This page provides the steps required to deploy HA VPN over Cloud Interconnect. Before deploying HA VPN over Cloud Interconnect, see the HA VPN over Cloud Interconnect overview.
To create and configure an HA VPN over Cloud Interconnect deployment, follow these steps:
Determine the level of SLA that you need for your deployment:
For a 99.9% SLA, you need two Cloud Interconnect connections that are redundant with each other. The deployment occurs in a single Google Cloud region but in two different edge availability domains (zones).
For a 99.99% SLA, you need four Cloud Interconnect connections that make up two sets of redundant connections. The overall deployment must occur across two regions. Place each connection pair in a different region.
Each pair of redundant connections must be located in the same metropolitan area, but the individual connections must exist in different edge availability domains.
Order the correct number of connections for your SLA.
For information about ordering connections, see Order a Dedicated Interconnect connection or Request Partner Interconnect connections.
If you are using Dedicated Interconnect, set up and test your connections.
Optional: Assign internal IP ranges to HA VPN gateway interfaces.
Create the encrypted VLAN attachments and the Cloud Router for the Cloud Interconnect tier:
For Dedicated Interconnect, see Create encrypted VLAN attachments.
For Partner Interconnect, see Create encrypted VLAN attachments.
Configure your on-premises routers for Cloud Interconnect:
For Dedicated Interconnect, see Configure on-premises routers.
For Partner Interconnect Layer 2 connections, see Configure on-premises routers.
You do not need to perform this step for Partner Interconnect Layer 3 connections.
Create HA VPN gateways and tunnels, including the Cloud Router used for HA VPN. When you create the HA VPN gateways and tunnels, calculate the number of tunnels to deploy. Larger capacity VLAN attachments require more VPN tunnels to match throughput.
Because you can create both encrypted and unencrypted attachments on the same Cloud Interconnect connection, derive the number of tunnels that you require based only on the capacity of your encrypted VLAN attachments.
For more information, see Configure HA VPN over Cloud Interconnect.
Configure your on-premises VPN gateways. For more information, see Configure the peer VPN gateway.
What's next?
To choose a connection type for Cloud Interconnect, see Choosing a Network Connectivity product.
To learn about best practices when planning for and configuring Cloud Interconnect, see Best practices.
To use Terraform to deploy HA VPN over Cloud Interconnect, see Terraform examples for HA VPN over Cloud Interconnect.