Set up multiple VPC networks using user-registered PSC connections

This page explains how to set up connectivity for multiple Virtual Private Cloud (VPC) networks and a new Memorystore for Redis Cluster instance. This tutorial shows you how to do this by creating Private Service Connect (PSC) endpoints in consumer networks, targeting the service attachments of you Memorystore instance, and registering the components with the instance. This page also explains how to connect your client to the instance through PSC connections.

For instructions on how to set up multiple VPC networking for an instance that already has some automatically-registered PSC connections, see Set up multiple VPC networks for instances provisioned with automatically-registered connections.

For more information about multiple VPC network setups, see About multiple VPC networking.

A diagram that shows networking architecture. It has two customer VPC networks across two projects connected to a Private Service Connect connection, which is connected to the Memorystore service attachment.

Summary of key steps

This section gives a summary list of the key steps in this tutorial for setting up your PSC connections. First, you should prepare to follow this tutorial by completing the steps in the Before you begin section.

Key steps

  1. Step 1: Create an instance
  2. Step 2: Note the service attachment paths
  3. Step 3: Set up and register PSC connections for your first VPC network
  4. Step 4: Set up and register PSC connections for your second VPC network
  5. Step 5: Set up a client connection

Additionally, you can also:

Before you begin

Before you begin, ensure that you have the following IAM roles and Google Cloud resources.

Required IAM roles

Example resource ID Resource type
roles/redis.admin Provides full control of a Memorystore for Redis Cluster instance and controls the instance over its lifecycle.
roles/servicedirectory.editor Grants you permission to edit Service Directory resources. This role is needed for creating a PSC endpoint.
roles/compute.networkAdmin Grants full control over the VPC network that initiates a connection to a Memorystore instance. You can create and manage IP addresses, firewall rules, and Private Service Connect endpoints. This role is needed for creating a PSC endpoint.

If you use Private Service Connect to connect to a Memorystore instance from multiple VPC networks, then each network may have its own administrator.

Prerequisite resources

You need to create the following resources before you begin this tutorial. We recommend creating the resources with the following IDs and locations, however you can also choose your own IDs and locations. In this tutorial, you will use the following resources to set up two PSC connections in VPC network 1:

Example resource ID Resource type Example full path Description
my-project-1 Google Cloud project n/a Your Memorystore instance is located in this project
my-network-1 VPC network projects/my-project-1/global/networks/my-network-1 In this tutorial, you set up 2 PSC connections in this network
my-subnet-1 VPC subnet projects/my-project-1/regions/us-central1/subnetworks/my-subnet-1 In this tutorial, you reserve 2 IP addresses in this subnet

In this tutorial, you will use the following resources to create two PSC connections in VPC network 2:

Example resource ID Resource type Example full path Description
my-project-2 Google Cloud project n/a For this tutorial, this is the project where you create the second network and second subnetwork. However, the second network and subnet can be in the same project as the first network, if you choose.
my-network-2 VPC network projects/my-project-2/global/networks/my-network-2 In this tutorial, you create 2 PSC endpoints in this network
my-subnet-2 VPC subnet projects/my-project-2/regions/us-central1/subnetworks/my-subnet-2 In this tutorial, you reserve 2 IP addresses in this subnet

Enable APIs

Enable the following APIs needed for managing Compute Engine networking, Memorystore for Redis Cluster, and Private Service Connect resources.

gcloud

To enable the APIs in both project 1 and project 2, run the following commands:

gcloud services enable --project=PROJECT_1_ID compute.googleapis.com
gcloud services enable --project=PROJECT_2_ID compute.googleapis.com
gcloud services enable --project=PROJECT_1_ID redis.googleapis.com
gcloud services enable --project=PROJECT_2_ID redis.googleapis.com
gcloud services enable --project=PROJECT_1_ID servicedirectory.googleapis.com
gcloud services enable --project=PROJECT_2_ID servicedirectory.googleapis.com

Step 1: Create an instance

This guide shows you how to set up connectivity for a Memorystore instance that has no automatically-registered PSC connections. It is acceptable to have a service connection policy, but a service connection policy isn't required when following the process for user-registering PSC connections.

