2023-06-05 08:02:38 -07:00
# VLAN Attachment module
This module allows for the provisioning of VLAN Attachments for [Dedicated Interconnect ](https://cloud.google.com/network-connectivity/docs/interconnect/how-to/dedicated/creating-vlan-attachments ) or [Partner Interconnect ](https://cloud.google.com/network-connectivity/docs/interconnect/how-to/partner/creating-vlan-attachments ).
## Examples
### Dedicated Interconnect - Single VLAN Attachment (No SLA)
```hcl
resource "google_compute_router" "interconnect-router" {
name = "interconnect-router"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
advertise_mode = "CUSTOM"
asn = 64514
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment"
description = "Example vlan attachment"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.0/30"
interconnect = "interconnect-a"
vlan_tag = 12345
}
}
# tftest modules=1 resources=4
```
### Partner Interconnect - Single VLAN Attachment (No SLA)
```hcl
resource "google_compute_router" "interconnect-router" {
name = "interconnect-router"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
advertise_mode = "CUSTOM"
asn = 16550
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment"
description = "Example vlan attachment"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
}
# tftest modules=1 resources=3
```
### Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
```hcl
resource "google_compute_router" "interconnect-router" {
name = "interconnect-router"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
asn = 64514
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va-a" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-a"
description = "interconnect-a vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.0/30"
interconnect = "interconnect-a"
vlan_tag = 1001
}
}
module "example-va-b" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-b"
description = "interconnect-b vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.4/30"
interconnect = "interconnect-b"
vlan_tag = 1002
}
}
# tftest modules=2 resources=7
```
### Partner Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
```hcl
resource "google_compute_router" "interconnect-router" {
name = "interconnect-router"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
asn = 16550
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va-a" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-a"
description = "interconnect-a vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
}
}
module "example-va-b" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-b"
description = "interconnect-b vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
# tftest modules=2 resources=5
```
### Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
```hcl
resource "google_compute_router" "interconnect-router-ew8" {
name = "interconnect-router-ew8"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
asn = 64514
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
resource "google_compute_router" "interconnect-router-ew12" {
name = "interconnect-router-ew12"
network = "mynet"
project = "myproject"
region = "europe-west12"
bgp {
asn = 64514
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va-a-ew8" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-a-ew8"
description = "interconnect-a-ew8 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew8.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.0/30"
interconnect = "interconnect-a-ew8"
vlan_tag = 1001
}
}
module "example-va-b-ew8" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-b-ew8"
description = "interconnect-b-ew8 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew8.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.4/30"
interconnect = "interconnect-b-ew8"
vlan_tag = 1002
}
}
module "example-va-a-ew12" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west12"
name = "vlan-attachment-a-ew12"
description = "interconnect-a-ew12 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew12.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.1.0/30"
interconnect = "interconnect-a-ew12"
vlan_tag = 1003
}
}
module "example-va-b-ew12" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west12"
name = "vlan-attachment-b-ew12"
description = "interconnect-b-ew12 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew12.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.1.4/30"
interconnect = "interconnect-b-ew12"
vlan_tag = 1004
}
}
# tftest modules=4 resources=14
```
### Partner Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
```hcl
resource "google_compute_router" "interconnect-router-ew8" {
name = "interconnect-router-ew8"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
asn = 16550
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
resource "google_compute_router" "interconnect-router-ew12" {
name = "interconnect-router-ew12"
network = "mynet"
project = "myproject"
region = "europe-west12"
bgp {
asn = 64514
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va-a-ew8" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-a-ew8"
description = "interconnect-a-ew8 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew8.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
}
}
module "example-va-b-ew8" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-b-ew8"
description = "interconnect-b-ew8 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew8.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
module "example-va-a-ew12" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west12"
name = "vlan-attachment-a-ew12"
description = "interconnect-a-ew12 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew12.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
}
}
module "example-va-b-ew12" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west12"
name = "vlan-attachment-b-ew12"
description = "interconnect-b-ew12 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew12.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
# tftest modules=4 resources=10
```
### IPSec over Interconnect enabled setup
Refer to the [HA VPN over Interconnect Blueprint ](../../blueprints/networking/ha-vpn-over-interconnect/ ) for an all-encompassing example.
