EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFLAB: Creation of a Cloud HA VPN Connection
LAB: Creation of a Cloud HA VPN Connection
Task :
- Creating On-Premise Environment.
- Creating Infrastructure for Cloud Environment.
- Creating HA VPN and Configuring BGP Session.
- Validating the Connection.
Solution
Task 1: Configure On-Premises VPC
Hence we don’t have On-Premises Connectivity, we will create Two VPC, one we will assume On-premises and another is Cloud VPC.
Click on the Cloud Shell icon in the top right corner
Copy and Paste the below command to Create a VPC with the name dclessons-onprem-vpc with custom subnet creation mode.
gcloud compute networks create dclessons-onprem-vpc --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional
Use the below command to add a subnet with name dclessons-onprem-sub with range 10.0.1.0/24 to the VPC dclessons-onprem-vpc.
gcloud compute networks subnets create dclessons-onprem-sub --range=10.0.1.0/24 --stack-type=IPV4_ONLY --network=dclessons-onprem-vpc --region=us-central1
As we will be sending traffic to this VPC in future steps and by default, the incoming request to a VPC is blocked, we will be creating a Firewall Rule to allow the traffic.
gcloud compute firewall-rules create allow-all --direction=INGRESS --priority=1000 --network=dclessons-onprem-vpc --action=ALLOW --rules=all --source-ranges=0.0.0.0/0
Use the below command to create a Compute Engine Instance with the name dclessons-onprem-instance with Machine Type as n1-standard-1 in the Zone as us-central1-a.
gcloud compute instances create dclessons-onprem-instance --zone=us-central1-a --machine-type=n1-standard-1 --network-interface=subnet=dclessons-onprem-sub,no-address --provisioning-model=STANDARD --no-service-account --no-scopes --create-disk=auto-delete=yes,boot=yes,device-name=dclessons-onprem-instance,image=projects/debian-cloud/global/images/debian-11-bullseye-v20220719,mode=rw,size=10
Task 2: Configure Cloud VPC
Under VPC Network | Click on Create VPC Network
Under Create a VPC Network | Name: dclessons-cloud-vpc | Subnets: custom | New Subnet: Name: dclessons-cloud-subnet | Region: us-central1
IP Stack Type: IPV4, | IPv4 range: 10.0.2.0/24 | Private Google Access: ON | Click Done
Scroll down, Under Firewall Rules check the dclessons-vpc-allow-ssh firewall rule.
Under Dynamic Routing Mode: Regional | Click Create
Click on Routes from the left panel and make an observation that all of them will be starting with the keyword default
Task 3: Creating Cloud VPC Compute Instance
Under Compute Engine | VM Instance: Create Instance
Under Create Instance | Name: dclessons-cloud-vpc-instance-1 | Region: us-central1(lowa) , Zone: us-central1-a | Machine Configuration: Series : N1 , Machine Type: n1-standard-1
Under Identity & API Access | Service Account: Select your Account
Under Advance Option | Networking: Network Interfaces: Edit Network Interfaces: Network: dclessons-cloud-vpc | Subnetwork: select dclessons-cloud-subnet-IPV4 (10.0.2.0/24)
IP stack Type: IPv4, | Click Done | Create
Once done , we can see that both instance are UP and running , SSH to dclessons-cloud-vpc-instance-1
Enter the below command and press Enter
gcloud auth login --no-launch-browser -q
You will receive below as the output. Copy the URL mentioned in the output
In browser , Copy the Code as shown
Enter the code under Enter the authorization code section:
Enter the below command to have admin access to the VM : ping 10.0.1.2 | And there is no Communication established.
Task 4: Configure HA VPN gateway ( On-Premises to Cloud )
Click on the Cloud Shell icon in the top right corner as shown below. Copy and Paste the below command to create a Cloud Router with the name dclessons-onprem-router and ASN(Asynchronous System Number) as 64515.
gcloud compute routers create dclessons-onprem-router --network=dclessons-onprem-vpc --asn=64515 --keepalive-interval=25 --region=us-central1
LEAVE A COMMENT
Please login here to comment.