Cloud Interconnect overview (original) (raw)

Cloud Interconnect provides low-latency, high-availability connections that enable you to reliably transfer data between your networks.

Cloud Interconnect offers the following options for extending your network:

For a comparison to help you choose between Dedicated Interconnect and Partner Interconnect, see the Cloud Interconnect section inChoosing a Network Connectivity product.

For definitions of terms used on this page, seeCloud Interconnect key terms.

Benefits

Using Cloud Interconnect provides the following benefits:

• Traffic between your networks doesn't traverse the public internet. Traffic traverses a dedicated connection or goes through a service provider with a dedicated connection. By bypassing the public internet, your traffic takes fewer hops, so there are fewer points of failure where your traffic might get dropped or disrupted.
• You can scale your connection capacity to meet your particular requirements.
  For Dedicated Interconnect, connection capacity is delivered over one or more 10-Gbps or 100-Gbps Ethernet connections, with the following maximum capacities supported per Cloud Interconnect connection:
  • 8 x 10-Gbps connections (80 Gbps total)
  • 2 x 100-Gbps connections (200 Gbps total)
    For Partner Interconnect, the following connection capacities for each VLAN attachment are supported:
  • 50-Mbps to 50-Gbps VLAN attachments. The maximum supported attachment size is 50 Gbps, but not all sizes might be available, depending on what's offered by your chosen partner in the selected location.
    Other Cloud Interconnect types have different connection capacity options. For more information, see the documentation for your Cloud Interconnect type.
• You can request 100-Gbps connections at any of the locations listed inAll colocation facilities.
  For more information about the locations available for a specific Cloud Interconnect type, see its corresponding documentation.
• The following benefits apply to Cloud Interconnect types that provide connectivity between your VPC networks and other networks:
  • Your VPC network's internal IP addresses are directly accessible from your on-premises network. You don't need to use a NAT device or VPN tunnel to reach internal IP addresses. For details, see IP addressing, IPv6 and dynamic routes.
  • Dedicated Interconnect, Partner Interconnect,Direct Peering, andCarrier Peeringcan all help you optimize egress traffic from your VPC network and reduce your egress costs. Cloud VPN by itself does not reduce egress costs.
  • You can use Cloud Interconnect with_Private Google Access for on-premises hosts_ so that on-premises hosts can use internal IP addresses rather than external IP addresses to reach Google APIs and services. For more information, see Private access options for servicesin the VPC documentation.
  • You can apply IPsec encryption to your Cloud Interconnect traffic by deploying HA VPN over Cloud Interconnect.

Considerations

Use Cloud VPN by itself

If you don't require an entire Cloud Interconnect connection, you can useCloud VPN on its own to set up IPsec VPN tunnels between your VPC networks and other networks. IPsec VPN tunnels encrypt data by using industry-standard IPsec protocols. The encrypted traffic traverses the public internet.

Cloud VPN requires that you configure a peer VPN gateway in your on-premises network.

IP addressing, IPv6 and dynamic routes

When you connect your VPC network to your on-premises network, you allow communication between the IP address space of your on-premises network and some or all of the subnets in your VPC network. Which VPC subnets are available depends on the dynamic routing mode of your VPC network. Subnet IP ranges in VPC networks are always internal IP addresses.

You can enable IPv6 traffic exchange between your IPv6-enabled VPC network and your on-premises network. For more information, see IPv6 support for Dedicated Interconnectand IPv6 support for Partner Interconnect.

The IP address space on your on-premises network and on your VPC network must not overlap, or traffic is not routed properly. Remove any overlapping addresses from either network.

Your on-premises router shares the routes of your on-premises network with the Cloud Router in your VPC network. This action createscustom dynamic routes in your VPC network, each with a next hop set to the appropriate VLAN attachment.

Unless modified by custom advertisements, Cloud Routers in your VPC network share VPC network subnet IP address ranges with your on-premises routers according to the dynamic routing mode of your VPC network.

The following configurations require that you create custom advertised routes on your Cloud Router to direct traffic from your on-premises network to certain internal IP addresses by using a Cloud Interconnect connection:

• Configure Private Google Access for on-premises hosts
• Create a Cloud DNS forwarding zone
• Alternative name server network requirements

Cloud Interconnect as a data transfer network

Before you use Cloud Interconnect, carefully reviewSection 2 of the General Service Terms for Google Cloud.

