Dynamic routing with Cloud Router
How dynamic routing saves you from pager duty and how to set it up (with VPN) on Google Cloud
Routing is an underpinning of the Internet. The very words you’re reading on this computer, phone, or tablet are being served to you through millions of routers finding optimal data paths for packets of data to travel from source to destination, one network to another.
While routing is, of course, equally important in a cloud environment to connect networks, there are different types of routes best suited for control or flexibility. Static routes mean the routing table is created, maintained, and updated by you — manually. That means a static route from one resource to another needs to be configured on every router for full connectivity. While this sounds tedious (which it can be) this gives you granular control and is completely manageable on smaller networks. It’s ideal for doing simple routing tasks, like network segmentation. On Google Cloud, you can set up static routes between subnets to allow connectivity. For example, the Default network in a VPC creates static routes between all subnets automatically.
Where static routes falls short
The biggest pitfall with static routes is that they aren’t fault-tolerant. Any change to the routing infrastructure, like a failed VM or re-architecture, would mean manual intervention. If routers are purely static, they have no way of choosing a better route if a link becomes unavailable. They have no way to intelligently share information between one another to advertise alternative routes. Simply stated, static routes are great for stable networks that don’t change.
But let’s be real — you’re probably expecting to build a more tolerant and fluid cloud network that can handle changes without putting you on pager duty. Let’s say you start with a VPC with multiple VMs in a subnet. Each VM’s traffic is directed through static routes to a Cloud VPN gateway, encrypting traffic to and from your on-premise network. This works, but adding another network on premise means manually adding static routes in Google Cloud that expand each VMs routing table to include new network paths on-premise. Plus, you need to reconfigure your VPN on both ends, which causes it to drop and reestablish — do I hear angry end users? This isn’t exactly fun, especially for larger organizations, who turn up new testing networks several times a week, or more.
Luckily, dynamic routing is here to bring some relief. Since the late 1980s, dynamic routing protocols have been used to accommodate growth as networks evolved and became more complex.
Instead of a static routing table, dynamic routers advertise their routes to other routers, meaning they exchange information. It allows routers on the network to make intelligent decisions on which path is best to get data to a subnet/destination. A dynamic routing table is created, maintained, and updated by a routing protocol (like BGP) running on the router. This lets the router dynamically choose a different (or better) path when there is a change to the routing infrastructure, like when a link fails. It’s like how Google Maps recalculates a new optimal path when your current route becomes flooded with traffic or an accident occurs. Cloud Routers make determinations based on several criteria, including network quality, link up/down, traffic congestion, etc. The key benefit here is redundancy. If one path on the network disappears, dynamic routing will adjust routes around that path without manual intervention.
Google Cloud Router
On Google Cloud, dynamic routing can be established using Cloud Router. It exchanges network topology information through Border Gateway Protocol (BGP). Cloud Router advertises subnets from its VPC network to another router or gateway via BGP. This is great for setting up VPN between the cloud and on-prem, as topology changes automatically propagate with no manual intervention and higher redundancy for your systems.
You now have:
- Discovery of remote networks
- Maintaining up-to-date routing information
- Choosing the best path to destination networks
- Ability to find a new best path if the current path is no longer available
And a great side effect can be lower latency because Cloud Router learns routes through BGP which allows for optimal data paths to reach its destination, whether that be another network or a VPN gateway to on-premise. Cloud Router is also how Dedicated Interconnect can give you 10 gbp/s bandwidth between your cloud VPC and your peered on-premise data center.
Cloud Router set up
Let’s walk through Cloud Router set up. We’ll be setting up 2 VPCs in different regions with a Cloud Router in each region, setting up a VPN tunnel between the networks, and finally establishing a BGP session between the two routers.
Create 2 Cloud Routers
- First check out my previous article to set up Cloud VPN in 2 different VPCs in us-central and us-east. No need to set up the VPN tunnels as we’ll be creating a Cloud Router in each region to establish a tunnel using BGP to advertise routes between the routers.
- Next, create a dynamic router in us-central by going to the Cloud Router page.
- Give it a name (c-router).
- Select the VPC network that contains the instances that you want to reach (texas).
- Choose the region where you want to locate the Cloud Router — select the same region our ohio VPC is in (us-central1). It advertises all subnets in the region where it’s located.
- Pick a private Google ASN you’re not using anywhere else in your network (65520). An ASN uniquely identifies each network on the Internet for BGP sessions.
- Leave advertised routes as default, This advertises all subnets visible to the Cloud Router, as opposed to creating custom routes.
8. Next create another Cloud Router in the ohio VPC (us-east1) and assign it a new private ASN (64512).
Create the central to east VPN tunnel
- Next create a VPN tunnel from central to east on the VPN tunnels page. Give it a name (cvpn-tunnel-1).
- Copy the evpn gateway public IP address from the Cloud VPN Gateways page and add that as the cvpn-tunnel-1 remote peer IP.
- Generate a shared secret and take note of it because you’ll also be using it for the next VPN tunnel.
- Leave routing options as dynamic.
- Select the c-router as the dynamic router.
Create the central BGP session
- Click the edit icon to create a BGP session.
- Give the BGP session a name (c-bgp).
- Assign the e-router ASN number as the peer ASN (64512).
- Manually assign a Cloud Router BGP IP and BGP Peer IP. These need to be link local addresses belonging to a common /30 CIDR from the 169.254.0.0/16 block. In this case I used 169.254.254.1 (local) and 169.254.254.2 (peer).
- Leave advertised routes as default.
Create the east to central VPN tunnel
- Next create another VPN tunnel from east to central, using the cvpn gateway public IP as the remote peer IP address.
- Paste the same shared secret you used in the previous tunnel.
- Select the e-router as the dynamic router.
Create the east BGP session
- Click the edit icon to create a new BGP session. Create a BGP session with the following details, using the ASN number of the c-router (65520) as the peer ASN, and the inverse of the Cloud Router and Peer IP addresses from our previous BGP session.
After a few minutes you should see the VPN tunnel establish on the VPN Tunnels page, and the BGP session “Waiting for peer” then establish between the two Cloud Routers with a green check mark to confirm.
Congratulations! You just set up dynamic routing through a BGP session between two Google Cloud Routers.
You can use this tutorial to help you set up Cloud Router with your VPN gateway on premise, High Availability VPN for a 99.99% SLA, and Direct Interconnect. Get ready to free yourself from management headache. With Cloud Router and VPN, you get:
- Automatic routing table updates
- SDN scalability
- No downtime during updates
Cloud Router is the orchestral conductor for traffic between your on-prem and the cloud, so you can seamlessly expand using VPN and Cloud Interconnect. Even in the face of failures, it helps you grow your network to dynamically scale and adapt to your changing needs.
- Deep dive on Cloud Router here.
- Subscribe to the GCP Youtube channel and follow my video series Networking End-to-End.
- Check out Networking 102 where I discuss dynamic routing with Networking Specialist, Ryan Pryzbl.
- Want more content? Follow me on Twitter @swongful.
- And check out the Google’s Cloud events near you.
Stay tuned for more on this series and thanks for joining me on this wild ride to demystify cloud networking!