When you create a spoke, you must associate it with a hub. If your spoke is in a different project from the hub, the hub administrator must approve your proposed spoke before it can become active. To create a VPC spoke that you want to connect to a hub in a different project, follow these steps.
For information about how to work with spokes including creating, listing, updating, and deleting spokes, see Work with spokes.
Before you begin
Before you get started, review the following sections.
Create or select a project
To make it easier to configure Network Connectivity Center, start by identifying a valid project.
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
If you are using the Google Cloud CLI, set your project ID by using the
gcloud config set
command.gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your unique project ID.The gcloud CLI instructions on this page assume that you have set your project ID.
To confirm that you set the project ID correctly, use the
gcloud config list
command.gcloud config list --format='text(core.project)'
Enable the Network Connectivity API
Before you can perform any tasks using Network Connectivity Center, you must enable the Network Connectivity API.
Console
To enable the Network Connectivity API:
In the Google Cloud console, go to the Network Connectivity Center page.
Click Enable.
Alternatively, you can enable the API by using the Google Cloud console API Library, as described in Enabling APIs.
Propose a spoke
To create a VPC spoke in the same project as the hub or in a different project, follow these steps.
If you want to assign exclude export ranges or include export ranges, use the appropriate options during spoke creation.
Console
In the Google Cloud console, go to the Network Connectivity Center page.
In the project menu, select a project in which you want to create the spoke.
Click the Spokes tab.
Click Add spokes.
In the Select hub section, to attach the new spoke to a hub in another project, select the hub location as In another project.
Enter the Project ID and the Hub name to which you want to attach your new spoke.
Enter a Spoke name and optionally, a Description.
If the hub that you are connecting to is configured for star topology, select or enter the Spoke group name for your spoke. For information about star topology, see Star topology. For information about spoke groups, see Spoke groups.
For Spoke type, the following options are available:
- For a hub in a different project, the default Spoke type is VPC spoke.
- For a hub in the same project, allowed spoke types are determined by pre-existing spoke types.
- If there are no spokes, you can select any spoke type, although the preselected option is Cloud VPN tunnel.
To add a VPC network to the spoke, select the VPC network from the list.
Optional: in the VPC spoke filter field, you can add a filter to customize how routes are advertised by specifying IP address ranges to exclude or include export from the spoke to the hub. You can configure the spoke to export only subnet ranges that use private IPv4 addresses, only IPv6 subnet ranges (internal and external), or both subnet ranges that use private IPv4 addresses and internal and external IPv6 subnet ranges.
IPv4 ranges: configure the export of IPv4 subnet ranges.
Include export IPv4 subnet ranges from spoke to hub: by default, this checkbox is selected and all subnet ranges that use private IPv4 addresses are exported.
If you don't want to export IPv4 subnet ranges, clear this checkbox.
If you only want to export specific IPv4 subnet ranges, select Specify IPv4 ranges and enter the address ranges that you want to export. The IPv4 subnet ranges that you specify must be private IPv4 address ranges, excluding privately used public IPv4 addresses. For more information, see Valid IPv4 ranges.
Exclude export IPv4 subnet ranges from spoke to hub: if the spoke exports all subnet ranges that use private IPv4 addresses and you want to exclude specific ranges from export, enter those ranges in this field.
IPv6 ranges (Preview): Configure the export of IPv6 subnet ranges.
- Include export all IPv6 subnet ranges from spoke to hub: to export all internal and external IPv6 subnet ranges to the hub, select the checkbox.
Click Done.
If you want to add more spokes, click Add spoke and begin the process again, starting with entering a Spoke name.
When you have finished adding spokes, click Create. The Network Connectivity Center page updates to show details about the spokes that you created.
The spoke status remains
Inactive
until the hub administrator reviews and accepts your proposed spoke.
gcloud
To create a VPC spoke, use the
gcloud network-connectivity spokes linked-vpc-network create
command.