To avoid automatically creating and registering PSC connections, run the create command without specifying a network, as seen in the following example.

gcloud

To create an instance without auto-creating any PSC connections, run the gcloud redis cluster create command, without using the --network parameter, as follows:

gcloud redis clusters create INSTANCE_ID \
--region=REGION_ID \
--project=PROJECT_1_ID
--replica-count=REPLICA_COUNT \
--node-type=NODE_TYPE \
--shard-count=SHARD_COUNT

Replace the following:

  • INSTANCE_ID is the ID of the Memorystore for Redis Cluster instance you're creating. Your instance ID must be 1 to 63 characters and use only lowercase letters, numbers, or hyphens. It must start with a lowercase letter and end with a lowercase letter or number.

  • REGION_ID is the region where you want the instance placed.

  • PROJECT_1_ID is the ID of project 1.

  • REPLICA_COUNT is your chosen number of replicas (per shard). Accepted values are 0, 1, and 2.

  • NODE_TYPE is your chosen node type. Accepted values are:

    • redis-shared-core-nano

    • redis-standard-small

    • redis-highmem-medium

    • redis-highmem-xlarge

  • SHARD_COUNT determines the number of shards in your instance. Shard count determines the total memory capacity for storing cluster data. To see more details about cluster specification, see Cluster and node specification.

For example:

gcloud redis clusters create my-instance \
--region=us-central1 \
--replica-count=2 \
--node-type=redis-highmem-medium \
--shard-count=8

Step 2: Note the service attachment paths

After creating a Memorystore instance, make a note of the two service attachment URIs for your Memorystore instance. You use these service attachment URIs to set up PSC connections.

gcloud

To view summary information about an instance with Private Service Connect enabled, look for the pscServiceAttachments field. This field displays the two URIs that point to the service attachments of the instance. To view this information, use the gcloud redis clusters describe command:

gcloud redis clusters describe INSTANCE_ID --project=PROJECT_1_ID --region=REGION_ID

Replace the following:

  • INSTANCE_ID is the name of your Memorystore instance.
  • PROJECT_1_ID is the ID of Project 1 that contains the Memorystore instance.
  • REGION_ID is the ID of the region where your instance is located.

The following shows a sample output for this command:

gcloud redis clusters describe my-instance \
--project=my-project-1 --region=us-central1

...

pscServiceAttachments:
- connectionType: CONNECTION_TYPE_DISCOVERY
  serviceAttachment: projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa
- serviceAttachment: projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa-2

Step 3: Set up and register PSC connections for your first VPC network

This section shows you how to set up the two PSC connections required for your first VPC network. You must repeat this process for every VPC for which you want to set up connectivity. For example, later in this tutorial you will find these steps repeated again, but for the new connections needed for the second VPC network.

Create the Private Service Connect endpoints for network 1

This section explains the actions you need to take to create 2 PSC endpoints in Network 1.

Reserve IP addresses for network 1

Next, reserve two IP addresses in network 1.

Reserve IP address 1

gcloud

To reserve IP address 1, run the gcloud compute addresses create command:

gcloud compute addresses create IP_ADDRESS_1_ID \
--project=PROJECT_1_ID \
--addresses=IP_ADDRESS_1 \
--region=REGION_ID \
--subnet=projects/PROJECT_1_ID/regions/REGION_ID/subnetworks/SUBNET_1_ID \
--purpose=GCE_ENDPOINT

Replace the following:

  • IP_ADDRESS_1_ID is the ID you give to your IP address.
  • PROJECT_1_ID is the ID of Project 1.
  • IP_ADDRESS_1 is an IP address of your choosing from within the SUBNET_1_ID range you reserved as a part of Prerequisite resources.
  • REGION_ID is the region where your Memorystore instance is located.
  • SUBNET_1_ID is the ID of the subnetwork you reserved on network one in project 1 as a part of Prerequisite resources.

