GCP Cloud Interconnect and VPC peering

0
votes

may some of you had already a similar setup and know the answer. We would like to setup for a customer GCP with Partner Interconnect. The idea is to implement it the same way like for Microsoft Azure:

Customer Datacenter (10.1.1.0/24) -> Partner Interconnect -> VPC A (10.81.80.0/24) -> Peering -> VPC B (10.81.82.0/24)

We currently experience, that a server in the customer DC can access a server in VPC A. The server in VPC A can access a server in VPC B. But it is not possible to connect from the customer DC directly a VM in VPC B. The routing seems from perspective ok and also the firewalls.

The Cloud Interconnect Partner is currently advertising 0.0.0.0/0 to Google. The VPC peering is importing and exporting the dynamic routes which each other.

Any ideas?

2
google-cloud-platformgoogle-cloud-networking
Edit your question with real details. You probably have a routing problem. Did you set up advertisements of the custom IP ranges for VPC B cloud.google.com/router/docs/how-to/advertising-custom-ip If you are using static routing, did you configure static routes for both VPCs in the on-premises router?John Hanley
Cloud Interconnect does not use VPC peering configuration information - no transitive routing. Please reread my first comment and provide the details that I asked.John Hanley
Regarding your questions: 1) Did you set up advertisements of the custom IP ranges for VPC B cloud.google.com/router/docs/how-to/advertising-custom-ip If you are using static routing Yes! 2) did you configure static routes for both VPCs in the on-premises router? Yes! But if you say transitive routing is not allowed, I would think that this setup can not work at all or?Fabian
Edit your question with the actual configuration details. Include your on-prem router route table, your advertised routes, the type of routing, etc. Show me in your question the routes to get for your DC to VPC A to VPC B and back to the DC. This is where your problem is.John Hanley

2 Answers

0
votes

There is some configuration missing in your question, does your on premises network contains the routes with the next hop as stated in the documentation https://cloud.google.com/vpc/docs/vpc-peering#network_as_a_transit_network :

Hosts in the on-premises network can send and receive traffic to and from hosts in each of the VPC networks. The on-premises network must contain routes that have a next hop to the VPN gateway if traffic is destined to a VPC network.

From what you wrote that may be what you are missing.

0
votes

thanks for all your help. I found the solution on my own:

The VPC B is not known by the cloud router. The peering does not seem to advertise the subnet to the cloud router. After adding it manually to the cloud router. The connection works as expected.