Hybrid Networking Options on Google Cloud
I recently did a comparison of the various networking options that Google’s cloud GCP provides for connecting an Enterprise data center to Google. I decided to pen down my takeaways from that review in this blog entry.
Interconnect vs Peering
Both are hybrid networking options for connecting your on-premises network to Google Cloud. However, there are some key differences which you should understand so as to leverage them for various use cases.
At a high level, there are two options — Interconnect or Peering.
Interconnect: Direct access from your on-premises network to Private IP addresses in your VPC hosted in Google Cloud. It comes with an SLA
Peering: Access limited to Google Public IP based services only. No SLA is offered.
Now, let’s dig in deeper into both these options, their use cases etc.
Option 1 — Interconnect:
It comes in 2 flavours: Direct Interconnect & IPSec VPN
- Direct Interconnect
As the name suggests, its a direct, enterprise-class connection between your DC and Google. It is useful when
i) You want to bypass the internet and use a pvt circuit between your location and Google
ii) Your workloads require a stable, low latency, high bandwidth (10 Gbps per link) connection
iii) You require an SLA (99.99% uptime)
- IPSec VPN
This is a traditional IPSec VPN tunnel over the internet
i) Useful when you simply require basic connectivity between your VPC and on-premises DC
ii) Can be established through any device in your DC that supports IPSec based VPN tunnels (most firewalls will do this, many routers and other appliances can also support this feature).Can offer up to 3 Gbps per tunnel, dependent on your ISP provided bandwidth.
iii) no SLA offered
Option 2 — Peering:
This networking option also comes in 2 flavours: Direct Peering & Carrier Peering.(For a brief intro on Peering, see “Peering Primer” at the bottom of the article)
- Direct Peering
i) When you wish to access Google’s various services and are able to meet its peering prerequisites
ii) 10 Gbps per link
iii) No SLA
- Carrier Peering
i) When you wish to access Google’s various services but are unable to meet its peering prerequisites
ii) No SLA
References:
More details, including pricing information for Google Hybrid Networking options can be seen here
Peering Primer:
Before I explain these two, let’s provide a brief overview of Peering in the Internet/ISP world. This is by no means a comprehensive definition of Peering, but a more of an introduction. When 2 ISP’s or Telco’s etc decide to connect to each other’s networks directly, they are said to be peering with each other. This peering usually happens by physically connecting these networks (e.g. L2 connect over Ethernet) and then logically (L3 connection through a BGP connection & route exchange).
The benefit of peering is that both the networks get the capability to talk to each other directly without having to route traffic through any other intermediary’s network. As most such intermediaries (aka Transit Networks) may charge or impose their own routing policies, a direct peering relationship generally offers a direct, faster, high capacity and more reliable connection. In many cases, peering is also settlement-free. This means there are no charges to pay by any peering party; they all mutually benefit from it.
For more details, see Peering on Wikipedia, and PeeringDB
I hope this shed some light on this somewhat drab topic :). Your feedback and comments are welcome.