For example:

gcloud compute addresses create my-ip-address-1 \
--project=my-project-1 \
--addresses=10.2.5.9 \
--region=us-central1 \
--subnet=projects/my-project-1/regions/us-central1/subnetworks/my-subnet-1 \
--purpose=GCE_ENDPOINT
Reserve IP address 2

gcloud

To reserve IP address 2, run the gcloud compute addresses create command:

gcloud compute addresses create IP_ADDRESS_2_ID \
--project=PROJECT_1_ID \
--addresses=IP_ADDRESS_2 \
--region=REGION_ID \
--subnet=projects/PROJECT_1_ID/regions/REGION_ID/subnetworks/SUBNET_1_ID \
--purpose=GCE_ENDPOINT

Replace the following:

  • IP_ADDRESS_2_ID is the ID you give to your IP address.
  • PROJECT_1_ID is the ID of Project 1.
  • IP_ADDRESS_2 is an IP address of your choosing from within the SUBNET_1_ID range you reserved as a part of Prerequisite resources.
  • REGION_ID is the region where your Memorystore instance is located.
  • SUBNET_1_ID is the ID of the subnetwork you reserved on network 1 in project 1 as a part of Prerequisite resources.

Add forwarding rules for network 1

Next, create forwarding rules that connect the IP addresses to the Memorystore instance's service attachments.

Add forwarding rule 1 for IP 1

gcloud

To add a forwarding rule for IP 1, run the gcloud compute forwarding-rules create command:

gcloud compute forwarding-rules create FORWARDING_RULE_1_NAME \
--address=IP_ADDRESS_1_ID \
--network=projects/PROJECT_1_ID/global/networks/NETWORK_1_ID \
--region=REGION_ID \
--target-service-attachment=SERVICE_ATTACHMENT_1 \
--project=PROJECT_1_ID \
--allow-psc-global-access

Replace the following:

  • FORWARDING_RULE_1_NAME is the name you give to the forwarding rule you are creating.
  • IP_ADDRESS_1_ID is the ID of the IP address you reserved in the Reserve IP addresses section.
  • NETWORK_1_ID is the ID of your first network.
  • REGION_ID is the region where your Memorystore instance is located.
  • SERVICE_ATTACHMENT_1 is the service attachment you noted in Note the service attachment paths listed after the CONNECTION_TYPE_DISCOVERY field.
  • PROJECT_1_ID is your first project.

For example:

gcloud compute forwarding-rules create my-forwarding-rule-1 \
--address=my-ip-address-1 \
--network=projects/my-project-1/global/networks/my-network-1 \
--region=us-central1 \
--target-service-attachment=projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-a0583920-edef-42-psc-sa \
--project=my-project-1 \
--allow-psc-global-access
Add forwarding rule 2 for IP 2

gcloud

To add a forwarding rule for IP 2, run the gcloud compute forwarding-rules create command:

gcloud compute forwarding-rules create FORWARDING_RULE_2_NAME \
--address=IP_ADDRESS_2_ID \
--network=projects/PROJECT_1_ID/global/networks/NETWORK_1_ID \
--region=REGION_ID \
--target-service-attachment=SERVICE_ATTACHMENT_2 \
--project=PROJECT_1_ID \
--allow-psc-global-access

Replace the following:

  • FORWARDING_RULE_2_NAME is the name you give to the forwarding rule you are creating.
  • IP_ADDRESS_2_ID is the ID of the IP address you reserved in the Reserve IP addresses section.
  • NETWORK_1_ID is the ID of your first network.
  • REGION_ID is the region where your Memorystore instance is located.
  • SERVICE_ATTACHMENT_2 is the second service attachment you noted in Note the service attachment paths.
  • PROJECT_1_ID is your first project.

For example:

gcloud compute forwarding-rules create my-forwarding-rule-2 \
--address=my-ip-address-2 \
--network=projects/my-project-1/global/networks/my-network-1 \
--region=us-central1 \
--target-service-attachment=projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-a0583920-edef-42-psc-sa-2 \
--project=my-project-1 \
--allow-psc-global-access

Register PSC connections with your Memorystore instance for network 1

This section shows the steps to follow to register PSC connections with your Memorystore instance. First, you need to get the connection IDs and project IDs of your forwarding rules.

Then, you will enable connectivity by registering the PSC connection information with your Memorystore instance.

Get the forwarding rule connection IDs and project IDs for network 1

Next, get the pscConnectionId value for each forwarding rule. Make a note of the values.

