Google Professional Cloud Network Engineer – Implementing Hybrid Interconnectivity
- Section 4 – Implementing Hybrid Inter-connectivity
Implementing hybrid interconnectivity. In this particular section, we are going to get into details of configuring interconnect configuring side to side IP SEC VPN and we are going to get into demo only because we already saw theory configuring cloud router for reliability. Again, demo only and not the theory. We already saw cloud router as the theory. So we are going to see configuring interconnect in the next lecture. Thank you.
- 4.1 Configuring Interconnect.
Cloud Interconnect in this lecture we are going to cover some topic around cloud interconnect. We are not going to have a detailed demo of cloud interconnect, just high level thought around the partner interconnect which is layer three versus layer three connectivity virtualizing using VLAN attachment and bulk storage upload. Because I do not have any VPN which I can demonstrate or my own network which I can demonstrate to connect it to GCP because where I work it is not allowed for me to demonstrate that. But I’m going to get into some level or some thoughts around these two points and some more detail around the bulk storage upload. We already saw these ones as interconnect options. But if we look at if you want to map it to layer two and layer three and this is again the slide from the Google website GCP website. So you can have for layer two you have direct connectivity interconnection options that is dedicated interconnect and partner interconnect and that’s where you have RFC 1918 address Space Exchanges if at all.
You do not need address based exchanges. You just want to access your GCP services or Google services and you want to reduce egress fees. That’s where you can use direct Peering versus and Carrier peering you can have on top of it you can have VPN tunnel created so that your traffic gets encrypted on those peering connections. But this is layer two and layer three connections. If at all there are any questions around layer three versus layer two connections, then definitely this is the diagram which you need to remember and answer appropriate questions. Villain Attachment this is purely if you look at what does it mean by VLAN attachment? There are villain attachment. You can look for partner options. Let me go here so you can actually get into details of how you can attach the VLANs. In fact, I can go in here and I can show you in cloud interconnect networking you can go to hybrid connectivity here, you can go here and I can say dedicated interconnect.
I can have an option like first one is dedicated, the second one is the partner. The restrictions, what is required, all of that is already covered. I’m just giving you high level thoughts around it. But if I choose, say partner interconnect and continue, it will ask you this wheel and attachment I already have a service provider or find service provider. Let me go ahead and cancel it and get started. Let me select the dedicated interconnections, continue, order new dedicated connections or add villain to an existing dedicated connections. I would say order new. I can create, say my interconnect choose facility. I can choose facility. Let me choose it from I can say select this one next for redundancy I can use another one connection backup interconnect. I can choose a different location altogether in New York because if at all this particular connection goes down, I should have a backup the company name Systec info at I’m just giving an option here just to reach to that point and I can actually place an order, right? If I have an interconnection option, you can go here or you can actually choose Dedicated Continue and you can add wheel and attachment on top of existing dedicated connections. I do not have existing one existing interconnection option, so I will not be able to choose it. But that’s where you can use VLAN attachment.
Bulk Storage upload if you want to transfer the data onto Google Cloud platform from your own data center or on premises, there are multiple options which are available for you to do it. The list of options that we have is Online Transfer and Offline Transfer. Online Transfer. In that case, you can use Google storage bucket online transfer, which is Google Cloud storage. You can use S three Bucket Transfer or you can actually go ahead and give the list of URLs to transfer the data, right? So online transfer. And in online transfer itself, you have cloud storage transfer service. Okay, the second one is Transfer Appliance, and this Transfer appliance is the device which you can actually get it if the data is more than 20 terabytes. That’s where you use transfer appliance service.
You can order the transfer appliance once the device is arrived, you can transfer the data into the transfer appliance and ship it back to Google. And Google will make sure that they will upload the data in your desired location. In Google Cloud platform, that’s another offline service. But besides that, you have BigQuery Data Transfer service also where you can actually schedule the big chops and transfer the data onto BigQuery. Here are some of the numbers which you can actually use it to understand how much time it is going to take for your data. As an example here, if your data is 100 gigabit or GPS and you have ten Mbps line, it is going to take 30 hours of time to upload 100 GPS. And if your data is somewhere around 100 terabytes and you have one Gbps line, it is going to take twelve days.
