- Cloud Router is a fully distributed and managed Google Cloud service that helps you define custom dynamic routes and scales with your network traffic.
- It works with both legacy networks and Virtual Private Cloud (VPC) networks.
- Cloud Router utilizes Border Gateway Protocol (BGP) to exchange routes between your Virtual Private Cloud (VPC) network and your on-premises network.
- Using Cloud Router is required or recommended in the following cases:
- Required for Cloud NAT
- Required for Cloud Interconnect and HA VPN
- A recommended configuration option for Classic VPN
- When you extend your on-premises network to Google Cloud, use Cloud Router to dynamically exchange routes between your Google Cloud networks and your on-premises network.
- Cloud Router peers with your on-premises VPN gateway or router. The routers exchange topology information through BGP.
- Through BGP, Cloud Router advertises the IP addresses of Google resources that clients in your on-premises network can reach. Your on-premises network then sends packets to your VPC network that have a destination IP address matching an advertised IP range. After reaching Google Cloud, your VPC network’s firewall rules and routes determine how Google Cloud route the packets.
- Default Route Advertisement – Cloud Router advertises subnets in its region for regional dynamic routing or all subnets in a VPC network for global dynamic routing.
- Custom Route Advertisement – You explicitly specify the routes that a Cloud Router advertises to your on-premises network.
Validate Your Knowledge
You are hosting a web application in your on-premises data center that needs to fetch files from a Cloud Storage bucket. However, your company strictly implements security policies that prohibit your bare-metal servers from having a public IP address or having any access to the Internet. You want to follow Google-recommended practices to provide your web application the necessary access to Cloud Storage.
What should you do?
nslookupcommand on your command-line to get the IP address for
b. Discuss with the security team why you need to have a public IP address for the servers.
c. Explicitly allow egress traffic from your servers to the IP address of
a. Create a VPN tunnel connecting to a custom-mode VPC in the Google Cloud Platform using Cloud VPN.
b. Create a Compute Engine instance and install the Squid Proxy Server. Use the custom-mode VPC as the location.
c. Configure your on-premises servers to use the new instance as a proxy to access the Cloud Storage bucket.
a. Migrate your on-premises server using
Migrate for Compute Engine(formerly known as Velostrata).
b. Provision an internal load balancer (ILB) that uses
storage.googleapis.comas a backend.
c. Set up the new instances to use the ILB as a proxy to connect to the Cloud Storage.
a. Create a VPN tunnel to GCP using Cloud VPN or Cloud Interconnect.
b. Use Cloud Router to create a custom route advertisement for
126.96.36.199/30. Announce that network to your on-premises network via VPN tunnel.
c. Configure the DNS server in your on-premises network to resolve
*.googleapis.comas a CNAME to restricted.googleapis.com.