Get PSC connection ID 1

gcloud

To see the pscConnectionId value and other forwarding rule summary information, run the gcloud compute forwarding-rules describe command:

gcloud compute forwarding-rules describe FORWARDING_RULE_1_NAME \
--project=PROJECT_1_ID \
--region=REGION_ID

Replace the following:

  • FORWARDING_RULE_1_NAME is the name of your first forwarding rule.
  • PROJECT_1_ID is the ID of the Google Cloud project that contains the forwarding rule.

The following example shows a sample output for this command:

gcloud compute forwarding-rules describe my-forwarding-rule-1 \
--project=my-project-1 \
--region=us-central1

...

pscConnectionId: '415109836469698'
Get PSC connection ID 2

gcloud

To see the pscConnectionId value and other forwarding rule summary information, run the gcloud compute forwarding-rules describe command:

gcloud compute forwarding-rules describe FORWARDING_RULE_2_NAME \
--project=PROJECT_1_ID \
--region=REGION_ID

Replace the following:

  • FORWARDING_RULE_2_NAME is the name of your second forwarding rule.
  • PROJECT_1_ID is the ID of the Google Cloud project that contains the forwarding rule.

Register PSC connection information for VPC network 1

gcloud

To register each PSC connection, you'll provide the PSC connection ID, IP address, network path, forwarding rule path/URI, and the target service attachment. Do this by running the gcloud redis clusters add-cluster-endpoints command:

gcloud redis clusters add-cluster-endpoints INSTANCE_ID
--region=REGION_ID \
--project=PROJECT_1_ID \
--cluster-endpoint='["psc-connection":[{"psc-connection-id":"PSC_CONNECTION_1_ID","address":"IP_ADDRESS_1","network":"projects/PROJECT_1_ID/global/networks/NETWORK_1_ID","forwarding-rule":"projects/PROJECT_1_ID/regions/REGION_ID/forwardingRules/FORWARDING_RULE_1_NAME","service-attachment":"SERVICE_ATTACHMENT_1"},{"psc-connection-id":"PSC_CONNECTION_2_ID","address":"IP_ADDRESS_2","network":"projects/PROJECT_1_ID/global/networks/NETWORK_1_ID","forwarding-rule":"projects/PROJECT_1_ID/regions/REGION_ID/forwardingRules/FORWARDING_RULE_2_NAME","service-attachment":"SERVICE_ATTACHMENT_2"}]]'

Replace the following:

  • INSTANCE_ID is the ID of your Memorystore for Redis Cluster instance.
  • REGION_ID is the ID of the region where your Memorystore instance is located.
  • PROJECT_1_ID is the ID of Project 1.
  • PSC_CONNECTTION_1_ID is the first PSC connection ID you noted when Getting forwarding rule connection IDs.
  • IP_ADDRESS_1 is the address of the first IP address you reserved.
  • NETWORK_1_ID is the ID of Network 1.
  • FORWARDING_RULE_1_NAME is the name of the first forwarding rule you created.
  • SERVICE_ATTACHMENT_1 is your first service attachment that FORWARDING RULE_1_NAME is connected with.
  • PSC_CONNECTION_2_ID is the second PSC connection ID you noted when Getting forwarding rule connection IDs.
  • IP_ADDRESS_2 is the address of the second IP address you reserved.
  • FORWARDING_RULE_2_NAME is the name of the second forwarding rule you created.
  • SERVICE_ATTACHMENT_2 is your second service attachment that FORWARDING_RULE_2_NAME is connected with.

For example:

gcloud redis clusters add-cluster-endpoints my-instance \
--region=us-central-1 \
--project=my-project1 \
--cluster-endpoint='["psc-connection":[{"psc-connection-id":"41510983646969883","address":"10.2.5.9","network":"projects/my-project-1/global/networks/my-network-1","forwarding-rule":"projects/1048073346231/regions/us-central1/forwardingRules/my-forwarding-rule-1","service-attachment":"projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa"},{"psc-connection-id":"41510983646969234","address":"10.2.5.11","network":"projects/my-project-1/global/networks/my-network-1","forwarding-rule":"projects/my-project-1/regions/us-central1/forwardingRules/my-forwarding-rule-2","service-attachment":"projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa-2"}]]'

Step 4: Set up and register PSC connections for your second VPC network

This section shows you how to set up the two PSC connections required for your second VPC network.