And this is actually the time which it is going to take when your data transfer speed is very consistent in nature and you are going to get and these particular matrix will help you to understand what service to use it. I just put forward some of the images which are available for me. You can even see this online as well. These are the transfer appliances which will be shipped by Google to you using one of their provider shipping provider. You can actually take this device, load your data and then ship it back to the Google and Google will transfer your data back from your this transfer appliance to the Cloud storage or your desired location. That’s it guys. On this particular topic, if you have any questions around it, let me know. Otherwise you can move to the next lecture. Thank you.
- 4.2 Configuring a site-to-site IPsec VPN
Hello, Cloud. VPN Demo. So what we are going to do is we are going to create two different network here. As we saw earlier, I will not be able to create anything as a data center connection, but what I’m going to do is I’m going to create two different network in the same project, and then I’m going to connect them with the VPN. And then we are going to test the connectivity. So the steps are we are going to create the networks, independent networks we are going to create the VM and open the firewall so that they can communicate. We are going to create VPN gateway and that is how there is a connection between the two networks. We are going to reserve the static IP for both the networks. We are going to create forwarding rules so that if there are requests for a specific IP address and that is from the other network it will be forwarded perfectly to that particular network and then we are going to create tunnel and the tunnel is the way for your traffic to flow from one network to another.
We are going to create a route and then we are going to create virtual machine in. We are going to test the connectivity between virtual machine One and virtual machine Two between the network and that’s once the connectivity is established you can think of VPN is set up properly. So let’s go ahead. I have created this cheat sheet which you can use it if you want to try it on your own. Let me go to the console to start the connection. So if you look at here in my dashboard I need to go to VPC networks to create the network and the network which I need both the network are custom network. Okay, I already have one custom network which I don’t want it now I’m going to delete this particular custom network I will let it get delete but in the meantime I’m going to create VPC one and this is custom network. I’m going to create subnetworks and the subnetwork is this one VPN subnetwork one, subnet one and the region which I’m going to select for this subnet is year of west one.
I’m going to give IP range. I am going to use the similar IP range which I have used earlier on my earlier demos and create so VPC One is getting created. Let me create another one. VPC Two. And in here I’m going to create subnetwork two. And this subnetwork two is related to which one? Subnet Two is related to Asia East One IP range. I’m going to use it 1010 Two. The next steps are we need to create a virtual machine and open firewall between them, right? So let me go ahead and create one virtual machine in each network subnetwork. So I need to create one virtual machine in this subnetwork and second one is in the other one. Let me go to the compute service VM one. And this I wanted for Europe. West One. Europe west one b I’m going to select small micro and in networking I’m going to select my network for Europe. So that’s the VPC one and that’s the subnet one. I’m going to keep all other things at same create.
I’m going to launch another VM VM two and this is in Asia East one. And I’m going to select another networking, another network that is now VPC for my subnet two. All other things are same create. So my step number to part one is over. I need to open the firewall so I can create firewall. I need to go to network firewall rules. Okay, you can see there are firewall rules already created for default network. But I’m going to create it for VPC one and VPC two. So let me create VPC one firewall. The network is VPC one. And what I’m going to do is I need to open open this traffic and specify from anywhere and all instance in the network. I’m going to keep that all instance in the network should be applied. This particular firewall rule, VPC one allow ICMP and SSH create. I’m going to create another firewall. This time it is VPC to VPC to allinstance zero zero all connections.
Okay, now this particular step is over. Now step number three, let’s go ahead and create a VPN gateway. So what you to do this you need to execute Gcloud command. You can actually execute cloud command using your own shell. You can install, download and install SDK google SDK or what you can do is you can go to cloud shell in the console itself to pop up cloud shell. Let’s just go here and then we are going to launch connections from here. What it does is it check first the project ID. What project ID? We are using it. If it is the same project then we are good if it is, if you are using multiple projects, you want to specify the project ID here and carry on to create VPN one and VPN two connections.
Okay, so I’m going to use Gcloud training and that’s the project ID. So I’m not going to modify this one. Let me go ahead and create the VPN one. Typically you can think of this is very hard way of doing it. You have option to execute some of the commands from the front end itself. Consolidating all other steps together. But this is you can think of hard way of doing it. I’m going to create another demo with the cloud router. And there I’ll show you how you can create VPN connection using the UI. So this one is created now for your VPN one. I’m going to create gateway for VPN two for Asia. So you have VPN one and VPN two. Gateway created for VPC one and VPC two respectively.
