Create a producer VPC spoke

This page describes how to create a producer Virtual Private Cloud (VPC) spoke on a Network Connectivity Center hub.

For an overview of producer VPC spokes, see Producer VPC spokes.

Before you begin

Before you create a producer VPC spoke:

Create a producer VPC spoke

To connect a service producer VPC network with other networks in a given project, connect the producer VPC network to a producer VPC spoke, and connect the producer VPC spoke to a hub.

If you use the Google Cloud CLI or the API to connect the producer VPC spoke to a hub that is configured for star topology, you must use the same group name as the existing consumer VPC spoke on the hub. If you use the Google Cloud console, the producer VPC spoke is automatically added to the same group.

If you want to assign exclude export ranges or include export ranges, use the appropriate options during spoke creation.

To create a producer VPC spoke, follow these steps.

Console

  1. In the Google Cloud console, go to the Network Connectivity Center page.

    Go to Network Connectivity Center

  2. In the project menu, select a project in which you want to create the spoke.

  3. Click the Spokes tab.

  4. Click Add spokes.

  5. In the Select hub section, select the hub location as follows:

    • To attach the new spoke to a hub in the same project, select In project PROJECT_NAME and select the hub name from the list.
    • If you want to attach the new spoke to a hub in another project, select In another project. Enter the Project ID and the Hub name to which you want to attach your new spoke.

    When you choose a hub in a different project, your spoke becomes active only when the hub administrator reviews and accepts your proposed spoke. For more information about creating spokes attached to a hub in a different project, see VPC spokes overview. If you are creating a producer VPC spoke in the same project as the hub, the producer VPC spoke is automatically accepted and activated.

  6. Enter a Spoke name and optionally, a Description.

  7. Select Producer VPC network as the Spoke type.

  8. Enter the name of an existing Consumer VPC spoke on the hub that consumes services from the producer VPC network through a VPC Network Peering connection. Google Cloud identifies the producer network through the peering connection.

  9. Optionally, you can add a VPC spoke filter to customize how routes are advertised by entering an IP address range to exclude or include export from the spoke to hub. You cannot change this filter after the spoke is created.

  10. Click Done.

  11. If you want to add more spokes, click Add spoke and begin the process again, starting with entering a spoke name.

  12. When you have finished adding spokes, click Create. The Network Connectivity Center page updates to show details about the spokes that you created.

gcloud

To create a producer VPC spoke, use the gcloud network-connectivity spokes linked-producer-vpc-network create command.

gcloud network-connectivity spokes linked-producer-vpc-network create SPOKE_NAME \
    --hub=HUB \
    --description=DESCRIPTION \
    --network=CONSUMER_VPC_URI \
    --peering=servicenetworking-googleapis-com \
    --include-export-ranges=[INCLUDE_EXPORT_RANGES] \
    --exclude-export-ranges=[EXCLUDE_IPv4_RANGES] \
    --global \
    --group=GROUP_NAME

The --peering flag must be set to servicenetworking-googleapis-com.

Replace the following:

  • SPOKE_NAME: the name of the spoke that you are creating, such as producer-vpc-spoke1
  • HUB: the hub for the spoke
  • DESCRIPTION: optional text to describe the spoke

  • CONSUMER_VPC_URI: the VPC network that consumes services from the producer network through a VPC Network Peering connection

    Google Cloud identifies the producer VPC network through the peering connection. The consumer network that you enter must also be a spoke in the hub. You can enter the full or relative URI. The following example shows the relative URI: projects/PROJECT_ID/global/networks/NETWORK_NAME.

  • INCLUDE_EXPORT_RANGES: a comma-delimited list of keywords, CIDRs, or a combination of keywords and CIDRs that define which subnet IP address ranges can be exported to the hub.

    • The ALL_PRIVATE_IPV4_RANGES keyword adds all subnet ranges that use private IPv4 addresses to the include export range list.

    • The ALL_IPV6_RANGES keyword adds all IPv6 subnet ranges to the include export range list.

    • The include export ranges list supports up to 16 unique, nonoverlapping CIDRs. No CIDR in the list can match or contain another CIDR in the list. Every current and future subnet range in the VPC spoke network that overlaps with a CIDR in the include export ranges list must fulfill one of the following conditions:

      • Exactly match a CIDR in the include export ranges list.

      • Fit within a CIDR in the include export ranges list. In this situation, a subnet range has a larger subnet mask length than the CIDR in the include export ranges list. For example, if the VPC spoke network has the 10.1.2.0/24 subnet range, 10.1.0.0/16 is a valid CIDR for the include export ranges list, but 10.1.2.0/25 is not.

