-
Notifications
You must be signed in to change notification settings - Fork 40
VPN
Cloud VPN securely extends your peer network to Google's network through an IPsec VPN tunnel. Traffic is encrypted and travels between the two networks over the public internet.
https://cloud.google.com/network-connectivity/docs/vpn
If you need an enterprise-grade connection to Google Cloud that has higher throughput, you can choose Dedicated Interconnect or Partner Interconnect.
https://cloud.google.com/architecture/patterns-for-connecting-other-csps-with-gcp
Cloud VPN is easy to set up and cheaper than other interconnect options.
https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview#specifications
https://cloud.google.com/network-connectivity/pricing
https://cloud.google.com/network-connectivity/docs/how-to/choose-product#cloud-interconnect
https://cloud.google.com/vpc/docs/private-google-access-hybrid
https://cloud.google.com/vpc/docs/shared-vpc
https://cloud.google.com/network-connectivity/docs/concepts
Classic VPN gateways have a single interface, a single external IP address, and support tunnels that use dynamic (BGP) or static routing (policy-based or route-based). They provide an SLA of 99.9% service availability.
HA VPN lets you easily set up redundant VPNs to isolate failures and provide continuous connectivity for workloads that are too important to fail.
Use Case 1: Migrate an existing Classic VPN solution to HA VPN utilizing BGP as the routing protocol to an on-premises network (or any non Google Networks). Use Case 2: Migrate an existing Classic VPN utilizing policy based VPN to HA VPN utilizing BGP between two projects or VPCs within Google Cloud Platform.
https://www.youtube.com/watch?v=lIEExVWf5bg
If a Cloud VPN tunnel goes down, it restarts automatically. If an entire virtual VPN device fails, Cloud VPN automatically instantiates a new one with the same configuration. The new gateway and tunnel connect automatically.
VPN tunnels connected to HA VPN gateways must use dynamic (BGP) routing. Depending on the way that you configure route priorities for HA VPN tunnels, you can create an active/active or active/passive routing configuration. For both of these routing configurations, both VPN tunnels remain active.
https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies
https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview#active
https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview#comparison_table
https://cloud.google.com/vpc-service-controls/docs/overview
https://cloud.google.com/vpc-service-controls/docs/overview#isolate
https://cloud.google.com/vpc/docs/bring-your-own-ip#planning
https://cloud.google.com/architecture/best-practices-vpc-design#limit-access
https://cloud.google.com/architecture/building-internet-connectivity-for-private-vms
https://cloud.google.com/architecture/gke-ip-address-mgmt-strategies
With Cloud VPN, your on-premises hosts communicate through one or more IPsec VPN tunnels to Compute Engine Virtual Machine (VM) instances in your project's VPC networks.
https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies
https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies#to_peer_vpn_gateways
https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies#to_aws_peer_gateways
https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies#2-gcp-gateways
You can create a VPN tunnel that has the same IP range as another tunnel, a subset of the other tunnel's range, or a superset of the other tunnel's range.
For details, see Order of routes.
In Networks and tunnel routing, you can find information about supported Virtual Private Cloud (VPC) networks and routing options, including traffic selectors.
https://cloud.google.com/network-connectivity/docs/vpn/how-to/generating-pre-shared-key
https://cloud.google.com/network-connectivity/docs/vpn/concepts/key-terms
https://www.ivpn.net/pptp-vs-ipsec-ikev2-vs-openvpn-vs-wireguard/
https://www.schneier.com/blog/archives/2020/07/nsa_on_securing.html
https://cloud.google.com/network-connectivity/docs/vpn/how-to/interop-guides
https://medium.com/@sruffilli/setting-up-a-simulated-on-prem-environment-for-gcp-90dcbb2d57f8
https://cloud.google.com/network-connectivity/docs/vpn/tutorials/configure-vpn-between-onprem-cloud
https://cloud.google.com/community/tutorials/deploy-ha-vpn-with-terraform
https://github.com/GoogleCloudPlatform/autonetdeploy-multicloudvpn
https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-ha-vpn
https://cloud.google.com/network-connectivity/docs/vpn/how-to/automate-vpn-setup-with-terraform
https://cloud.google.com/network-connectivity/docs/vpn/how-to/configuring-peer-gateway
https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-static-vpns