Step number four, reserve static IP address for each network. So let’s go ahead and reserve the static IP address. I have given the command here, gcloud command. So what it will do is it will take the addresses for the region. And the region we are saying is Europe West one. So there is static IP created. I’m going to create another one for Asia East. Okay, this is again created. If you can actually see the list of addresses which you have reserved, you can see it here. Or you can go to external IP addresses and then you can find those two IP addresses here with your names. What I’m going to do is I’m going to create environment variable for those IP addresses for easy use here after in all the scripts. So VPN one. And that’s VPN one is Europe. VPN two addresses is this one, which is Asia. So we have created this environment variable. And let’s go ahead and create the forwarding rule. For forwarding rule, you need to create it for ESP, UDP 500 and UDP 4500.
So let me go ahead and create it for ESP first. Good. ESP two. And then UDP 500 Uodp 4500. And for VPN two as well. Okay, I should have given the different names, but they should be fine. These are just names to it. VPN Two, VPN. We can leave it here. There is no problem with it. Verify external IP addresses. You can go ahead and check the external IP addresses here. And then you can run VPN gateway. So this is VPN gateway list. So we are done with step five as well. Let’s go to step six. So you want to create VPN tunnel. So tunnel from VPC one to VPC two and then VPC two to VPC one. I have created this command so that you can use it directly.
Okay, the tunnel has been created. You want to verify that with the command here. Okay. Gcloud tunnel list. Now create the route between VPC one two and two to one. So this is just a route creation. One route is created, second route is again created. Okay, it’s all good. So let’s go ahead and test the connectivity. Let me go to Virtual machine compute Engine virtual Machine instances. Okay. Launch VM one. Okay, ping so from VM one, we want to ping VM two. Okay, it is not known. Let me bring ten two two, right, that’s the VM two IP address. See, the connection is going. So in nutshell, what we have done is we have let me go here. So what we have done is we have created this particular network. This network. Then we have created virtual machine inside it. Then we have opened the firewall so that these virtual machine instances can accept the connection.
And then we have created these gateways. We have reserved the static IP addresses for both the network. We have created forwarding rules so that this particular network understand if set of IP range where the request should be forwarded to. We have created a tunnel, then we have created routes, and then we have tested the connectivity between VM one and VM two. This is how you can go ahead and create the VPN connection. If you have any question on this one, let me know. I’m going to put forward these cheat sheet into Resources section. You can actually download that and utilize it for your own lab purpose. Thank you.
- 4.3 Configuring Cloud Router for reliability.
In this particular demo. What we are going to do is we want to do the routing based on this is based on the router and we will follow the same process, but this time we will use the UI. What I’m going to do is I’m going to utilize the existing virtual network work as well as the gateways. I’m just going to modify certain things and just let me go to console so that we can start doing it. What I want to do is so this was the virtual machines which we have created earlier for the VPN which is based on the router static routing. Let me go to interconnect VPN. You can actually see those tunnels, VPN gateways are there, right? If you click on the VPN gateway, you can see all those forwarding rules configured and tunnel associated to it is these tunnels are route based.
You can see it or you can just go here tunnel and then click on it and then see. And this is route based tunnels. One is in Europe West and the other one is in Asia East. One tunnel and the connection is established. So what I’m going to do is I’m going to delete these tunnels and I’m going to create another tunnels for our gateways. So let me go ahead and let me go to VPN one, VPN one and I’m going to delete this particular tunnel. Let me go to VPN two and delete this tunnel. Okay, so there are no tunnels now, it’s only gateways. Hello. So what I have done is I have just read on the architecture which we want to implement. So we are going to use router one. I just put forward some labels here so that we can understand. We are going to use the same process from creating network virtual machine firewall VPN gateway, reserve IP for both network creating forward rules.
All of this is created in our earlier lab. The only thing which I am going to do is I have already deleted the tunnels and I’m going to create router. I’m going to create tunnels with the BGP session and then I’m going to test the connectivity. And additionally what I’m going to do is I’m going to add additional network which is additional subnetwork in Europe West. That’s the subnetwork three. And then I’m going to create a virtual machine three inside it. And then I’m going to test the VM 32 VM two connectivity. Just to reiterate, I’m going to create router Cr one with ASN one and then cr two with ASN 650 zero two while creating the BGP link. So if I have to say create the BGP link from here to here, I’m going to use 650 zero two ASN for this particular router, which is router two and vice versa. I’m going to rotate the IP addresses as well for both the things.