Create the Private Service Connect endpoints for network 2

This section explains the actions you need to take to create 2 PSC endpoints in Network 2.

Reserve IP addresses for network 2

Next, reserve 2 IP addresses in network 2.

Reserve IP address 3

gcloud

To reserve IP address 3, run the gcloud compute addresses create command:

gcloud compute addresses create IP_ADDRESS_3_ID \
--project=PROJECT_2_ID \
--addresses=IP_ADDRESS_3 \
--region=REGION_ID \
--subnet=projects/PROJECT_2_ID/regions/REGION_ID/subnetworks/SUBNET_2_ID \
--purpose=GCE_ENDPOINT

Replace the following:

  • IP_ADDRESS_3_ID is the ID you give to your IP address.
  • PROJECT_2_ID is the ID of Project 2.
  • IP_ADDRESS_3 is an IP address of your choosing from within the SUBNET_2_ID range you reserved as a part of Prerequisite resources.
  • REGION_ID is the region where your Memorystore instance is located.
  • SUBNET_2_ID is the ID of the subnetwork you reserved on network 2 in project 2 as a part of Prerequisite resources.
Reserve IP address 4

gcloud

To reserve IP address 4, run the gcloud compute addresses create command:

gcloud compute addresses create IP_ADDRESS_4_ID \
--project=PROJECT_2_ID \
--addresses=IP_ADDRESS_4 \
--region=REGION_ID \
--subnet=projects/PROJECT_2_ID/regions/REGION_ID/subnetworks/SUBNET_2_ID \
--purpose=GCE_ENDPOINT

Replace the following:

  • IP_ADDRESS_4_ID is the ID you give to your IP address.
  • PROJECT_2_ID is the ID of Project 2.
  • IP_ADDRESS_4 is an IP address of your choosing from within the SUBNET_2_ID range you reserved as a part of Prerequisite resources.
  • REGION_ID is the region where your Memorystore instance is located.
  • SUBNET_2_ID is the ID of the subnetwork you reserved on network 2 in project 2 as a part of Prerequisite resources.

Add forwarding rules for network 2

Next, create forwarding rules that connect the IP addresses to the Memorystore instance's service attachments.

Add forwarding rule 3 for IP 3

gcloud

To add a forwarding rule for IP 3, run the gcloud compute forwarding-rules create command:

gcloud compute forwarding-rules create FORWARDING_RULE_3_NAME \
--address=IP_ADDRESS_3_ID \
--network=projects/PROJECT_2_ID/global/networks/NETWORK_2_ID \
--region=REGION_ID \
--target-service-attachment=SERVICE_ATTACHMENT_1 \
--project=PROJECT_2_ID \
--allow-psc-global-access

Replace the following:

  • FORWARDING_RULE_3_NAME is the name you give to the forwarding rule you are creating.
  • IP_ADDRESS_3_ID is the ID of the IP address you reserved in the Reserve IP addresses section.
  • NETWORK_2_ID is the ID of your second network.
  • REGION_ID is the region where your Memorystore instance is located.
  • SERVICE_ATTACHMENT_1 is the first service attachment you noted in Note the service attachment paths.
  • PROJECT_2_ID is your second project.

For example:

gcloud compute forwarding-rules create my-forwarding-rule-3 \
--address=my-ip-address-3 \
--network=projects/my-project-2/global/networks/my-network-2 \
--region=us-central1 \
--target-service-attachment=projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-a0583920-edef-42-psc-sa \
--project=my-project-2 \
--allow-psc-global-access
Add forwarding rule 4 for IP 4

gcloud

To add a forwarding rule for IP 4, run the gcloud compute forwarding-rules create command:

gcloud compute forwarding-rules create FORWARDING_RULE_4_NAME \
--address=IP_ADDRESS_4_ID \
--network=projects/PROJECT_2_ID/global/networks/NETWORK_2_ID \
--region=REGION_ID \
--target-service-attachment=SERVICE_ATTACHMENT_2 \
--project=PROJECT_2_ID \
--allow-psc-global-access

Replace the following:

  • FORWARDING_RULE_4_NAME is the name you give to the forwarding rule you are creating.
  • IP_ADDRESS_4_ID is the ID of the IP address you reserved in the Reserve IP addresses section.
  • NETWORK_2_ID is the ID of your second network.
  • REGION_ID is the region where your Memorystore instance is located.
  • SERVICE_ATTACHMENT_2 is the second service attachment you noted in Note the service attachment paths.
  • PROJECT_2_ID is your second project.

