GCP – Cross-Cloud Network: Private, customizable and flexible networking
The Cross-Cloud Network provides you with a set of functionality and architectures that allows any-to-any connectivity. This was announced during Next 23, and if you read on you’ll get an overview of the ebook “Introduction to Google Cross-Cloud Network” .
What is the Cross-Cloud Network?
Cross-Cloud Network is a solution that addresses the need from organizations to be able to build multi tier apps and network them regardless where ever they are. The Google Cloud global backbone provides a scalable platform to design, scale and network your applications; allowing flexibility to connect application workloads located in your data center, other clouds and Google Cloud easily and securely.
Use cases
The Cross-Cloud Network helps you with:
Building distributed applications – Cross-Cloud Network simplifies hybrid and multicloud network and security architecture design while providing high performance, reliability, and security. Customers can easily connect services from various clouds and private data centers with advanced products such as Cross-Cloud Interconnect, Private Service Connect, and Network Connectivity Center.Internet facing application and content delivery – Cross-Cloud Network leverages Google’s extensive global infrastructure, combining Cloud Load Balancer, Cloud Armor, and Cloud CDN to ensure optimal performance, security, and user experience. Cross-Cloud Interconnect can be used to connect clouds together, and lower total cost of ownership (TCO)Hybrid workforce – To simplify security for hybrid workforces, Cross-Cloud Network integrates with leading Secure Service Edge (SSE) solutions from Palo Alto Networks, Broadcom, and Fortinet. The native integration streamlines security without complete network setup to achieve secure and optimal user experience.
Components of Cross-Cloud Network
The Cross-Cloud Network allows you to utilize various services to network your workloads. A few of the core services to help with this are:
Cloud Interconnect – Connects to on-premises locations, with high speed, direct links. This also supports MACsec.Cross-Cloud Interconnect – These are available in 10GB and 100GB speeds and allow you to connect directly to other clouds with 99.99% SLA.Network Connectivity Center – Connect your Interconnect, HA VPN, and SD-WAN spokes to allow site-to-site transfers. VPC spoke support is currently in preview to connect multiple VPCs across Google Cloud.Load balancer – Optimize application performance with a broad L4 and L7 load balancer portfolio with Service Extension Callouts which enable developers to customize services.Network Endpoint Groups (NEG) – Is a configuration object that specifies a group of backends. There are several NEG types including (zonal, internet, serverless, hybrid, private service connect NEG) which can be used based on your use case.Cloud Armor – Secure your network edge with our advanced ML-powered WAF from DDoS and OWASP top 10 attacks.Private Service Connect (PSC)- Connect privately and to services and Google APIs.Network Virtual Appliances (NVA) – Allows customers to use centralized VM appliances that traffic is routed through. Common use cases for this are for third party next-generation firewalls (NGFW), Intrusion detection system (IDS), web access firewall (WAF), NAT and Transparent proxy.
From an architecture point of view you have the flexibility to design based on your use case.
Architectures
The “Cross-Cloud Network eBook” document features several architectures. Let’s take a quick review of two of these.
Design 1:
In this pattern hybrid and multicloud connectivity is provided via Cloud Interconnect, Cross-Cloud Interconnect, SD-WAN or Cloud VPN. Load balancers allow applications to be accessed via a single IP address with External and Internal options available.
Public Google APIs can be accessed privately with PSC options. You can also use Hybrid NEGs for applications that reside on-premises.
Interconnect spokes can be attached to the Network Connectivity Center to allow communication between attached spokes. There are several combinations that can be used depending on your design archetype, you can read more about archetypes in the Google Cloud deployment archetypes documentation.
Design 2:
This pattern allows you to secure your public access to public apps, your employee access to apps, and application to application communication. Load balancers expose your application via global IP, you can utilize Cloud Armor to provide WAF and Distributed denial-of-service (DDoS) protection. To secure remote user connections, in addition to Identity Aware proxy, secure services edge (SSE) stacks can be deployed natively within Google Cloud from ecosystem partners. This integrates into the design allowing you to steer your traffic to these services without impacting application performance.
Stay tuned for more posts on the topics with more architectural guides around various archetypes available in Google Cloud.
More on Cross-Cloud Network
To learn more about Cross-Cloud Network, I recommend the following resources.
Document pdf: Introduction to Google Cross-Cloud Network ebook (Inciteful read)
Landing page: Cross-Cloud NetworkDocument: Build hybrid and multicloud architectures using Google CloudYouTube: Design secure enterprise networks for a multi-cloud worldYouTube: Cross-Cloud Interconnect Demo 2
Want to ask a question, find out more or share a thought? Please connect with me on Linkedin
Read More for the details.