Aviatrix Transit Network in GCP is a powerful use-case for customers looking to design consistent transit architecture in GCP and in other clouds. This is neede to build a unified and consistent network forming the cloud core essentially.
This design also allows business to have full visibility into the traffic beyond what Cloud primitive options can provide.
GCP Transit Network Topology
We will be using a simple hub and spoke transit topology as depicted below. This topology can be extended to hundreds of VPCs and across multiple clouds without any compromises.
Create GCP VPCs Directly from Aviatrix Controller UI
This is very powerful deploy directly from the Aviatrix Controller UI. There is no need to learn different Cloud constructs as Aviatrix can speak all the “Cloud” languages.
Following example shows the output when all necessary VPCs were created to build the transit topology we showcased earlier.
Create GCP Transit Gateway from AVX-Ctrl UI
NOTE: AVX-Ctrl –> Aviatrix Controller
Create GCP Spoke Aviatrix Gateway-1
Create GCP Spoke Aviatrix Gateway-2
Following is the output when AVX-GW is created
GCP Transit (Hub) and Spoke GWs Deployed
At this point you have your HUB and Spoke GW deployed
Attach GCP Hub to Spoke-VPC1 and VPC2
AVX-Ctrl creates the IPSec Tunnels / Firewall rules etc. to attach Spoke-VPC to Transit-VPC as shown below
Aviatrix Encrypted Peering Section
Encrypted Peering section will also show the following outcome
GCP Transit Networking Is Deployed Now
Testing GCP Transit
We deployed two test VMs in Spoke VPCs as follows
Test VM Properties
Enable GCP “OS Login” Feature to Login to VMs
To configure OS Login and connect to your instances, use the following process:
- Enable the OS Login feature on your project or on individual instances.
- Grant the necessary IAM roles to yourself, your project members, or your organization members.
- Optionally, complete any of the following steps:
- Set up two-factor authentication.
- Add custom SSH keys to user accounts for yourself, your project member, or organization members. Alternatively, Compute Engine can automatically generate these keys for you when you connect to instances.
- Modify user accounts using the Directory API.
- Grant instance access to users outside of your organization.
- Connect to instances.
- Review the expected login behaviors.
Install important Tools on both GCP VMs
# sudo apt-get -y install traceroute mtr tcpdump iperf whois host dnsutils siege
Enable Aviatrix Connected Transit Feature
This feature allows VPCs to talk to each other. By default VPCs can only talk to Transit VPC. This is meant for SaaS based apps or for Service Providers for VPC isolation.
At this point it is all good and working.