cloud google cloud

Google Cloud: Establishing Dynamic VPN gateways with Cloud Routers

The Cloud Routers will implement VPN gateways configured with Border Gateway Protocol (BGP). BGP provides dynamic network discovery and eliminates the need to configure or maintain static routes. When configuration is complete, you can ping the internal IP of the VM in a newly discovered subnetwork via an auto-populated route.

In this lab, you learn how to perform the following tasks:

  • Create two networks to represent your VPC and on-premises network, with a VM in each network to test connectivity
  • Connect the two networks using Cloud Routers
  • Add a new subnetwork and verify that Dynamic BGP routing is working

Task 1. Create the networks

Create the first network

  1. Click Create VPC Network.
  2. Specify the following, and leave the remaining settings as their defaults:

4. For Subnet creation mode, click Custom.

5. Specify the following, and leave the remaining settings as their defaults:

6. Click Done.

7. Click Create

Create the second network

  1. Click Create VPC Network.
  2. Specify the following, and leave the remaining settings as their defaults:

3. For Subnet creation mode, click Custom.

4. Specify the following, and leave the remaining settings as their defaults:

5. Click Done.

6. Click Create.

Task 2. Create the utility VMs

Create the first instance

  1. On the Navigation menu, click Compute Engine > VM instances.
  2. Click Create.
  3. Specify the following, and leave the remaining settings as their defaults:

4. Click Management, security, disks, networking, sole tenancy.

5. Click Networking.

6. For Network interfaces, click the Edit icon.

7. Specify the following, and leave the remaining settings as their defaults:

8. Click Done.

9. Click Create.

Create the second instance

  1. Click Create Instance.
  2. Specify the following, and leave the remaining settings as their defaults:

3. Click Management, security, disks, networking, sole tenancy.

4. Click Networking.

5. For Network interfaces, click the Edit icon.

6. Specify the following, and leave the remaining settings as their defaults:

7. Click Done.

8. Click Create.

Task 3. Create the firewall rules

Allow traffic to gcp-vpc

  1. Click Create Firewall Rule.
  2. Specify the following, and leave the remaining settings as their defaults:

4. For tcp, specify port 22.

5. For Other protocols, specify the icmp protocol.

6. Click Create.

Allow traffic to on-prem

  1. Specify the following, and leave the remaining settings as their defaults:

3. For tcp, specify port 22.

4. For Other protocols, specify the icmp protocol.

5. Click Create.

Task 4. Verify network connectivity

Test connectivity from gcp-server to on-prem-1

  1. Note the external and internal IP addresses for on-prem-1.
  2. For gcp-server, click SSH to launch a terminal and connect.
  3. To test connectivity to on-prem-1’s external IP address, run the following command, replacing on-prem-1’s external IP address with the value noted earlier:

ping -c 3 <Enter on-prem-1’s external IP address here>

5. To test connectivity to on-prem-1’s internal IP address, run the following command, replacing on-prem-1’s internal IP address with the value noted earlier:

ping -c 3 <Enter on-prem-1’s internal IP address here>

You should see 100% packet loss when pinging the internal IP address.

6. Exit the SSH terminal

Test connectivity from on-prem-1 to gcp-server

  1. For on-prem-1, click SSH to launch a terminal and connect.
  2. To test connectivity to gcp-server’s external IP address, run the following command, replacing gcp-server’s external IP address with the value noted earlier:

ping -c 3 <Enter gcp-server’s external IP address here>

4. To test connectivity to gcp-server’s internal IP address, run the following command, replacing gcp-server’s internal IP address with the value noted earlier:

ping -c 3 <Enter gcp-server’s internal IP address here>

You should see similar results.

5. Exit the SSH terminal.

Why are we testing both gcp-server to on-prem-1 and on-prem-1 to gcp-server?

For the purposes of this lab, the path from subnet-a to subnet-b is not the same as the path from subnet-b to subnet-a. We are using separate tunnels to pass traffic in each direction. And if both tunnels are not established, you won’t be able to ping the remote server on its internal IP. The ping might reach the remote server, but the response can’t be returned.

