-1

I got a situation where I hold two projects under a GCP account and want to connect my on premises infrastructure using VPN & BGP. One thing I can't get working and sure if supported are transitive routes.

so as the diagram below, I want project B routes to got to project A and then being advertised to my on premises router. 

    +---------------+
    |               |
    |  Cloud Router +------------------------------------+
    |               |                                    |
    |  Project A    |                                    |
    |  10.0.0.0/24  |                                    |
    |               |                                    ^
    +---------------+                    +----------------------------------+
            ^                            |                                  |
            |                            |                                  |
            |                            |   On premises router / firewall  |
            |                            |                                  |
            |                            |                                  |
            |                            +----------------------------------+
            |                                          Desired state:
    +--------------+                                   10.0.0.0/24 & 10.0.1.0/24
    |  Project B   |                                   via project A cloud router
    |  10.0.1.0/24 |
    +--------------+                                   Actual state:
                                                       Only 10.0.0.0/24 is being
                                                       advertised via BGP

Can this be done in GCP or should I have a full manual mesh setup (or use some 3rd party software router ( vyatta / pfsense / whatever ) to accomplish this?

Thanks. Tal.

Jesse Scherer
  • 1,492
  • 9
  • 26
Tal Fishler
  • 1

1 Answers1

1

You first need to ask yourself how the two GCP network will be connected to each other?

If you divide your network to 2 different network for security reasons, you can use sub-networks . In this settings, Cloud router will announce all these regional subnetworks to the peer gateway via BGP.

If you use 2 different project (e.g. for billing purpose), you should set a VPN and Cloud Router between the 2 GCP networks. This settings doesn't allow Hub-Spoke model, that says that the routes of network B won't be announce to the on-premises router.

Avinoam Meir
  • 497
  • 2
  • 9
  • The 2nd scenario you're describing is correct. I already got the vpn setup from proj. B to proj. A. So, basically, you're saying that the "project A" cloud router has no option to announce "project's B" network prefixes to the on premises router and I should bring up some software router instance and have set ipsec & bgp on it, and then have it advertise my subnets? – Tal Fishler Nov 27 '16 at 13:52
  • Indeed. You need to use 3 party product to connect network B with the on premises router. – Avinoam Meir Nov 27 '16 at 14:26