Cloud Interconnect

Dedicated Interconnect

Direct physical connectivity between your on-premises network and Google's network is made possible via Dedicated Interconnect.

• Large data transfers between networks are possible because of dedicated interconnects, which can be less expensive than adding extra internet bandwidth.
   
• With Dedicated Interconnect, you must physically link your network to Google's network at a colocation facility using your own routing apparatus.
   
• Only dynamic routing is supported by Dedicated Interconnect.
   
• It offers bandwidth ranges from 10 Gbps to 200 Gbps.

Provisioning

In order for Google to assign the necessary resources and provide you a Letter of Authorization and Connecting Facility Assignment, you must first order an Interconnect connection before you can construct and setup a Dedicated Interconnect connection (LOA-CFA). In order for your vendor to provision the Interconnect connections between Google's network and your network, you must submit the LOA-CFA after receiving it.

Before using them, you must configure and test the connections with Google. You can make VLAN attachments once they're prepared to assign a VLAN to the connection.

Partner Interconnect

Your on-premises and VPC networks are connected by Partner Interconnect via a supported service provider.

• If the data centre is physically unable to access a Dedicated Interconnect colocation facility or if the data requirements don't justify a full 10-Gbps connection, a Partner Interconnect link can be useful.
   
• Partner Interconnect offers bandwidth ranges from 50 Mbps to 10 Gbps.
   
• Service providers make their customers' use of their physical connections to Google's network available.
   
• A Partner Interconnect connection can be sought from a service provider once connectivity has been established with them.

Provisioning

You must first connect your on-premises network to a supported service provider in order to provision a Partner Interconnect connection with that service provider. Connectivity should be established in cooperation with the service provider.

The last step is to create a VLAN attachment for a Partner Interconnect connection in your Google Cloud project. This produces a special pairing key that you can use to ask your service provider for a connection. Other details like the location and capacity of the connection must also be provided.

You must activate your connection in order to begin utilising it after the service provider configures your VLAN attachment. A Border Gateway Protocol (BGP) session is then established by either you or your service provider, depending on your connection.

Advantages of Cloud Interconnect

The advantages of utilizing Cloud Interconnect are as follows:

• The public internet is not used for communication between your on-premises network and your VPC network. Traffic travels across a dedicated connection or through a service provider with a dedicated connection. Your traffic travels through fewer hops by avoiding the public internet, which means there are fewer potential points of failure where it could be dropped or disturbed.
   
• The internal IP addresses of your VPC network are directly reachable from your on-premises network. To access internal IP addresses, you don't require a NAT device or VPN tunnel.
   
• Your connection capacity can be adjusted to suit your unique needs.
  
  One or more 10-Gigabits per second or 100-Gigabits per second Ethernet connections are used to deliver connection capacity for Dedicated Interconnect, with the following maximum capacities supported per Interconnect connection.
  8 x 10-Gbps connections (total 80 Gbps)
  2 x 100-Gbps connections (total 200 Gbps)
  
  For Partner Interconnect, the following connection capacity for each VLAN attachment are supported:
  VLAN attachments from 50 Megabits per second to 50 Gigabits per second. The maximum attachment size that may be supported is 50 Gbps, but not all sizes may be available depending on what your chosen partner in the selected region offers.
   
• At any of the sites listed under all colocation facilities, 100-Gbps connections can be requested.
   
• You may optimize egress traffic off your VPC network and lower your egress costs by using Dedicated Interconnect, Direct Peering, Partner Interconnect, and Carrier Peering. Egress costs are not decreased by cloud VPN on its own.
   
• In order for on-premises hosts to access Google APIs and services, you can use Cloud Interconnect with Private Google Access so that internal IP addresses rather than external IP addresses are used.

Things to consider

After the advantages of Cloud Interconnect, let us see some of the things that we should consider before using Cloud Interconnect:

Use of Cloud VPN

If you don't need the Cloud Interconnect's low latency and high availability, think about using Cloud VPN to create IPsec VPN tunnels across your networks. IPsec VPN tunnels use industry-standard IPsec protocols to encrypt data as it travels via the public web.

The fees and overhead of a direct, private connection are not necessary with a cloud VPN tunnel. Your on-premises network needs only one VPN device to support cloud VPN.

IP addressing and Dynamic Routes

By establishing a connection between your on-premises network and your VPC network, you enable communication between part or all of the subnets in your VPC network and the IP address space of your on-premises network. Depending on your VPC network's dynamic routing method, you can choose from a variety of VPC subnets. Internal IP addresses always make up subnet IP ranges in VPC networks.

Traffic cannot be correctly routed if the IP address space of your on-premises network and your VPC network overlap. Eliminate any duplicate addresses from both networks.