```hcl
resource "google_compute_router" "encrypted-interconnect-underlay-router-ew8" {
name = "encrypted-interconnect-underlay-router-ew8"
project = "myproject"
network = "mynet"
region = "europe-west8"
encrypted_interconnect_router = true
bgp {
advertise_mode = "DEFAULT"
asn = 64514
}
}
module "example-va-a" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-a"
description = "example-va-a vlan attachment"
peer_asn = "65001"
router_config = {
create = false
name = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.0/30"
interconnect = "interconnect-a"
vlan_tag = 1001
}
vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
}
module "example-va-b" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-b"
description = "example-va-b vlan attachment"
peer_asn = "65001"
router_config = {
create = false
name = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.4/30"
interconnect = "interconnect-b"
vlan_tag = 1002
}
vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
}
# tftest modules=2 resources=9
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [description ](variables.tf#L35 ) | VLAN attachment description. | < code > string</ code > | ✓ | |
| [name ](variables.tf#L52 ) | The common resources name, used after resource type prefix and suffix. | < code > string</ code > | ✓ | |
| [network ](variables.tf#L57 ) | The VPC name to which resources are associated to. | < code > string</ code > | ✓ | |
2023-06-23 03:08:15 -07:00
| [peer_asn ](variables.tf#L74 ) | The on-premises underlay router ASN. | < code > string</ code > | ✓ | |
| [project_id ](variables.tf#L79 ) | The project id where resources are created. | < code > string</ code > | ✓ | |
| [region ](variables.tf#L84 ) | The region where resources are created. | < code > string</ code > | ✓ | |
| [router_config ](variables.tf#L89 ) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | < code title = "object({ create = optional(bool, true) asn = optional(number, 65001) name = optional(string, "router") keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) bfd = optional(object({ session_initialization_mode = optional(string, "ACTIVE") min_receive_interval = optional(number) min_transmit_interval = optional(number) multiplier = optional(number) })) })" > object({…}) </ code > | ✓ | |
2023-06-05 08:02:38 -07:00
| [admin_enabled ](variables.tf#L17 ) | Whether the VLAN attachment is enabled. | < code > bool</ code > | | < code > true</ code > |
| [dedicated_interconnect_config ](variables.tf#L23 ) | Partner interconnect configuration. | < code title = "object({ bandwidth = optional(string, "BPS_10G") bgp_range = optional(string, "169.254.128.0/29") interconnect = string vlan_tag = string })" > object({…}) </ code > | | < code > null</ code > |
| [ipsec_gateway_ip_ranges ](variables.tf#L40 ) | IPSec Gateway IP Ranges. | < code > map( string) </ code > | | < code > {} </ code > |
| [mtu ](variables.tf#L46 ) | The MTU associated to the VLAN attachment (1440 / 1500). | < code > number</ code > | | < code > 1500</ code > |
2023-06-23 03:08:15 -07:00
| [partner_interconnect_config ](variables.tf#L62 ) | Partner interconnect configuration. | < code title = "object({ edge_availability_domain = string })" > object({…}) </ code > | | < code > null</ code > |
| [vlan_tag ](variables.tf#L110 ) | The VLAN id to be used for this VLAN attachment. | < code > number</ code > | | < code > null</ code > |
| [vpn_gateways_ip_range ](variables.tf#L116 ) | The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. | < code > string</ code > | | < code > null</ code > |
2023-06-05 08:02:38 -07:00
2023-07-28 01:35:48 -07:00
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [attachment ](outputs.tf#L17 ) | VLAN Attachment resource. | |
| [id ](outputs.tf#L22 ) | Fully qualified VLAN attachment id. | |
| [name ](outputs.tf#L27 ) | The name of the VLAN attachment created. | |
| [pairing_key ](outputs.tf#L32 ) | Opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner. | |
| [router ](outputs.tf#L37 ) | Router resource (only if auto-created). | |
| [router_interface ](outputs.tf#L42 ) | Router interface created for the VLAN attachment. | |
| [router_name ](outputs.tf#L47 ) | Router name. | |
2023-06-05 08:02:38 -07:00
<!-- END TFDOC -->