MCR Connections to Google Cloud Platform using GCI Partner
Google’s private interconnection service is called Google Cloud Partner Interconnect (GCI Partner). When connecting to Google Cloud Platform (GCP) via GCI Partner using Megaport Cloud Router (MCR), customers establish Layer 3 connectivity peering directly from their MCR with their Virtual Private Cloud (VPC) within the Google Cloud Platform.
Benefits of Creating GCI Partner Connections with Megaport
- Enhanced security and higher network performance
- Connectivity reach beyond Google’s existing network locations
- Scalable connectivity for those who do not require the full bandwidth of Google’s Dedicated Interconnect
- Savings on egress traffic costs from the customer’s VPC network to their on-premises network
- API integration between Megaport and Google Cloud which simplifies the provisioning of connections for a fast and seamless experience
- Layer 3 routing capabilities without having a physical router located in a data centre
Key Google Cloud terms to understand:
- Virtual Private Cloud (VPC)
A group of cloud resources within GCP. VPC provides a comprehensive set of Google-managed networking capabilities including granular IP address range selection route, firewalls, Virtual Private Network (VPN), and Google Cloud Router.
- Partner Interconnect Attachment (VLAN-Attachment)
A virtual point-to-point tunnel between an Interconnect and a single region in a VPC network. The VLAN will attach to a Google Cloud Router in the customer VPC.
Note: One BGP session per VLAN attachment. QinQ is not supported.
- Google Cloud Router
The Cloud Router is used to dynamically exchange routes between the VPC network and the customer’s on-premises network through BGP. The customer configures BGP session between their on-premises router and Cloud Router. The Cloud Router advertises subnets in the VPC network and propagates learned routes to those subnets. For more information about Cloud Router, see the overview in the Cloud Router documentation.
- Pairing Key
Pairing Keys are established when creating the Interconnect attachments. The customer will need a Pairing Key when creating a VXC in the Portal. Multiple keys are required if the customer desires a redundant solution.
Note: GCI Partner provides access to a customer’s private VMs in Google Cloud. G Suite and other products are public resources and need to be accessed over public peering. Access to other GCP services through APIs on the VMs is allowed.
Megaport does support Direct Peering to access Google’s public resources via Internet Exchanges: MegaIX, and AMSIX. For more details on Direct Peering, click here.
Google recommends that customers consider implementing a redundant solution. The customer can configure a single attachment for a non-redundant service. Google provides SLAs of 99.9% and 99.99%. To configure a 99.9% or 99.99% SLA, they will need to create additional VXCs.
How to Create a VXC to Google Cloud Platform
- Create a Partner Interconnect attachment in Google Cloud Console or gcloud CLI.
- The Pairing Key is provided as part of the attachment creation and will need to be copied and applied in the Portal.
VXC Deployment Steps
First, you will need to log in to your Google Cloud Console and create a Pairing Key: Google Console Link.
Next, click on the main menu in the Google Console, then select ‘Hybrid Connectivity’, and ‘Interconnect’ from the drop-down.
Next, click ‘Get Started’. You will then be presented with two options. Select ‘Partner Interconnect’ and ‘Continue’.
Next, select ‘I already have a service provider’.
Next, you will need to configure your attachment.
To finish the attachment configuration, fill in the following details:
- Redundancy: Review the options for redundancy and select. You can create redundant attachments or single attachment. In this example, we are creating a single attachment.
- VPC Network: Select the VPC network to which you want to connect your VPC.
- Region: Select the region to which your attachment will connect.
- Cloud Router: Obtain a Cloud Router to associate with this attachment. You can only choose a Cloud Router in the VPC network and region that you selected with an ASN of 16550. If you don’t have an existing Cloud Router, create one with an ASN of 16550. For redundancy, each VLAN attachment must be associated with a unique Cloud Router. Google automatically adds an interface and a BGP peer on the Cloud Router.
VLAN attachment name: Type out in lowercase only.
Note: You can add a description. This field is not required.
When finished, click ‘Create’.
Next, you will be presented with a Pairing Key. Copy this and click ‘OK’.
Create VXC in the Megatal:
- Create a GCI Partner VXC. Provision a VXC in the Portal to your chosen Google peering location.
To create a GCI Partner VXC, click ‘+Connection’ on the MCR to which you want to attach your VXC. The example below reflects ‘Google GCI Partner MCR’ as the customer-named Megaport selected.
Next, select the ‘Cloud’ tile.
