Menu
Inter-VPC connectivity architecture patterns in Cross-Cloud Network

GCP – Inter-VPC connectivity architecture patterns in Cross-Cloud Network

,

Connecting hybrid environments to the cloud is a very important aspect of cloud architecture. In addition to connecting from on-premises environments, you also have multicloud environments that all need to communicate. In this blog we will look at some reference architectures for hub-and-spoke communication using Cross-Cloud Network.

The power of Cross-Cloud Network

As your cloud projects grow and you add additional networks, you need inter-network communication. Cross-Cloud Network provides a set of functionality and architectures for any-to-any connectivity leveraging Google’s software-defined global scaled backbone to connect your distributed applications.

Let’s look at two architectural patterns: one based on VPC Network Peering, and the other on Network Connectivity Center.

#1 – Inter-VPC communication with VPC Network Peering example pattern

To understand how to think about designing your network, let’s look at the flow of a packet from an external network to an application located in workload VPC network 1 located in Google Cloud. This design is focused on the use of VPC Network Peering. The network is composed of an external network (on-prem and other clouds), and the Google Cloud network (transit VPC, services access VPC, managed services VPC, workloads VPC).

1-ccn-vnp-vpn-flows

This design uses the following services for its end-to-end solution:

  • Cloud Interconnect (Direct, Partner, Cross-Cloud) – To connect connect from your on-prem or other clouds to the transit VPC

  • Cloud VPN – To connect from service-access VPC to transit VPC and export custom routes from private services access network

  • VPC Network Peering – To connect from workload VPC to transit VPC

  • Private services access – To connect to managed services privately in the services access VPC

  • Private Service Connect – To expose services in the managed services VPC network to be consumed in the services access VPC

  • Network Connectivity Center VPC spokes – To allow communication between workload VPCs if necessary

To understand more specific details like route exchange and packet flow, please read the full architecture document reference guide: Cross-Cloud Network inter-VPC connectivity using VPC Network Peering.

aside_block
<ListValue: [StructValue([(‘title’, ‘$300 to try Google Cloud networking’), (‘body’, <wagtail.rich_text.RichText object at 0x3eb368109ee0>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectpath=/products?#networking’), (‘image’, None)])]>

#2 – Inter-VPC communication with Network Connectivity Center

In this more modern design, we use Network Connectivity Center with a star configuration and interconnect spokes. To understand how to think about designing your network in this configuration, let’s look at the flow of a packet from an external network to an application located in the workload VPC 1.

The network consists of an external network (on-prem and other clouds), and the Google Cloud network (transit VPC, service access VPC, managed services VPC, Private Service Connect consumer VPC, and workload VPC).

2-flows

This design uses the following services to provide an end-to-end solution.

  • Cloud Interconnect (Direct, Partner, Cross-Cloud) – To connect from your on-prem or other clouds to the transit VPC. In this case multiple external locations are connecting in different regions.

  • Cloud VPN – To connect from service access VPC to transit VPC and export custom routes from private services access network

  • VPC Network Peering – To connect from workload VPC to transit VPC

  • Private services access – To connect to managed services privately in the services access VPC

  • Private Service Connect – To expose services in the managed services VPC network to be consumed in the services access VPC and Private Service Connect consumer VPC with endpoints to service made available to connected peers.

  • Network Connectivity Center VPC spokes – To allow communication between workload VPCs if necessary

  • Network Connectivity Center topology – Utilizes preset topologies (choose mesh or star depending on your requirements)

To understand the specific details such as the Network Connectivity Center star topology, route exchange and packet flow, please read the full architecture document reference guide: Cross-Cloud Network inter-VPC connectivity using Network Connectivity Center.

3-ncc-details

Next steps

Take a deeper dive into network migration support and Cross-Cloud Network.

Want to ask a question, find out more or share a thought? Please connect with me on Linkedin.

Related Article

Networking support for AI workloads

In this blog we look at some of the benefits of the Cross-Cloud Network in supporting AI and HPC workloads, both managed and self-managed.

Read Article


Read More for the details.

Related Posts