For example:

gcloud compute forwarding-rules create my-forwarding-rule-4 \
--address=my-ip-address-4 \
--network=projects/my-project-2/global/networks/my-network-2 \
--region=us-central1 \
--target-service-attachment=projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-a0583920-edef-42-psc-sa-2 \
--project=my-project-2 \
--allow-psc-global-access

Register PSC connections with your Memorystore instance for network 2

This section shows the steps to follow to register PSC connections with your Memorystore instance. First, you need to get the connection IDs and project IDs of your forwarding rules.

Then, you will enable connectivity by registering the PSC connection information with your Memorystore instance.

Get the forwarding rule connection IDs and project IDs for network 2

Next, get the pscConnectionId value for each forwarding rule. Make a note of the values.

Get PSC connection ID 3

gcloud

To see the pscConnectionId value and other forwarding rule summary information, run the gcloud compute forwarding-rules describe command:

gcloud compute forwarding-rules describe FORWARDING_RULE_3_NAME \
--project=PROJECT_2_ID \
--region=REGION_ID

Replace the following:

  • FORWARDING_RULE_3_NAME is the name of your third forwarding rule.
  • PROJECT_2_ID is the ID of the Google Cloud project that contains the forwarding rule.

The following example shows a sample output for this command:

gcloud compute forwarding-rules describe my-forwarding-rule-3 \
--project=my-project-2 \
--region=us-central1

...

pscConnectionId: '94710983646969729'
Get PSC connection ID 4

gcloud

To see the pscConnectionId value and other forwarding rule summary information, run the gcloud compute forwarding-rules describe command:

gcloud compute forwarding-rules describe FORWARDING_RULE_4_NAME \
--project=PROJECT_2_ID \
--region=REGION_ID

Replace the following:

  • FORWARDING_RULE_4_NAME is the name of your fourth forwarding rule.
  • PROJECT_2_ID is the ID of the Google Cloud project that contains the forwarding rule.

Register PSC connection information for VPC network 2

gcloud

To register each PSC connection, you'll provide the PSC connection ID, IP address, network path, forwarding rule path/URI, and the target service attachment. Do this by running the gcloud redis clusters add-cluster-endpoints command:

gcloud redis clusters add-cluster-endpoints INSTANCE_ID
--region=REGION_ID \
--project=PROJECT_2_ID \
--cluster-endpoint='["psc-connection":[{"psc-connection-id":"PSC_CONNECTION_3_ID","address":"IP_ADDRESS_3","network":"projects/PROJECT_2_ID/global/networks/NETWORK_2_ID","forwarding-rule":"projects/PROJECT_2_ID/regions/REGION_ID/forwardingRules/FORWARDING_RULE_3_NAME","service-attachment":"SERVICE_ATTACHMENT_1"},{"psc-connection-id":"PSC_CONNECTION_4_ID","address":"IP_ADDRESS_4","network":"projects/PROJECT_2_ID/global/networks/NETWORK_2_ID","forwarding-rule":"projects/PROJECT_2_ID/regions/REGION_ID/forwardingRules/FORWARDING_RULE_4_NAME","service-attachment":"SERVICE_ATTACHMENT_2"}]]'

Replace the following:

  • INSTANCE_ID is the ID of your Memorystore for Redis Cluster instance.
  • REGION_ID is the ID of the region where your Memorystore instance is located.
  • PROJECT_2_ID is the ID of Project 2.
  • PSC_CONNECTTION_3_ID is the PSC connection 3 you noted when Getting forwarding rule connection IDs for network 2.
  • IP_ADDRESS_3 is the address of the third IP address you reserved.
  • NETWORK_2_ID is the ID of Network 2.
  • FORWARDING_RULE_3_NAME is the name of the third forwarding rule you created.
  • SERVICE_ATTACHMENT_1 is your first service attachment that FORWARDING RULE_3_NAME is connected with.
  • PSC_CONNECTION_4_ID is the PSC connection 4 you noted when Getting forwarding rule connection ID for network 2.
  • IP_ADDRESS_4 is the address of the fourth IP address you reserved.
  • FORWARDING_RULE_4_NAME is the name of the fourth forwarding rule you created.
  • SERVICE_ATTACHMENT_2 is your second service attachment that FORWARDING_RULE_4_NAME is connected with.

