Google Cloud Platform VPN Configuration: A Walkthrough

(Last Updated On: October 16, 2018)

Google Cloud Platform VPN Configuration: A Walkthrough

In today’s uber-interconnected world, faster is almost always better. Fast is…fast. And when you want to get somewhere fast, it makes sense to take the shortest route.

It’s no different when accessing the public cloud. A Google Dedicated Interconnect from Shamrock enables you to avoid the public internet and connect your VPN directly to Google’s backbone network via a Google POP (point of presence). Voila…it’s fast!

We’ll walk you through the entire process of configuring a GCP Interconnect connection step-by-step, from ordering your first Google Interconnect circuit from Shamrock to configuring your VLAN attachments (tunnels).

Side Note: This article will focus on solely GCP’s Dedicated Interconnect, but Shamrock can deliver a direct connect from your office or data center, anywhere in the world, into any cloud provider at any speed (10Mbps – 100G). If you’re curious about direct connects into other public cloud providers like AWS or Azure, feel free to check out our website at www.shamrockconsulting.com or give us a call at 310-955-1600. All consultations are free!

If you’re here to learn more about configuring GCP Interconnect specifically, then please, continue…

Before You Start

It’s an exciting time when setting up GCP Interconnect for the first time, but don’t get too big for your britches early on. Before you begin, it’s imperative that you run through the following checklist before firing up your GCP Console.

Shamrock can help you set this all up as well if you don’t know how or if you run into any issues in the setup process.

Make sure you:

Have a valid and active Google Cloud Platform account
Have access to the GCP Console
Have your own routing equipment at the POP/colocation facility
Use devices which meet the following Google specs:

Single mode fiber, 10GBASE-LR, 1310 nm
IPv4 link local addressing
LACP
EBGP-4 with multi-hop
802.1q VLANs

Got all the above taken care of? Great work. Now let’s get down to business!

Step 1: Creating an Interconnect Connection

  1. Navigate to the GCP console via your browser and go to the Cloud Interconnect Physical Connection tab
  2. Select ‘Set up Connection’
  3. Choose ‘Dedicated Interconnect’ then click ‘Continue’
  4. Select ‘Order New Dedicated Interconnect’ then click ‘Continue’
  5. Give the connection a name
  6. Select the location where you want your connection set up
  7. Choose your capacity. This will depend on the number of circuits you set up (each circuit provides 10Gbps)
  8. Specify further connections if you want to add redundancy
  9. Under ‘Contact Info’ enter your Company Name and Technical Contact email address. The Company Name will go on the LOA as an authorized party. Your Technical Contact will receive email updates from Google. The account owner doesn’t need to add their own email address, as they will automatically receive the emails
  10. Review your details and then click either ‘Place Order’ or go back and amend any incorrect information
  11. Review the order confirmation page and click ‘Done’

Google will send you a confirmation email and then set up your port before generating and emailing you the LOA-CFA. You’ll need to send this to your vendor, so talk to your colo for more information, or have Shamrock do it all for you!

Once Google has provisioned and tested the connection, you can configure and connect your VPNs to your Google VPC via the Interconnect circuit.

Step 2: Configuring Routing and Connecting Your VPNs

Traffic between your on-prem VPN and Google’s peering edge will travel through a pair of VPN tunnels (also known as VLAN or Interconnect attachments), one connection defined by your VPN gateway and the other by Google’s.

There are three tunnel routing choices available, but let’s focus on the recommended dynamic (BGP) routing option:

  1. Navigate to the GCP console via your browser and go to the VLAN Attachments tab
  2. Select ‘Dedicated Interconnect’ and click ‘Continue’
  3. Choose ‘In this project’
  4. Select one of your existing Interconnect connections and click ‘Continue’
  5. Choose ‘Add VLAN attachment’ and enter a name for the attachment. Select or create a Cloud Router and enter a private autonomous system number ASN in the range of 64512-65535 or 4200000000-4294967294
  6. Repeat the above steps to add multiple VLANs
  7. Click ‘Create’

You will then need to add a BGP session to your Cloud Router interface:

  1. Select the first VLAN attachment and choose ‘Configure’
  2. Enter a name for the BGP session and the ASN of your on-prem router
  3. The VLAN attachment will automatically allocate both the on-prem and cloud router IP addresses
  4. Repeat the above steps for any other VLAN attachments
  5. After you’ve added all BGP sessions, select ‘Save configuration’
  6. Repeat steps 1-5 for any other Interconnects you have provisioned
  7. Before you can activate the session, you’ll need to configure your on-prem router using the VLAN ID, interface IP address and peering IP address provided by the VLAN attachment. The exact steps will depend on the router vendor, but Google does provide guidance for some popular vendors on their ‘Configuring On-Premises Routers‘ page

How Shamrock Can Help

As a certified Google Cloud Partner, we’ve helped hundreds of clients configure and manage their GCP Interconnect connections successfully. Our team is battle-tested and highly knowledgeable on all things GCP as well as the other public cloud providers like AWS and Azure, and we’ll set you up with everything you’ll need for your cloud direct connect.

A direct connection via Google Interconnect will enable you to bypass the internet for more reliable and faster connection speeds at much lower latencies. Shamrock will help you make sure you’re making all the right moves from Day One.

All of our consultations (including Google Direct Interconnect) are completely free, so don’t wait – the cloud is calling! Nothing to lose. Talk to Shamrock today and let’s get this thing up and running!

Ben Ferguson

Ben Ferguson

Ben Ferguson is the Senior Network Architect and Vice President of Shamrock Consulting Group, the leader in technical procurement for telecommunications, data communications, data center and cloud services. Since his departure from Biochemical research in 2004, he has built core competencies around enterprise wide area network architecture, high density data center deployments, public and private cloud deployments, and Voice over IP telephony. Ben has designed hundreds of wide area networks for some of the largest companies in the world. When he takes the occasional break from designing networks, he enjoys surfing, golf, working out, trying new restaurants and spending time with his wife Linsey and his dog, Hamilton.