Google Cloud provides several options for connecting your on-premises networks to each other, including Cross-Site Interconnect, Network Connectivity Center, and Router appliance. For more information, seeConnecting your sites by using Google Cloud.

Encrypt Cloud Interconnect traffic

Cloud Interconnect doesn't encrypt traffic by default. You can use MACsec for Cloud Interconnect to help secure traffic between your on-premises router and Google's edge routers on supported Cloud Interconnect circuits. For more information, see MACsec for Cloud Interconnect overview.

You can also deploy HA VPN over Cloud Interconnect if you need to encrypt the traffic carried by your VLAN attachments. HA VPN over Cloud Interconnect is supported for both Dedicated Interconnect and Partner Interconnect. You might be required to encrypt your Cloud Interconnect traffic to address certain regulatory or security requirements. For more information, see HA VPN over Cloud Interconnect overview.

Restrict Cloud Interconnect usage

By default, any VPC network can use Cloud Interconnect. To control which VPC networks can use Cloud Interconnect, you can set an organization policy. For more information, seeRestrict Cloud Interconnect usage.

Cloud Interconnect MTU

See the MTU information for your use case:

• If you are connecting your VPC networks to other networks, Cloud Interconnect VLAN attachments support the following four MTU sizes:
  • 1,440 bytes
  • 1,460 bytes
  • 1,500 bytes
  • 8,896 bytes
    For information about MTU best practices for VLAN attachments, see Use the same MTU for all VLAN attachments.
• If you are connecting your on-premises networks to each other, cross-site networks support an MTU size of 9,000 bytes.

Support for GRE traffic

Cloud Interconnect supportsGREtraffic. Support for GRE allows you to terminate GRE traffic on a VM from the internet (external IP address) and Cloud VPN or Cloud Interconnect (internal IP address). The decapsulated traffic can then be forwarded to a reachable destination. GRE enables you to use services such as Secure Access Service Edge (SASE) andSD-WAN. You must create a firewall rule to allow GRE traffic.

Differentiate network traffic

Dedicated Interconnect and Cross-Cloud Interconnect support network traffic differentiation through application awareness on Cloud Interconnect inPreview. Application awareness lets you map your outbound traffic to different traffic classes and set either a bandwidth percentage policy or a strict priority policy, which can help ensure that business critical network traffic is prioritized over lower priority network traffic.

For more information, see "Configure traffic differentiation" forDedicated InterconnectandCross-Cloud Interconnect.

Contact your account team to enable application awareness on your Cloud Interconnect.

Visualize and monitor Cloud Interconnect connections and VLAN attachments

Network Topology is a visualization tool that shows the topology of your VPC networks, hybrid connectivity to and from your on-premises networks, and the associated metrics. You can view your Cloud Interconnect connections and VLAN attachments as entities in the Network Topology view.

A base entity is the lowest level of a particular hierarchy and represents a resource that can directly communicate with other resources over a network. Network Topology aggregates base entities into hierarchical entities that you can expand or collapse. When you first view a Network Topology graph, it aggregates all the base entities into their top-level hierarchy.

For example, Network Topology aggregates VLAN attachments into their Cloud Interconnect connection, and you can view the hierarchy by expanding or collapsing the icons that represent Cloud Interconnect connections.

For more information, see theNetwork Topology overview.

Frequently asked questions

For answers to common questions about Cloud Interconnect architecture and features, see the Cloud Interconnect FAQ.

What's next?

• To choose a connection type for Cloud Interconnect, seeChoosing a Network Connectivity product.
• To learn about best practices when planning for and configuring Cloud Interconnect, seeBest practices.
• To learn about how to deploy Cloud Interconnect as part of Cross-Cloud Network that uses Network Connectivity Center, seeCross-Cloud Network inter-VPC connectivity using Network Connectivity Center.
• To learn about how to deploy Cloud Interconnect as part of Cross-Cloud Network that uses VPC Network Peering, seeCross-Cloud Network inter-VPC connectivity using VPC Network Peering.