Google Cloud under Hyper-Connectivity can be explained under four different areas:
- Cloud VPN
- Cloud Interconnect
- External Peering
- Cloud DNS
What is Cloud VPN?
- Google Cloud VPN connects your on-premises network to your VPC Network through IPSec VPN Connection.
- Traffic is encrypted between two networks at one VPN Gateway, and is decrypted at the other VPN Gateway.
- There are two types of Cloud VPN Gateways; HA VPN and Classic VPN.
- VPN supports two types of routes such as Static routes and Dynamic Routes.
- Let us consider an example such as a VPN tunnel which connects the Google Cloud Network and to the rack of 29 subnets in on-premises.
- With static routing, You need to update the VPN tunnel which in turn adds the static routes to GCP and the new subnet will be added by restarting the VPN tunnel.
- Dynamic routing through VPN is supported through Cloud Router.
Cloud Router activates you to dynamically exchange routes between your VPC network and on-premises network. It is the router that runs on the cloud to provide BGP routing.
- The job of a BGP is to discover and dynamically show new route changes in a network.
- If you are peering with Google in multiple locations having several internal routes, and you want to know about new routes, Cloud Router is a good option.Example: Assume that you have a new environment called Analytics which has a new Subnet range that needs to be known to the on-premises peering network. By using Cloud Router, you can announce that a new subnet range is available. Therefore, the existing BGP router in on-premise will update its routing table and send this information to the analytics process.
If you want a direct physical connection between your on-premises network and VPC network then Cloud Interconnect is your choice.
- Google Cloud Interconnect provides direct physical connection and RFC1918 communication between on-premises and Google’s network.
- The traffic between on-premises and Google cloud does not touch public internet. Therefore, the traffic travels through a dedicated connection, resulting in fewer points of failure.
- The VPC network IP address can be accessed directly from the on-premises network over a dedicated connection, while an external IP address can be reached only through a separate connection.
- The speed of content delivery is 10 Gigabytes per second over one or more ethernet connections (maximum of 8).
- Cloud Interconnect has two options – Dedicated & Partner:
A. Interconnect (Dedicated):
Provides a direct connection between on-premises and Google network.B.Interconnect (Partner):
Provides a connection between on-premises and Google cloud through a service provider.
For Interconnected Cloud Option:
Dedicated Interconnect is used for direct physical connections between an on-premises network and Google’s network.
- A cross-connect is provided between Google network and an on-premises router in a common co-location facility. This cross-connect is called a Dedicated Interconnect.
- A BGP Session is arranged over the interconnect between the on-premises router and cloud router.
On-Premise Network (Partner Connected)
- An On-Premises network can be connected to a VPC Network through a Service Provider.
- Use Partner Interconnect in cases when a data center cannot reach a Dedicated Interconnect, or if data does not require a 10 gbps connection. (*Important)
Direct Peering refers to a private connection between an individual and Google, or an organization and Google by exchanging Autonomous system numbers
- Autonomous system number is an identity on the internet that represents the block of IP Address.
- Internet traffic can be exchanged between a network and Google’s network at one of their broad-reaching edge network locations.
- Direct peering is done by exchanging routes between Google and the Peering Entity.
Carrier Peering – There is a middle-man called Service Provider.
- Carrier Peering enables to obtain Enterprise-grade network services that connect your infrastructure to Google by using a service provider.
- You will be provided with connections of High availability and Low latency.
- To peer with Google, you need an Autonomous System number (15169).
Key Concepts to Remember in Peering:
- Border Gateway Protocol (BGP) – To route traffic among different internet service providers, or to entities that are assigned their own ASN’s. (*Important)
- Private Network Interconnect (PNI) is defined as Private Peering.
- Peering DB is a web-based database of networks that are interested in peering. It is also used to identify candidates for peering.
- Private Google Access enables VMs on a subnet to reach Google’s API and services by using Internal IP address.
- It allows VMs to connect to Google’s services without internet access.
What is Cloud DNS?
- Google Cloud DNS is the only service that provides 100 % Service Level Agreement (SLA).
- Cloud DNS is a Global Domain Name System which publishes domain names to global DNS in an effective way.
- Cloud DNS offers both public and private managed DNS Zones.
- Public zone is available to open internet, whereas private zone is available to one or more VPC Networks.