So let’s go ahead and go to this one tunnels. I don’t know what is happening to this one. This was earlier tunnel which we had it. So what I’m going to do is I have deleted those tunnels. I’m going to create or add the tunnels. But before I do that, let me go to the interconnect and create some routers. So router is the first router which I’m going to create is Cr One. And that is in VPC one. This one europe. And then I’m going to create it in Europe, west one, google ASM which I’m going to use is create router. I’m going to create another router which is Cr Two. This time it is VPC two. And it’s in Asia. East One. And I’m going to use a different ASN and create.
Okay, the routers are now created. Let me go to the VPN connection and add the tunnel. So this is VPC one and VPN Connection one. So let me go ahead and create the tunnel. Tunnel one from one to two. So what we want to create tunnel from this one to here. So one to two. Okay. The IPRs which we are going to use, it here is for this particular network. And that’s the second IP address which we want to use. It I have for Asia. This is the IP address which we are going to use it so from Europe to Asia. So that’s the destination IP. I’m going to select Router Cr one. And here I’m going to create a BG position here. BGP one, two, two. And Pierre SN. This peer ESN comes from. So now I’m creating this one. So I should be using this router’s ASN, which is 656-5002 that’s appear ASN. And then I’m going to use one IP. This 169, 254, dot, zero dot, one and the same with two, right? Okay. And create.
Okay, give any of your secret name, that’s one. Take some time actually to show that up here I’m going to create another tunnel under VPN two. Add tunnel. This is tunnel two for me. Tunnel two. And this is from two to one. And here I’m going to use the other IP address which is now we want connection from ACR to Europe. Okay. Router. Which are? Here is Cr Two. And the BGP station here we want to create BGP two, two, one. From two to one. The ASN here is 65001. If you look at the architecture here. So for first router, it’s 650, zero, one. And then I’m going to reverse the IP address because that’s how it gets connected for the PR IP. So 1692-5402-1692-5401 and that’s it create.
So tunnel must be creating here. Okay. So I’m going to pause the video for these tunnels to get created. And then we’ll come back. Okay. We see the tunnels has been created. I think there is still some of the sources getting allocated and like that status here. But we are going to check the ping if it goes from wow, that works. So you can actually see that the connection between two instances. Let me go to compute virtual machine. So between these two instances I am in VM one, I am connecting from VM one to VM two and the connection is established. Now that is the dynamic routing. I’m going to add the subnet here again and we’ll see that whether the connection is still exist and working fine. Let me go to VPN one and see if there are we can see the traffic for this one monitoring. Okay, so there is a kind of connection or traffic which is going or flowing through.
Okay, tunnel one to two and then let me see tunnel two to one. There is no data. So let me do one thing. Let me go here virtual machine two that’s in Asia and ping virtual machine one and let us see if we get the traffic in the monitoring ping. Ten one, one, two. You can see there is a traffic very small in the crop that is flowing through. We can probably wait for some more time and then see the actual traffic which is going. But now what I want to actually do is come back to this thing. I want to go ahead and create another subnet in VPC one and one virtual machine inside it. So let me go to networks VPC network and then in VPC one which is in Europe, I want to create another subnet, add subnet, okay. So in the meantime, what I’m going to do is I’m going to add subnet. So subnet three it’s in VPC one and then I’m going to add it to the same region because otherwise I need to have another cloud router which I need to create.
So 10, 12, 24, that’s my IP range. Let me go ahead and create it. Okay, now let me go ahead and create virtual machine. This is VM three, europe, okay, europe west one, B, small instance, micro instance and let me go and modify the networking parameter. I want to use VPC one and there is subnet three which I can use. Done create. So virtual machine is getting created. So what I’m going to show is I should be able to ping from VM one to VM three seamlessly without modifying the native because a router is already there which is taking care announcing these networks for BGP two actually refresh the network. It takes some time. If we don’t get the response very early then you can wait for some time and then do it. Okay, here we are. Let me just see.
There is a connection already exists with VM two. Now let me ping to VM three. There is connection exist. So what we want to do is we want to test from VM two to VM three which is in different network altogether. We have connectivity and that is how a BGP routing or dynamic cloud router will help us to discover network. That’s it guys. For dynamic I’m going to put this particular document for your reference so that whenever you want to try it, you can actually get this particular information and then go ahead and create your own cloud router. That’s it for the demo. Let me know if you have any questions. Make sure that you delete all the resources when you are done with the demo.