For example:

gcloud redis clusters add-cluster-endpoints my-instance \
--region=us-central-1 \
--project=my-project-2 \
--cluster-endpoint='[psc-connection:[{"psc-connection-id":"94710983646969729","address":"10.142.0.10","network":"projects/my-project-2/global/networks/my-network-2","forwarding-rule":"projects/my-project-2/regions/us-central1/forwardingRules/my-forwarding-rule-3","service-attachment":"projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa"},{"psc-connection-id":"86510983646969993","address":"10.142.0.12","network":"projects/my-project-2/global/networks/my-network-2","forwarding-rule":"projects/my-project-2/regions/us-central1/forwardingRules/my-forwarding-rule-4","service-attachment":"projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa-2"}]]'

Step 5: Set up a client connection

This section explains how to configure your client for connectivity for the networks in this guide.

Make a note of PSC connection endpoint information

Next, make a note of two IP addresses: one for each network you set up in this tutorial. Each network you set up for Memorystore has a discovery connection endpoint.

gcloud

To view PSC connection endpoint information for your networks, run the gcloud redis clusters describe command:

gcloud redis clusters describe INSTANCE_ID \
--region=REGION_ID \
--project=PROJECT_1_ID

The output contains a list of clusterEndpoints. For each clusterEndpoint, there are two user-registered PSC connections.

Make a note of the IP addresses corresponding with the PSC connections of the type CONNECTION_TYPE_DISCOVERY. For this tutorial, there is one for each of the two networks you set up.

For example, here is a piece of sample output from the gcloud redis clusters describe command that contains the IP address you should write down:

clusterEndpoints:
- connections:
  - pscConnection:
      address: 10.2.5.09
      connectionType: CONNECTION_TYPE_DISCOVERY
      forwardingRule: projects/my-project-1/regions/us-central1/forwardingRules/my-forwarding-rule-1
      network: projects/my-project-1/global/networks/my-network-1
      projectId: my-network-1
      pscConnectionId: '41510983646969883'
      pscConnectionStatus: PSC_CONNECTION_STATUS_ACTIVE
      serviceAttachment: projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa
  - pscConnection:
      address: 10.2.5.11
      forwardingRule: projects/my-project-1/regions/us-central1/forwardingRules/my-forwarding-rule-2
      network: projects/my-project-1/global/networks/my-network-1
      projectId: my-project-1
      pscConnectionId: '41510983646969234'
      pscConnectionStatus: PSC_CONNECTION_STATUS_ACTIVE
      serviceAttachment: projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa-2
- connections:
  - pscConnection:
      address: 10.142.0.10
      connectionType: CONNECTION_TYPE_DISCOVERY
      forwardingRule: projects/my-project-2/regions/us-central1/forwardingRules/my-forwarding-rule-3
      network: projects/my-project-2/global/networks/my-network-2
      projectId: my-network-2
      pscConnectionId: '94710983646969729'
      pscConnectionStatus: PSC_CONNECTION_STATUS_ACTIVE
      serviceAttachment: projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa
  - pscConnection:
      address: 10.142.0.12
      forwardingRule: projects/my-project-2/regions/us-central1/forwardingRules/my-forwarding-rule-4
      network: projects/my-project-2/global/networks/my-network-2
      projectId: my-project-2
      pscConnectionId: '86510983646969993'
      pscConnectionStatus: PSC_CONNECTION_STATUS_ACTIVE
      serviceAttachment: projects/1048073346231/regions/us-central1/serviceAttachments/gcp-memorystore-auto-8d7d48ef-3ca3-4d-psc-sa-2

In the preceding output, the value of the IP address of the discovery PSC connections that you would make a note of are 10.2.5.09 and 10.142.0.10.

