Interconnecting Networks

Question 1

Cloud VPN definition and uses

Answer 1

Connect on-premises network to Google Cloud VPC network. Useful for low-volume data connections. Encrypted and decrypted at gateways - travels over public internet. 99.9% SLA

Question 2

Cloud VPN supports and does not support

Answer 2

Supports:
Site to site VPN
Static routes
Dynamic routes (with Cloud Router)
Ciphers
Not Supported:
Dial in VPNs

Question 3

Cloud VPN Infrastructure

Answer 3

Cloud VPN gateway, on prem VPN gateway, and 2 VPN tunnels.

Question 4

Cloud VPN Gateway Network Position (Zone, Region, Multiregion, etc)…

Answer 4

Regional

Question 5

HA VPN Gateway Benefits and Restrictions

Answer 5

99.99% Service Availability
Two external IP addresses (required for SLA)
2 or 4 tunnels (required for SLA). 4 tunnels required for AWS interconnecting
Must use dynamic (BGP) routing

Question 6

HA VPN Configurations

Answer 6

An HA VPN gateway to peer VPN devices (1 or 2)
An HA VPN gateway to AWS virtual private gateway
2 HA VPN gateways connected to each other

Question 7

Cloud Router

Answer 7

Allows dynamic (BGP) routing. For example, adding a subnet and propagating changes.

Question 8

Cloud Router and Peer Gateway IP Address

Answer 8

Must be link-local (in range 169.254.0.0/16 & not part of IP address space of either network)

Question 9

Dedicated vs Shared

Answer 9

Dedicated provide direct connection to Google’s network. Shared provide connection to Google’s network through a partner

Question 10

Layer 2 vs Layer 3 & Names

Answer 10

Layer 2 (Interconnect) use VLAN pipes directly into GCP environments to internal IP addresses of VPC. Layer 3 (peering) provide access to Google Workspaces services, YouTube, and Google Cloud APIs using public IP addresses (not VPC).

Question 11

What is a useful addition to Direct Peering and Carrier Peering?

Answer 11

Cloud VPN - allows encryption

Question 12

Dedicated Interconnect

Answer 12

Direct physical connection between on prem network and Google. Router needs to be in a colocation facility. Needs Cloud Router with BGP. Good for transferring large amounts of data. 99.9 or 99.99

Question 13

Partner Interconnect

Answer 13

Provides connection between on prem network and VPC network through a supported service provider. Good if not near a colocation or if data needs dont require dedicated interconnect. 99.9 or 99.99

Question 14

Cloud VPN vs Dedicated Interconnect vs Partner Interconnect Capacity

Answer 14

Cloud VPN - 1.5 Gbps (public traffic) to 3 Gbps (direct peering link)
Dedicated Interconnect - 10 Gbps or 100 Gbps per link
Partner Interconnect - 50 Mbps to 10 Gbps

Question 15

Direct Peering

Answer 15

Connection between business network and Google’s Cloud products. No SLA. Requires Edge Points of Presence. 10 Gbps per link

Question 16

Carrier Peering

Answer 16

Similar to direct peering, but through a partner

Question 17

Interconnect and Peering Decision Tree

Answer 17

Do you just need to use Google APIs and services? Peering. Meeting peering requirements? Direct Peering. Else Carrier Peering.
Do you need to reach VPC? Can you meet at Google colocation facility? No -> Consider Cloud VPN for modest, trials, or encrypted traffic. Else Partner interconnect. If you need more than 10 Gbps and handling encryption yourself, dedicated interconnect. Else partner interconnected

Question 18

Shared VPC

Answer 18

Can connect resources from multiple projects to a common VPC network. With internal IPs. Designate one project as host project and attach 1 or more service projects to it. Must be same org. Can’t be in same project.

Question 19

VPC Peering

Answer 19

Allows connectively between 2 VPC networks regardless of if in same project or org.

Question 20

Shared VPC vs VPC Peering

Answer 20

Shared VPC is centralized (shared vpc admin, shared security and network admin), VPC peering is decentralized (each project has own security and network admin).