Google Cloud Computing Foundation Course

Priyanka Vergardia
Google Cloud

Lecture-58
Building Hybrid Clouds

(Refer Slide Time: 00:05)

In the next topic, you will learn how to build a hybrid Cloud using GCP. Cloud VPN securely
connects the on-premise network to GCP, VPC Network through an IPSEC, VPN Tunnel.
Traffic traveling between the two networks is encrypted by one VPN gateway then decrypted by
the other VPN gateway. This protects data as it travels over the public internet, and that is why
Cloud VPN is useful for low-volume data connections.

As a managed service, Cloud VPN provides an SLA of 99.9% service availability and support
site-to-site VPN. Cloud VPN only supports site-to-site IPSEC VPN connectivity. It doesn’t
support the client to gateway scenarios. In other words, Cloud VPN doesn’t support use cases
where client computer need to dial into a VPN using client VPN software. Cloud VPN supports
both static routes and dynamic routes to manage traffic between VM instances an existing
infrastructure.
Dynamic routes are configured with the Cloud Router, which you cover briefly. Both IKE
version 1 and version 2 ciphers are also supported. Cloud interconnect provides two options for
extending an on-premise network to a Google Cloud Platform VPC Network.

(Refer Slide Time: 01:27)

Cloud interconnects are dedicated, referred to as dedicated interconnect, and cloud interconnect
partner, also referred to as partner interconnect. Choosing interconnect types will depend on
connection requirements such as the connection location and capacity.
(Refer Slide Time: 01:46)
Dedicated interconnect provides direct physical connectivity between an organization's on-
premise network and the Google Cloud Network Edge, allowing them to transfer a large amount
of data between networks, which can be more cost-effective than purchasing additional
bandwidth over the public internet. If ten gigabytes per second or hundred gigabytes per second
connections aren’t required. Partner interconnect provides a variety of capacity options. Also, if
an organization cannot physically meet Google's Network requirements in a colocation facility,
they can use partner interconnect to connect to a variety of service providers to reach their VPC
networks.

Partner interconnect provides a service provider enables connectivity between an on-premise

network and Google Cloud Network Edge, allowing an organization to extend its private
network into its Cloud Network. The service provider can provide solutions that minimize router
requirements on the organization premises only to supporting an Ethernet interface to the cloud.
Let’s compare the interconnect options to consider all of these options to provide internal IP
address access between resources in an on-premise network and VPC Network.

(Refer Slide Time: 03:10)

The main differences are the connection capacity and the requirements for using a service. The
IPsec VPN tunnels that cloud VPN offers have a capacity of one and half to three gigabytes per
second for tunnel and require a VPN device on the on-premise network. The one and half
gigabyte per second capacity applies to the traffic that traverses the public internet. The three
gigabytes per second capacity applies to the traffic that is traversing a direct peering link.

Configuring multiple tunnels allows you to scale this capacity. Dedicated interconnect has a
capacity of ten gigabytes per second per link and requires you to have a connection in the Google
support at a colocation facility. You can have up to eight links to achieve multiples of ten
gigabytes per second, but ten gigabytes per second is the minimum capacity. Partner interconnect
has a capacity of fifty megabytes per second to ten gigabytes per second per connection.

And requirements depend on the service provider. The recommendation is to start with VPN
tunnels, and depending on the proximity to a colocation facility and capacity requirements to
switch to a dedicated interconnect, or partner interconnect when there is a need for enterprise-
grade connections to GCP.

(Refer Slide Time: 04:31)

Google allows an organization to establish a direct peering connection between their business
networks and ours. With this connection, they will be able to exchange internet traffic between
their network and ours at one of the Google's broad-reaching edge network locations. Direct
peering with Google is done by exchanging Border Gateway Protocol routes between Google
and the peering entity. And after a direct peering connection is in place, they can use it to reach
all of our services, including the full suite of GCP products.

Unlike dedicated interconnect, direct peering does not have an SLA. In order to use direct
peering, they need to satisfy the peering requirements. If an organization requires access to
Google public infrastructure and cannot satisfy or peering requirements, they can connect
through a carrier peering service provider.

(Refer Slide Time: 05:25)

Carrier peering enables them to access Google applications such as G Suite by using a service
provider to obtain enterprise-grade Network Services that connect their infrastructure to Google.
When connecting to Google through a service provider, they can get connections with higher
availability and lower latency using one or more links. As direct peering, Google doesn’t offer an
SLA with carrier peering, but the network service provider might.
(Refer Slide Time: 05:56)

Let’s compare the peering options that you just considered. Both of these options provide public
IP address access to all of our services. The main differences are capacity and the requirements
for using a service. Direct peering has a capacity of ten gigabytes per second per link and
requires you to have a connection in a GCP edge point of presence. Carrier peering capacity and
requirements vary depending on the service provider that you work with.