Routes to your on-premises network are shared between the cloud routers in your VPC network and your on-premises routers. With each route having the right VLAN attachment as its next hop, this step produces unique dynamic routes in your VPC network.

As per the dynamic routing mode of your VPC network, Cloud Routers in your VPC network actually share VPC network subnet IP address ranges with your on-premises routers unless custom advertising changes this.

To route the traffic from your on-premises network to certain internal IP addresses via an Interconnect connection, you must first establish a custom route advertisement on your Cloud Router for the following setups:

• Configuring Private Google Access for on-premises hosts
   
• Creating a Cloud DNS forwarding zone
   
• Alternative name server network requirements
   

Cloud Interconnect as a data transfer network

By connecting on-premises networks using VLAN attachments and using Network Connectivity Center as a data transfer network, you can pass traffic between them. By securing VLAN attachments to a Network Connectivity Center spoke for each on-premises site, you can connect the networks. Each spoke is then connected with a Network Connectivity Center hub.

Restrict Cloud Interconnect usage

Any VPC network can utilize Cloud Interconnect by default. You can establish an organizational policy to regulate which VPC networks are permitted to use Cloud Interconnect.

Cloud Interconnect MTU

The maximum transmission unit (MTU) for VLAN attachments is either 1440 or 1500 bytes.

Set the same MTU value for all VLAN attachments connecting to the same VPC network in order to prevent packet loss.

If the attachment has an MTU value of 1440 bytes and the communicating virtual machine (VM) instances have an MTU of 1500 bytes, then MSS clamping reduces the MTU of TCP connections to 1440 bytes, and TCP communication continues.

UDP packets are unaffected by MSS clamping. Therefore, UDP datagrams with more than 1412 bytes of data (1412 bytes UDP data + 8 bytes UDP header + 20 bytes IPv4 header = 1440) are rejected if the attachment has an MTU value of 1440 bytes and the MTU value of the VPC network is 1500 bytes. You have some options in this situation, including:

• Create VLAN attachments with MTUs that have a value of 1500 as well if your VPC network's MTU is 1500.
   
• Reduce the MTU of the linked VPC network to 1460 if the VLAN attachments in that network have MTUs set to 1440.
   

Support for GRE traffic

GRE traffic is supported by Cloud Interconnect. You can terminate GRE traffic on a VM from the internet (external IP address) and Cloud VPN or Cloud Interconnect thanks to the support for GRE (internal IP address). The traffic can then be sent to an accessible location after being decapsulated. You can utilize SD-WAN and Secure Access Service Edge (SASE) thanks to GRE. To permit GRE traffic, you must set up a firewall rule.

Visualization and Monitoring of interconnections and VLAN attachments

A visualization tool called Network Topology displays the topology of your VPC networks, hybrid connections to and from your on-premises networks, as well as the related metrics. 

In the Network Topology view, you can see your Interconnect connections and VLAN attachments as entities.

A base entity, which represents a resource that may directly communicate with other resources across a network, is the lowest level of a specific hierarchy. By combining base things, Network Topology creates hierarchical entities that you can extend or collapse. A Network Topology graph collects all the base entities into their top-level hierarchy when you first view it.

By collapsing or expanding the icons that represent Interconnect connections, you may observe the hierarchy in Network Topology, for instance, which combines VLAN attachments into their Interconnect connection.

Frequently Asked Questions

Can I utilize Cloud Interconnect as a private route to use a browser to access every Google Workspace service?

Google Workspace applications cannot be accessed via Cloud Interconnect.

Can I check the connection in the project where I build the VLAN attachment if I use Partner Interconnect?

The object for the Interconnect connection is created in the service provider project and is not visible in your project when you utilize the Partner Interconnect service. As in the Cloud Interconnect scenario, the VLAN attachment (interconnectAttachment) is still viewable inside your project.

Can I change the name of or migrate Dedicated Interconnect connections to a different project?

No. You cannot change the name of a Dedicated Interconnect connection once it has been named or relocate it to another Google Cloud project. The link must be deleted and then recreated under a new name or in a different project.

Can I connect to the public internet using Cloud Interconnect?

Over Cloud Interconnect, no advertised Internet routes exist.

Can I attach more than one VLAN to a Cloud Router?

Yes, this configuration is supported.

Conclusion

In this article, we have studied about Cloud Interconnect in detail. We have also discussed the ways to expand the on-premises network using Cloud Interconnect. We have also discussed the advantages and the things that we should keep in consideration while using cloud interconnect.

We hope that this article has provided you with the help to enhance your knowledge regarding Cloud Interconnect and if you would like to learn more, check out our articles on cloud domains and cloud hypervisor. 

Refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enrol in our courses and refer to the mock test and problems available, Take a look at the interview experiences and interview bundle for placement preparations.

Do upvote our blog to help other ninjas grow.

Merry Learning!