    • If you omit the INCLUDE_EXPORT_RANGES list, Network Connectivity Center operates as if the include export ranges list is [ALL_PRIVATE_IPV4_RANGES].

  • EXCLUDE_IPV4_RANGES: a comma-delimited list of CIDRs that define which subnet IP address ranges are never exported to the hub.

    • The exclude IPv4 ranges list supports up to 16 unique, nonoverlapping CIDRs. No CIDR in the list can match or contain another CIDR in the list.

    • Every CIDR specified in the exclude IPv4 ranges list must expand to IP addresses that are fully contained by the include export ranges list.

    • If you omit the EXCLUDE_IPV4_RANGES list, Network Connectivity Center operates as if the exclude IPv4 export ranges list is empty ([]).

  • GROUP_NAME: the group this spoke belongs to—for example, center or edge. This field is required for spoke groups that use star topology. If using the star topology, you must place the producer VPC spoke in the same group as the existing consumer VPC spoke. For more information about spoke groups, see Spoke groups.

API

To create a producer VPC spoke, use the networkconnectivity.spokes.create method.

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/spokes/SPOKE_NAME
  {
    "hub":"HUB_NAME",
    "linkedProducerVpcNetwork": {
       "network": "CONSUMER_VPC_URI",
       "peering_name": "servicenetworking-googleapis-com",
       "include_export_ranges": "[INCLUDE_EXPORT_RANGES]",
       "exclude_export_ranges": "[EXCLUDE_IPv4_RANGES]",
       "group": "GROUP_NAME"
    },
  }

The peering_name field must be set to servicenetworking-googleapis-com.

Replace the following values:

  • PROJECT_ID: the project ID of the project that contains the new spoke
  • HUB_NAME: the name of the hub that you are attaching the spoke to
  • SPOKE_NAME: the name of the spoke that you are creating

  • CONSUMER_VPC_URI: the VPC network that consumes services from the producer through a VPC Network Peering connection

    Google Cloud identifies the producer VPC network through the peering connection. The consumer network that you enter must also be a spoke in the hub. You can enter the full or relative URI. The following example shows the relative URI: projects/PROJECT_ID/global/networks/NETWORK_NAME.

  • INCLUDE_EXPORT_RANGES: a comma-delimited list of keywords, CIDRs, or a combination of keywords and CIDRs that define which subnet IP address ranges can be exported to the hub.

    • The ALL_PRIVATE_IPV4_RANGES keyword adds all subnet ranges that use private IPv4 addresses to the include export range list.

    • The ALL_IPV6_RANGES keyword adds all IPv6 subnet ranges to the include export range list.

    • The include export ranges list supports up to 16 unique, nonoverlapping CIDRs. No CIDR in the list can match or contain another CIDR in the list. Every current and future subnet range in the VPC spoke network that overlaps with a CIDR in the include export ranges list must fulfill one of the following conditions:

      • Exactly match a CIDR in the include export ranges list.

      • Fit within a CIDR in the include export ranges list. In this situation, a subnet range has a larger subnet mask length than the CIDR in the include export ranges list. For example, if the VPC spoke network has the 10.1.2.0/24 subnet range, 10.1.0.0/16 is a valid CIDR for the include export ranges list, but 10.1.2.0/25 is not.

    • If you omit the INCLUDE_EXPORT_RANGES list, Network Connectivity Center operates as if the include export ranges list is [ALL_PRIVATE_IPV4_RANGES].

  • EXCLUDE_IPV4_RANGES: a comma-delimited list of CIDRs that define which subnet IP address ranges are never exported to the hub.

    • The exclude IPv4 ranges list supports up to 16 unique, nonoverlapping CIDRs. No CIDR in the list can match or contain another CIDR in the list.

    • Every CIDR specified in the exclude IPv4 ranges list must expand to IP addresses that are fully contained by the include export ranges list.

    • If you omit the EXCLUDE_IPV4_RANGES list, Network Connectivity Center operates as if the exclude IPv4 export ranges list is empty ([]).

  • GROUP_NAME: the group that this spoke belongs to

    Supported values are default for a mesh topology hub and center or edge for a star topology hub. This field is required for spoke groups that use star topology. If you are using the star topology, you must place the producer VPC spoke in the same group as the existing consumer VPC spoke. For more information about spoke groups, see Spoke groups.

What's next