings as their defaults:

5. Under Tunnels, specify the following, and leave the remaining settings as their defaults:

1*AOcfgCKnw3gjVslZsO9daw

6. For BGP session, click Create BGP session to open a pop-up dialog.

7. Specify the following, and leave the remaining settings as their defaults:

1*3199tR753hdqHpLoAKIG0A

8. Click Save and Continue.

9. Click Done.

10. Click Create.

Create the second VPN

  1. Click VPN Setup Wizard.
  2. Select Classic VPN option in the wizard and click Continue.
  3. Specify the following, and leave the remaining settings as their defaults:
1*r3uLX4SPUcvOOHgsCwzFlg

5. Under Tunnels, specify the following, and leave the remaining settings as their defaults:

1*avO77Ad1cqH6hiaWiJK6QQ

6. For BGP session, click Create BGP session to open a pop-up dialog.

7. Specify the following, and leave the remaining settings as their defaults:

1*kHGUufHtcMwda5JIEkLNDg

8. Click Save and Continue.

9. Click Done.

10. Click Create.

1*f HmtinV96H8 EGQtTdqyA
1*M5 p5nH5OCuEFADd3BQhzg

Task 6. Verify connection

  1. Note the internal IP addresses for gcp-server and on-prem-1.
  2. For gcp-server, click SSH to launch a terminal and connect.
  3. To test connectivity to on-prem-1’s internal IP address, run the following command, replacing on-prem-1’s internal IP address with the value noted earlier:

ping -c 3 <Enter on-prem-1’s internal IP address here>

If the ping fails, wait another minute for the VPN tunnels to connect, and ping again.

5. Exit the gcp-server SSH terminal.

6. For on-prem-1, click SSH to launch a terminal and connect.

7. To test connectivity to gcp-server’s internal IP address, run the following command, replacing gcp-server’s internal IP address with the value noted earlier:

ping -c 3 <Enter gcp-server’s internal IP address here>

1*fY76jyeG9fRrI3zooXkKdA

If the ping fails, wait another minute for the VPN tunnels to connect, and ping again.

Task 7. Demonstrate Dynamic Routing

View the current routes

  1. Click Dynamic to filter.
1*MjgyeRaFuGfKzo 1X CzeQ

Create a new subnet in on-prem

  1. Click on-prem to filter.
  2. Click Add subnet.
  3. Specify the following, and leave the remaining settings as their defaults:
1*8OEbR4T1 Mj7DgLvg Jm Q

5. This subnet is created in the same region as on-prem. Click Add.

1*cLYVc2yqbpssCewqeyzVog

Create a new utility VM in the new subnet

  1. On the Navigation menu, click Compute Engine > VM instances.
  2. Click Create Instance.
  3. Specify the following, and leave the remaining settings as their defaults:
1*qGcEojKSOE4AwUuC9s6SQw

4. Click Management, security, disks, networking, sole tenancy.

5. Click Networking.

6. For Network interfaces, click the Edit icon.

7. Specify the following, and leave the remaining settings as their defaults:

1*sfmJRsPjl67hSKK8R68wtg

8. Click Done.

9. Click Create.

1*iDEZ

Test connectivity

  1. Note the internal IP address for on-prem-2.
  2. For gcp-server, click SSH to launch a terminal and connect.
  3. To test connectivity to on-prem-2’s internal IP address, run the following command, replacing on-prem-2’s internal IP address with the value noted earlier:

ping -c 3 <Enter on-prem-2’s internal IP address here>

1*g2ctcR7omLf7d cj8WfWEQ

If the ping fails, wait another minute for the VPN tunnels to connect and ping again.

5. Exit the gcp-server SSH terminal.

View the routes

  1. Click Dynamic to filter.

1*A0pLFEy2lkDbA3kcpNcYSg

This concludes our Lab for — Establishing Dynamic VPN gateways with Cloud Routers.

Happy Learning !!!

Đăng ký liền tay Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !

Add Comment

Click here to post a comment

Đăng ký liền tay
Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !