This document describes how static routes work with Network Connectivity Center. In a Virtual Private Cloud (VPC) network, a route consists of a single destination prefix in CIDR format and a single next hop. When an instance in a VPC network sends a packet, Google Cloud delivers the packet to the route's next hop if the packet's destination address is within the route's destination range.
When you create a static route, you specify the destination prefix and the next hop. You can create static routes from your VPC spokes to internal passthrough Network Load Balancers that are accessible through the Network Connectivity Center hub. Therefore, a static route can only point to an internal passthrough Network Load Balancer's IP address in another spoke if that remote VPC has Network Connectivity Center connectivity with the home VPC. This connectivity is controlled by the Network Connectivity Center policy, in which the two VPCs must exchange subnet routes. If the VPCs aren't connected through the Network Connectivity Center hub, then the traffic is dropped.
The destinations that are available for static routes depend on the topology of your VPC spokes:
- If you use a mesh topology, you can create static routes from your VPC spokes to internal passthrough Network Load Balancers in any VPC spoke connected to the hub.
- If you use a star topology, you can create static routes between your edge VPCs and your center VPCs. Note that if you create a static route between one edge VPC and another edge VPC, the traffic is dropped because the subnets can't reach each other.
For more information about static routes, see Static routes.
Limitations
Network Connectivity Center static routes have the following limitations:
- If the internal passthrough Network Load Balancer's IP address is in a remote Network Connectivity Center spoke VPC, and is not exchanged due to an export filter, that IP address isn't reachable using a static route from another VPC spoke. Therefore, the traffic to the destination range is dropped.
- If you create a static route to an IP address in one Network Connectivity Center VPC spoke, then delete that spoke's subnet and internal passthrough Network Load Balancer and create a new subnet with an IP address range containing a new internal passthrough Network Load Balancer's IP address, then the traffic is automatically rerouted to the new spoke.
- If you move a VPC spoke with a static route to a new Network Connectivity Center spoke group, traffic for the route's destination range is delivered according to the new spoke group's route table.
- If you create a static route with a destination IP address that doesn't exist or isn't connected to the hub, then the traffic is dropped. However, if the IP address becomes available and is connected to the hub, then traffic is automatically routed to it.
- When you delete a VPC spoke, any existing static routes with an internal passthrough Network Load Balancer's IP address as the next hop remain configured. However, the traffic is dropped unless the destination is reachable through a local network or through VPC Network Peering.
- Tagged static routes are not supported.
- The following limitations apply to routing VPCs:
- Static routes in routing VPCs are not supported in Network Connectivity Center.
- You must add the routing VPC as a VPC spoke to let static routes in the routing VPC work across Network Connectivity Center.
- All hybrid endpoints in a routing VPC get the static route regardless of whether they are connected to the Network Connectivity Center hub as hybrid spokes.