Prepare for Hybrid Subnets connectivity

This page describes the tasks that you need to complete before you can use Hybrid Subnets. Ensure that your source network and Virtual Private Cloud (VPC) network are ready for Hybrid Subnets connectivity by completing the following steps.

Connect a VPC network to a source network

A hybrid subnet requires connectivity between a VPC network and a source network. The connection must be one of the following types:

• A pair of HA VPN tunnels
• VLAN attachments for Dedicated Interconnect
• VLAN attachments for Partner Interconnect

For help choosing a connection type, see Choosing a Network Connectivity product.

To configure hybrid connectivity, see the following:

• Create an HA VPN gateway to a peer VPN gateway
• Create Dedicated Interconnect VLAN attachments
• Create Partner Interconnect VLAN attachments

Configure custom route advertisement

When you configure hybrid connectivity, you create a Cloud Router. Configure the Cloud Router's BGP session to only advertise custom routes. Don't add any routes now; in a later step, you add custom routes for each migrated VM.

Configure firewall rules

To ensure that Google Cloud virtual machine (VM) instances can communicate with workloads in your source network and Google Cloud VMs that use the hybrid subnet's IP address range, do the following:

• In Google Cloud, create ingress allow firewall rules or rules in firewall policies to allow all packets from the IP address range that is associated with the hybrid subnet.

  The implied allow egress firewall rule allows egress from Google Cloud VMs. If you've created egress deny firewall rules or egress deny rules in firewall policies, you'll need to create egress allow rules to permit packets to the IP address range that is associated with the hybrid subnet.

  You can scope firewall rules to specific VMs by using the target parameter of the rule. For more information, see:

  • VPC firewall rules
  • Firewall policies

• Configure firewalls in your source network in a similar way.

Configure source network routing

To prepare your source network for Hybrid Subnets connectivity, do the following.

Enable proxy ARP for the source network

Enable proxy ARP for your source network. For more information, see Proxy ARP and Hybrid Subnets.

For information on enabling proxy ARP, see the documentation of your proxy ARP solution.

Advertise your hybrid subnet's IP address range

Configure your source network to advertise the primary internal IPv4 address range of the VPC part of your hybrid subnet.

What's next

• To learn more about Hybrid Subnets, see About Hybrid Subnets.

• To migrate workloads from a source subnet to a VPC subnet, see Create a hybrid subnet.