Next, select the provider as ‘Google’. Copy and paste the Pairing Key from the Google Cloud Console into the field in the right-hand panel and you will be presented with the relevant Google targets based on the region you chose to deploy your GCI Partner connection in the Google Cloud Console. Select your chosen target location for your first connection and select ‘Next’.
In the next panel, you will need to complete the following fields:
- Name Your Connection – This is a free text field allowing you to assign an easily identifiable name for this connection.
- Invoice Reference – This field may be populated or you can choose to leave it blank.
- Rate Limit – Select the Google port speed.
Next, you will be asked to configure your BGP detail. From the MCR Connection Details window, each Cloud VXC requires IP address input to establish the BGP Peering. Google will be providing the IP addressing for you to configure your BGP after the VXC has been deployed. We will revisit this section with the updated Google IP assignment to complete BGP peering once activated in the Google Console. You can leave this blank and proceed.
Once you have finished this configuration, you are ready to add the VXC to your cart and configure further VXCs or proceed through the checkout process and deploy your VXC.
Wait a few minutes and you will see the dot on the left-hand side of your VXC turn from red To green. This indicates Layer 2 connectivity has been established.
Next, go back to the attachment created in the Google Console. Note: Status should show ‘Activation needed’. If the status shows ‘Pending partner’, you may need to refresh your screen or wait a couple of minutes for it to change to ‘Activation needed’.
Click the ‘ACTIVATE’ icon in the upper right-hand corner.
You will then be asked to accept your connection. Click ‘Accept’ and wait a minute. The status will update to ‘BGP configuration needed’.
Next, you will need to configure BGP on the attachment. Click ‘Configure BGP’.
In the next window, add your Peer ASN. This will be the ASN assigned to your MCR. You can use any private ASN or Megaport MCR assigned ASN 133937. If you are configuring redundant VXC / attachments, set route priority. Next, click on ‘Save and Continue’.
Now, proceed back to the Megaport Portal. Click on your VXC and select ‘Configure A-End’ tab. Delete the IP previously configured by clicking on the trash can symbol next to the IP addresses.
Next, you will configure the BGP using the IPs provided by Google and the ASN assigned to the Google Cloud Router (ASN – 16550) and ASN configured in the Google Console BGP blade (ASN-133937).
For each attachment, Google will assign a /29 for your BGP configuration. IP address a.b.c.d +2 will be assigned to the MCR. Google will assign a.b.c.d + 1 to your Google Cloud Router. In this example, Google has provided 169.254.135.16/29.
You can now begin to configure your BGP on the MCR.
In the first field, ‘IP Address’, you will configure the IP address assigned to your MCR. This will be the a.b.c.d +2 address from the /29 provided by Google. Note: it is also noted as the Local router IP shown in the Google attachment. In this example, we are using 169.254.135.18/29.
Now, you will configure ‘BGP Connections’. Click on the + symbol next to BGP Connections (1).
Next, Configure the following fields.
- Local ASN: 133937 – This is the default Megaport MCR ASN. However, you may use another valid private (or public) value as required. Note: this must match the ASN you used to configure the Peer ASN in the BGP blade of the Google Cloud Console.
- Peer ASN: 16550 – This is the ASN of the Google Cloud Router. Your Google Cloud Router ASN will always be 16550.
- Local IP: Selected via the drop-down item, this will be populated from the /29 IP address range provided by Google. a.b.c.d +2. In this example, we will use 169.254.135.18/29.
- Peer IP: This is a manually entered value and should be the CIDR notation of the IP address a.b.c.d +1/29. This will be the IP Google assigns to the Google Cloud Router to which this connection is attached. In this example, we are using 169.254.135.17/29
- BGP Auth: Leave this field blank. Google currently does not support.
Next, Click ‘OK’ (2) and then ‘Apply’ (3). The BGP has now been configured on the MCR.
To confirm the BGP is up in the Portal, click on the VXC and then on the Logs tab. It should show as ‘BGP Established’. Also, proceed to the Google Cloud Console attachment. The attachment will show ‘BGP UP’. Note: Please allow a few minutes for the BGP Peer to establish.
In Google Cloud Console, follow the instructions here.
Note: Should you wish to deploy a second GCI Partner connection, (and this is recommended), you will need to create a second attachment in the Google Cloud Console; copy the new Paring Key into the Portal, and repeat the steps above.
For additional details on Google Cloud Partner Interconnect, please reference this link: Provisioning Google Partner Interconnect.