Configure your client

Next, configure your client as follows:

  • Configure client connections in network 1 using the discovery IP in network 1. This is the IP address you noted in the previous step. For the example given in this tutorial, the value is 10.2.5.09.

  • Configure client connections in network 2 using the discovery IP in network 2. This is the IP address you noted in the previous step. For the example given in this tutorial, the value is 10.142.0.10.

For instructions on connecting to a Memorystore instance, see Connect from a Compute Engine VM using redis-cli.

Delete your PSC connections

Before you can Delete your Memorystore instance, you must delete all PSC connections associated with the instance. To do this, you must delete the forwarding rules and deregister the endpoints that you set up in this tutorial. This section guides you through deleting all of the forwarding rules first, then deregistering the endpoints. However, if you choose, you can delete forwarding rules and deregister endpoints for one network at a time.

Also, you can optionally delete the reserved IP addresses to release them for future use if you choose.

Deleting forwarding rules

This section gives instructions on deleting the forwarding rules you created previously in this tutorial.

Delete forwarding rule 1

gcloud

To delete a forwarding rule, run the gcloud compute forwarding-rules delete command:

gcloud compute forwarding-rules delete FORWARDING_RULE_1_NAME \
--region=REGION_ID \
--project=PROJECT_1_ID

Replace the following:

  • FORWARDING_RULE_1_NAME is the name of your first forwarding rule.
  • PROJECT_1_ID is the ID of Project 1.

Delete forwarding rule 2

gcloud

To delete a forwarding rule, run the gcloud compute forwarding-rules delete command:

gcloud compute forwarding-rules delete FORWARDING_RULE_2_NAME \
--region=REGION_ID \
--project=PROJECT_1_ID

Replace the following:

  • FORWARDING_RULE_2_NAME is the name of your second forwarding rule.
  • PROJECT_1_ID is the ID of Project 1.

Delete forwarding rule 3

gcloud

To delete a forwarding rule, run the gcloud compute forwarding-rules delete command:

gcloud compute forwarding-rules delete FORWARDING_RULE_3_NAME \
--region=REGION_ID \
--project=PROJECT_2_ID

Replace the following:

  • FORWARDING_RULE_3_NAME is the name of your third forwarding rule.
  • PROJECT_2_ID is the ID of Project 2.

Delete forwarding rule 4

gcloud

To delete a forwarding rule, run the gcloud compute forwarding-rules delete command:

gcloud compute forwarding-rules delete FORWARDING_RULE_4_NAME \
--region=REGION_ID \
--project=PROJECT_2_ID

Replace the following:

  • FORWARDING_RULE_4_NAME is the name of your fourth forwarding rule.
  • PROJECT_2_ID is the ID of Project 2.

Deregister your Private Service Connect endpoints

This section provides instructions for deregistering the PSC endpoints that you registered earlier in this tutorial.

Deregister endpoints for VPC networks 1 and 2

gcloud

To deregister the endpoint information with the Memorystore instance, run the gcloud redis clusters remove-cluster-endpoints command.

gcloud redis clusters remove-cluster-endpoints INSTANCE_ID \
--region=REGION_ID \
--project=PROJECT_1_ID \
--cluster-endpoint='["psc-connection":[{"psc-connection-id":"PSC_CONNECTTION_1_ID"},{"psc-connection-id":"PSC_CONNECTTION_2_ID"}]] \
--cluster-endpoint='["psc-connection":[{"psc-connection-id":"PSC_CONNECTTION_3_ID"},{"psc-connection-id":"PSC_CONNECTTION_4_ID"}]]

Replace the following:

The preceding command deregisters all connections created in this tutorial. If you want to only deregister one of the connections, only specify the connection IDs of the connections you want to remove.

Delete your Memorystore for Redis Cluster instance

Before you can delete your Memorystore instance, you must Deregister your Private Service Connect endpoints.

gcloud

To delete your Memorystore for Redis Cluster instance, run the gcloud redis clusters delete command:

gcloud redis clusters delete INSTANCE_ID \
--region=REGION_ID \
--project=PROJECT_1_ID

Replace the following:

  • INSTANCE_ID is the ID of your instance.
  • REGION_ID is the ID of the region where your Memorystore instance is located.
  • PROJECT_1_ID is the ID of Project 1.