Why would you VPN over Direct Connect?

Simple – The speed and reliability will outperform an over-the-internet VPN!

What do you need to do set this up?

This is two distinct steps. Step 1 – Setup your Direct Connect (or Cloud Interconnect). Step 2 – Set up a VPN, just like you ordinarily would.

Step 1 – Set up a Cloud Interconnect

In G CP, there are two ways to get an interconnect. A dedicated Interconnect (that GCP offers) and a partner Interconnect (through a BGP partner). Both are high speed, dedicated connections to the GCP platform.

 

1. Order a Dedicated Interconnect

Submit an order, specifying the details of your interconnect. Google emails you an order confirmation. After your resources have been allocated, you’ll get another email with your LOA-CFAs.

2. Send LOA-CFAs

Send the LOA-CFAs to your vendor (A Letter of Authorization and Connecting Facility Assignment). They will provision the cross connects between the Google peering edge and your on-premises network. Google automatically starts testing the light levels on each allocated port after 24 hours.

3. Test the interconnect

Google sends you automated emails with configuration information for two different tests. First, Google sends an IP configuration to test light levels on every circuit in an interconnect. After those tests pass, Google sends the final IP configuration to test the IP connectivity of each interconnect’s production configuration.

Apply these configurations to your routers so that Google can confirm connectivity. If you don’t apply these configurations (or apply them incorrectly), Google sends an automated email with troubleshooting information. After all tests have passed, your interconnect is ready to use.

4. Create VLAN attachments and establish BGP sessions

When your interconnect is ready to use, you need to connect VPC networks to your on-premises network.   To do that, create a VLAN attachment, specifying an existing Cloud Router that’s in the VPC network that you want to reach. Using the information from the attachment, establish a BGP session between the Cloud Router and your on-premises router to start sending traffic between networks.

Step 2 – Setup a VPN over Cloud Interconnect

Google has a VPN offering called Cloud VPN.  If you thought that it would be as simple as ordering Cloud VPN over the Direct Interconnect, you would be mistaken. Cloud VPN (Google’s VPN offering) cannot be combined with either the dedicated interconnect or the partner interconnect. 

Your only choice is to roll your own VPN (i.e. reuse whatever VPN you have already in use).

AWS Specific

In AWS, each Direct Connect can be configured with one or more Virtual Interfaces.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin