In the last blog post: Learning GCP Interconnect: Step-by-Step Guide for Configuring BGP with ISR and Cloud Router, I have shown steps of creating Interconnect VLAN attachment to existing VPC, as well as how to configure Cloud Routers and VPC peerings to establish connectivity from on-prem to GCP spoke VPC. You may have noticed a few feature difference amongst AWS Direct Connect, Azure Express Route and GCP Interconnect, which leads to different architecture.
In this blog post, I will show you how to connect Aviatrix Edge 2.0 to Aviatrix Transit in GCP, using Interconnect as underlay.
This blog serves as a guide to configure GCP Interconnect, Cloud Router to form an BGP session with on-premise BGP capable devices. With VPC peering and import and export routes on the peering, it’s possible to connect up to 25 spoke VPCs to the interconnect VPC.
When tried to delete GCP VPC following error occurs:
jye@cloudshell:~ (<gcp-project>)$ gcloud compute networks delete cloud-sql
The following networks will be deleted:
- [cloud-sql]
Do you want to continue (Y/n)? y
ERROR: (gcloud.compute.networks.delete) Could not fetch resource:
- The network resource 'projects/<gcp-project>/global/networks/cloud-sql' is already being used by 'projects/<gcp-project>/global/networkInstances/v-1171710760-6bcedd6c-b842-4dd0-9e64-65c2ef70f480'
Found out previously I had tried to enable App Engine access Cloud SQL privately by using Serverless VPC Connector
Then in App Engine app.yaml, following statement was used to tell App Engine to use the connector
This has resulting the App Engine to create a network interface with the VPC specified
Since you cannot purge App Engine, I have deployed another app that doesn’t require connection to the VPC:
git clone https://github.com/GoogleCloudPlatform/python-docs-samples
cd python-docs-samples/appengine/standard_python3/building-an-app/building-an-app-1
gcloud app deploy
Now that the App Engine is no longer bind with the VPC
Make sure to delete the Serverless VPC connector
In App Engine, make sure to purge versions that uses the Serverless VPC connector.
Then try to delete the VPC again
gcloud compute networks delete cloud-sql
The following networks will be deleted:
- [cloud-sql]
Do you want to continue (Y/n)? y
Deleted [https://www.googleapis.com/compute/v1/projects/jye-01/global/networks/cloud-sql].
As the number of customers onboarding to GCP Google Cloud Platform continues to grow, one of the most common questions asked is how to access GCP Global Services, such as Cloud SQL, privately and securely. The unique features of GCP networking, including the global VPC construct, single route table for all subnets, and regional Cloud Routers, can be challenging for enterprise customers seeking to access GCP global services. In this blog post, I will demonstrate how Aviatrix architecture enables customers securely and efficiently access GCP global services.
Many enterprises venture into clouds and find the landscape of cloud networking very different from on-prem. Multi-homed devices such as routers and firewalls when deploy to the cloud also are having challenges to insert themself into traffic path, particularly due the reasons listed below. This in turn slows down the enterprises adoption speed to the cloud. Let’s take a look what some of these challenges are:
When operating in the cloud, enterprises often struggle with how to gain control of network traffic leaving their environments in a centralized, cost-effective, and CSP-agnostic way.
In this webinar, you’ll learn how to make cloud egress architecture simple, repeatable, and automated—including how to:
Gain visibility and control of internet-destined traffic in a cost-effective way (FQDN, subtopics distributed, centralized)
Insert next-generation firewalls into internet-outbound traffic and deal with thousands of route entries
Scale up and scale out your egress firewalls in an active manner and retain existing flows
Plus, the benefits of leveraging Aviatrix FireNet and ThreatIQ, ThreatGuard, and Anomaly Detection.