This makes it much easier to debug the lab during class. In practice, a single tunnel could be used with symmetric configuration. However, it is more common to have multiple tunnels or multiple gateways and VPNs for production work because a single tunnel could be a single point of failure.

Task 5. Create the Cloud Routers

Create the gcp-vpc Cloud Router

2. Click Create router.

3. Specify the following, and leave the remaining settings as their defaults:

4. Click Create.

Create the on-prem Cloud Router

  1. Specify the following, and leave the remaining settings as their defaults:

3. Click Create.

Prepare for VPN Gateways configuration

You need a static External IP address for each gateway. Create them now and note the IP addresses. You will use them later in the lab.

  1. On the Navigation menu, click VPC network > External IP addresses.
  2. Click Reserve Static Address.
  3. Specify the following, and leave the remaining settings as their defaults:

4. Click Reserve.

5. Click Reserve Static Address.

6. Specify the following, and leave the remaining settings as their defaults:

7. Click Reserve.

8. Note both IP addresses. You need to manually enter them in the next steps, where they are referred to as gcp-vpc-ip-address and on-prem-ip-address.

Create the first VPN

  1. Click Create VPN connection.
  2. Select Classic VPN option and click Continue.
  3. Specify the following, and leave the remaining settings as their defaults:

5. Under Tunnels, specify the following, and leave the remaining settings as their defaults:

6. For BGP session, click Create BGP session to open a pop-up dialog.

7. Specify the following, and leave the remaining settings as their defaults:

8. Click Save and Continue.

9. Click Done.

10. Click Create.

Create the second VPN

  1. Click VPN Setup Wizard.
  2. Select Classic VPN option in the wizard and click Continue.
  3. Specify the following, and leave the remaining settings as their defaults:

5. Under Tunnels, specify the following, and leave the remaining settings as their defaults:

6. For BGP session, click Create BGP session to open a pop-up dialog.

7. Specify the following, and leave the remaining settings as their defaults:

8. Click Save and Continue.

9. Click Done.

10. Click Create.

Task 6. Verify connection

  1. Note the internal IP addresses for gcp-server and on-prem-1.
  2. For gcp-server, click SSH to launch a terminal and connect.
  3. To test connectivity to on-prem-1’s internal IP address, run the following command, replacing on-prem-1’s internal IP address with the value noted earlier:

ping -c 3 <Enter on-prem-1’s internal IP address here>

If the ping fails, wait another minute for the VPN tunnels to connect, and ping again.

5. Exit the gcp-server SSH terminal.

6. For on-prem-1, click SSH to launch a terminal and connect.

7. To test connectivity to gcp-server’s internal IP address, run the following command, replacing gcp-server’s internal IP address with the value noted earlier:

ping -c 3 <Enter gcp-server’s internal IP address here>

If the ping fails, wait another minute for the VPN tunnels to connect, and ping again.

Task 7. Demonstrate Dynamic Routing

View the current routes

  1. Click Dynamic to filter.

Create a new subnet in on-prem

  1. Click on-prem to filter.
  2. Click Add subnet.
  3. Specify the following, and leave the remaining settings as their defaults:

5. This subnet is created in the same region as on-prem. Click Add.

Create a new utility VM in the new subnet

  1. On the Navigation menu, click Compute Engine > VM instances.
  2. Click Create Instance.
  3. Specify the following, and leave the remaining settings as their defaults:

4. Click Management, security, disks, networking, sole tenancy.

5. Click Networking.

6. For Network interfaces, click the Edit icon.

7. Specify the following, and leave the remaining settings as their defaults:

8. Click Done.

9. Click Create.

Test connectivity

  1. Note the internal IP address for on-prem-2.
  2. For gcp-server, click SSH to launch a terminal and connect.
  3. To test connectivity to on-prem-2’s internal IP address, run the following command, replacing on-prem-2’s internal IP address with the value noted earlier:

ping -c 3 <Enter on-prem-2’s internal IP address here>

If the ping fails, wait another minute for the VPN tunnels to connect and ping again.

5. Exit the gcp-server SSH terminal.

View the routes

  1. Click Dynamic to filter.

This concludes our Lab for — Establishing Dynamic VPN gateways with Cloud Routers.

Happy Learning !!!

Add Comment

Click here to post a comment