Interconnecting Networks VPN Flashcards
Googles different network connectivity solutions:
GCP’s hybrid connectivity products, are Cloud VPN, Cloud Interconnect, and Peering.
What Cloud VPN does
Cloud VPN securely connects your on-premises network to your Google Cloud VPC network through an IPsec VPN tunnel.
Cloud VPN is useful for low-volume data connections.
As a managed service, Cloud VPN provides an SLA of 99.9% service availability
how id Cloud VPN data protected
Traffic traveling between the two networks is encrypted by one VPN gateway, then decrypted by the other VPN gateway.
Which type of connection Cloud VPN supports
supports site-to-site VPN, static and dynamic routes, and IKEv1 and IKEv2 ciphers.
Cloud VPN doesn’t support use cases where client computers need to “dial in” to a VPN using client VPN software.
Also, dynamic routes are configured with Cloud Router
What types of Cloud VPN Google provides
Clasic VPN
HA VPN
Classic VPN connection between your VPC and on-premises network needs …
In order to connect to your on-premises network and its resources, you need to configure your Cloud VPN gateway, on-premises VPN gateway, and two VPN tunnels.
What types of resources are needed for Classic VPN connection
The Cloud VPN gateway is a regional resource that uses a regional external IP address.
Your on-premises VPN gateway can be a physical device in your data center or a physical or software-based VPN offering in another cloud provider’s network.
This VPN gateway also has an external IP address.
VPN tunnel then connects your VPN gateways and serves as the virtual medium through which encrypted traffic is passed. In order to create a connection between two VPN gateways, you must establish two VPN tunnels.Each tunnel defines the connection from the perspective of its gateway, and traffic can only pass when the pair of tunnels is established.
Quota for VPN gateway
maximum transmission unit, or MTU, for your on-premises VPN gateway cannot be greater than 1460 bytes.
HA VPN
HA (high availability) VPN is a high availability Cloud VPN solution that lets you securely connect your on-premises network to your Virtual Private Cloud (VPC) network through an IPsec VPN connection in a single region.
HA VPN provides an SLA of 99.99% service availability.
What HA VPN needs to establish connecition
To guarantee a 99.99% availability SLA for HA VPN connections, you must properly configure two or four
tunnels from your HA VPN gateway to your peer VPN gateway or to another HA VPN gateway.
HA VPN gateway needs…
HA VPN gateway, Google Cloud automatically chooses two external IP addresses, one for each of its fixed number of two interfaces.
Each of the HA VPN gateway interfaces supports multiple tunnels.
(You can configure an HA VPN gateway with only one active interface and one external IP address; however, this configuration does not provide a 99.99% service availability SLA.)
How to configure VPN tunnels for HA VPN gateways
VPN tunnels connected to HA VPN gateways must use dynamic (BGP) routing.
HA VPN supports site-to-site VPN recommended topologies
● An HA VPN gateway to peer VPN devices
● An HA VPN gateway to an Amazon Web Services (AWS) virtual private
gateway
● Two HA VPN gateways connected to each other
First toplogy
HA VPN gateway connects to two peer VPN devices.
Each peer device has one interface and one external IP address.
The HA VPN gateway uses two tunnels, one tunnel to each peer device.
configuring an HA VPN external VPN gateway to Amazon Web Services (AWS)
you can use either a transit gateway or a virtual private gatewa
Only the transit gateway supports equal-cost multipath (ECMP) routing.
When enabled, ECMP equally distributes traffic across active tunnels.