gcloud network-connectivity spokes linked-vpc-network create SPOKE_NAME \ --hub=HUB_URI \ --global \ --vpc-network=VPC_NETWORK \ --include-export-ranges=[INCLUDE_RANGES] \ --exclude-export-ranges=[EXCLUDE_IPV4_RANGES] \ --group=GROUP_NAME
Replace the following:
SPOKE_NAME
: a name for the spoke that you are creating.HUB_URI
: the URI of a hub in a different project that you want to create the spoke in.VPC_NETWORK
: the VPC network that this spoke provides connectivity to. The VPC network must be in the same project as the spoke.INCLUDE_RANGES
: a comma-separated list of IP address ranges to export to the hub, specified as follows. You can configure the spoke to export only subnet ranges that use private IPv4 addresses, only IPv6 subnet ranges (internal and external), or both subnet ranges that use private IPv4 addresses and internal and external IPv6 subnet ranges. If not specified, the VPC spoke exports all subnet ranges that use private IPv4 addresses.For IPv4, you can use one of the following options:
- To export all subnet ranges that use private IPv4 addresses, enter
ALL_PRIVATE_IPV4_RANGES
. - To export specific IPv4 subnet ranges, enter a comma-separated list of IP address ranges
(up to 16 CIDR ranges), such as
10.1.0.0/16, 192.168.0.0/24, 172.16.1.1/32
. The IPv4 subnet ranges that you specify must be private IPv4 address ranges, excluding privately used public IPv4 addresses. For more information, see Valid IPv4 ranges.
- To export all subnet ranges that use private IPv4 addresses, enter
For IPv6 (Preview), you can export all IPv6 subnet ranges (internal and external) by entering
ALL_IPV6_RANGES
.
EXCLUDE_IPV4_RANGES
: a comma-separated list of IPv4 address ranges to be excluded from exporting to the hub (up to 16 CIDR ranges), such as10.1.0.0/16, 192.168.0.0/24, 172.16.1.1/32
. The specified ranges must have a longer prefix or be equal to the individually configured subnets within the VPC.GROUP_NAME
: the group this spoke belongs to. The supported values aredefault
for a mesh topology hub orcenter
oredge
for a star topology hub. This field is required for spoke groups that use star topology. For detailed information about spoke groups, see Spoke groups.
API
To create a VPC spoke, use the
networkconnectivity.spokes.create
method.
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/spokes { "name":"SPOKE_NAME", "hub":"HUB_URI", "linkedVpcNetwork": { "uri": VPC_URI, "include_export_ranges": "[INCLUDE_RANGES]", "exclude_export_ranges": "[EXCLUDE_IPV4_RANGES]", "group": "GROUP_NAME" }, }
Replace the following:
PROJECT_ID
: the project ID of the project that contains the new spoke.SPOKE_NAME
: a name for the spoke that you are creating.HUB_URI
: the full hub URI including the project, since the hub is in a different project from the spoke—for example,projects/hub-project-ID/locations/global/hubs/hub-name
.VPC_URI
: The VPC network that this spoke points to, such asvpc_uri
.INCLUDE_RANGES
: a comma-separated list of IP address ranges to export to the hub, specified as follows. You can configure the spoke to export only subnet ranges that use private IPv4 addresses, only IPv6 subnet ranges (internal and external), or both subnet ranges that use private IPv4 addresses and internal and external IPv6 subnet ranges. If not specified, the VPC spoke exports all subnet ranges that use private IPv4 addresses.For IPv4, you can use one of the following options:
- To export all subnet ranges that use private IPv4 addresses, enter
ALL_PRIVATE_IPV4_RANGES
. - To export specific IPv4 subnet ranges, enter a comma-separated list of IP address
ranges (up to 16 CIDR ranges), such as
10.1.0.0/16, 192.168.0.0/24, 172.16.1.1/32
. The IPv4 subnet ranges that you specify must be private IPv4 address ranges, excluding privately used public IPv4 addresses. For more information, see Valid IPv4 ranges.
- To export all subnet ranges that use private IPv4 addresses, enter
For IPv6 (Preview), you can export all IPv6 subnet ranges (internal and external) by entering
ALL_IPV6_RANGES
.
EXCLUDE_IPV4_RANGES
: a comma-separated list of IPv4 address ranges to be excluded from exporting to the hub (up to 16 CIDR ranges), such as10.1.0.0/16, 192.168.0.0/24, 172.16.1.1/32
. The specified ranges must have a longer prefix or be equal to the individually configured subnets within the VPC.GROUP_NAME
: the group that this spoke belongs to—for example,center
oredge
. This field is required for spoke groups that use star topology. For detailed information about spoke groups, see Spoke groups.
What's next
- To create hubs and spokes, see Work with hubs and spokes.
- To view a list of partners whose solutions are integrated with Network Connectivity Center, see Network Connectivity Center partners.
- To find solutions to common issues, see Troubleshoot Network Connectivity Center.
- To get details about API and
gcloud
commands, see APIs and reference.