Add hybrid connections to NCC Gateway

This page describes how to create a Cloud Router and a VLAN attachment and connect them to NCC Gateway.

Create a Cloud Router

Before you create and connect the Cloud Router, keep the following considerations in mind:

  • The Cloud Router must be associated with an NCC Gateway in the same region.
  • At the most, one service can be attached to an NCC Gateway at a time
  • Only the VLAN attachments whose BGP sessions are managed by the Cloud Router that's associated with the NCC Gateway are part of the NCC Gateway spoke.

For detailed information about Cloud Router, see Cloud Router overview.

Follow these steps to create a Cloud Router:

gcloud

Use the gcloud compute routers create command. To specify router-level custom route advertisements, set the --advertisement-mode=CUSTOM flag to CUSTOM. For information about the effect of the router-level advertisement mode on individual BGP session advertisements, see Effective advertisements.

gcloud compute routers create ROUTER_NAME \
    --project=PROJECT_ID \
    --ncc-gateway=NCC_GATEWAY_URI \
    --region=REGION\
    --asn=ASN_NUMBER \
    --advertisement-mode=CUSTOM \
    --set-advertisement-ranges=CUSTOM_ADVERTISED_RANGES \
    [--bgp-identifier-range=ROUTER_IDENTIFIER_RANGE] \
    [--keepalive-interval=KEEPALIVE_TIMER] \

Replace the following:

  • ROUTER_NAME: the name of the Cloud Router

  • PROJECT_ID: the project ID for the project that contains the Cloud Router

  • NCC_GATEWAY_URI: the full URI of the NCC Gateway associated with the router. The format of the URI follows this pattern: https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes/GATEWAY_SPOKE_NAME

  • REGION: the region that contains the Cloud Router

  • ASN_NUMBER: any private ASN (64512-65534, 4200000000-4294967294) that you aren't already using in the on-premises network

    Cloud Router requires you to use a private ASN, but your on-premises ASN can be public or private.

  • CUSTOM_ADVERTISED_RANGES: the list of custom IP address ranges in CIDR format or individual IP addresses to be included in the router-level advertisements

    Individual IPv4 addresses are interpreted as a CIDR with a /32 subnet mask, and individual IPv6 addresses are interpreted as a CIDR with a /128 subnet mask. For information about the maximum number of custom route advertisements, see Limits.

  • ROUTER_IDENTIFIER_RANGE: an optional IPv4 address range that serves as a unique identifier for the Cloud Router

    For more information, see Configure the BGP identifier range for a Cloud Router.

  • KEEPALIVE_TIMER: an optional time, in seconds, that defines the BGP keepalive timer.

    Valid values are between 20 and 60, inclusive. If you omit the --keepalive-interval flag, Cloud Router uses a 20 second BGP keepalive timer. For more information, see Keepalive timer.

API

Use the compute.router.insert method with NCC Gateway specified in the payload. To specify router-level custom route advertisements, set the bgp.advertiseMode flag to CUSTOM. For information about the effect of the router-level advertisement mode on individual BGP session advertisements, see Effective advertisements.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers
{
"name": "ROUTER_NAME",
"ncc_gateway": "NCC_GATEWAY_URI",
"bgp": {
  "asn": "ASN_NUMBER",
  "advertiseMode": CUSTOM,
  "advertisedIpRanges": [
    {
        "range": CUSTOM_ADVERTISED_RANGE,
        "description": CUSTOM_ADVERTISED_RANGE_DESCRIPTION
    }, ...
  ],
  "identifierRange": ROUTER_IDENTIFIER_RANGE,
  "keepaliveInterval": KEEPALIVE_TIMER
}
}

Replace the following:

  • PROJECT_ID: the project ID for the project that contains the Cloud Router
  • REGION: the region that contains the Cloud Router
  • ROUTER_NAME: the name of the Cloud Router
  • NCC_GATEWAY_URI: the full URI of the NCC Gateway associated with the router. The format of the URI follows this pattern: https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/REGION/spokes/GATEWAY_SPOKE_NAME

  • ASN_NUMBER: any private ASN (64512-65534, 4200000000-4294967294) that you aren't already using in the on-premises network

    Cloud Router requires you to use a private ASN, but your on-premises ASN can be public or private.

  • CUSTOM_ADVERTISED_RANGE and CUSTOM_ADVERTISED_RANGE_DESCRIPTION: keys in a dictionary that specify a router-level custom route advertisement

    The bgp.advertisedIpRanges list contains each custom route advertisement dictionary. Specifying bgp.advertisedIpRanges requires bgp.advertiseMode: CUSTOM. Each CUSTOM_ADVERTISED_RANGE is an IP address range in CIDR format or an individual IP address. Individual IPv4 addresses are interpreted as a CIDR with a /32 subnet mask, and individual IPv6 addresses are interpreted as a CIDR with a /128 subnet mask. For information about the maximum number of custom route advertisements, see Limits. Each CUSTOM_ADVERTISED_RANGE_DESCRIPTION is a string to describe the advertisement.

  • ROUTER_IDENTIFIER_RANGE: defines an IPv4 address range that serves as a unique identifier for the Cloud Router

    For more information, see Configure the BGP identifier range for a Cloud Router.

  • KEEPALIVE_TIMER: an optional time, in seconds, that defines the BGP keepalive timer

    Valid values are between 20 and 60, inclusive. If you omit bgp.keepaliveInterval, Cloud Router uses a 20 second BGP keepalive timer. For more information, see Keepalive timer.

Create VLAN attachments

VLAN attachments for Dedicated Interconnect or Partner Interconnect provide the connectivity path between the NCC Gateway and an on-premises network.

The VLAN attachment traffic goes through the NCC Gateway before it reaches the partner service and the hub.

For detailed information about how to create VLAN attachments and set up interface and BGP peering, see Create VLAN attachments.

Previous
Connect the Secure Access Connect attachment
Next
Create and manage NCC Gateway advertised routes