Fix for partner interconnect, the router interface and the BGP peers are automatically created
This commit is contained in:
parent
f225b60b0e
commit
0019328bb4
|
@ -81,7 +81,7 @@ module "example-va" {
|
||||||
name = google_compute_router.interconnect-router.name
|
name = google_compute_router.interconnect-router.name
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=3
|
# tftest modules=1 resources=2
|
||||||
```
|
```
|
||||||
|
|
||||||
### Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
|
### Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
|
||||||
|
@ -201,7 +201,7 @@ module "example-va-b" {
|
||||||
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=2 resources=5
|
# tftest modules=2 resources=3
|
||||||
```
|
```
|
||||||
|
|
||||||
### Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
|
### Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
|
||||||
|
@ -431,10 +431,10 @@ module "example-va-b-ew12" {
|
||||||
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=4 resources=10
|
# tftest modules=4 resources=6
|
||||||
```
|
```
|
||||||
|
|
||||||
### IPSec over Interconnect enabled setup
|
### IPSec for Dedicated Interconnect
|
||||||
|
|
||||||
Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
|
Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
|
||||||
|
|
||||||
|
@ -494,6 +494,47 @@ module "example-va-b" {
|
||||||
}
|
}
|
||||||
# tftest modules=2 resources=9
|
# tftest modules=2 resources=9
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### IPSec for Partner Interconnect
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "example-va-a" {
|
||||||
|
source = "./fabric/modules/net-vlan-attachment"
|
||||||
|
project_id = "myproject"
|
||||||
|
network = "mynet"
|
||||||
|
region = "europe-west8"
|
||||||
|
name = "encrypted-vlan-attachment-a"
|
||||||
|
description = "example-va-a vlan attachment"
|
||||||
|
peer_asn = "65001"
|
||||||
|
router_config = {
|
||||||
|
create = true
|
||||||
|
}
|
||||||
|
partner_interconnect_config = {
|
||||||
|
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
|
||||||
|
}
|
||||||
|
vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
|
||||||
|
}
|
||||||
|
|
||||||
|
module "example-va-b" {
|
||||||
|
source = "./fabric/modules/net-vlan-attachment"
|
||||||
|
project_id = "myproject"
|
||||||
|
network = "mynet"
|
||||||
|
region = "europe-west8"
|
||||||
|
name = "encrypted-vlan-attachment-b"
|
||||||
|
description = "example-va-b vlan attachment"
|
||||||
|
peer_asn = "65001"
|
||||||
|
router_config = {
|
||||||
|
create = true
|
||||||
|
}
|
||||||
|
partner_interconnect_config = {
|
||||||
|
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
||||||
|
}
|
||||||
|
vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
|
||||||
|
}
|
||||||
|
# tftest modules=2 resources=6
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
<!-- BEGIN TFDOC -->
|
<!-- BEGIN TFDOC -->
|
||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
|
@ -62,6 +62,14 @@ resource "google_compute_router" "encrypted" {
|
||||||
encrypted_interconnect_router = true
|
encrypted_interconnect_router = true
|
||||||
bgp {
|
bgp {
|
||||||
asn = var.router_config.asn
|
asn = var.router_config.asn
|
||||||
|
advertise_mode = var.dedicated_interconnect_config == null ? "DEFAULT" : "CUSTOM"
|
||||||
|
dynamic "advertised_ip_ranges" {
|
||||||
|
for_each = var.dedicated_interconnect_config == null ? var.ipsec_gateway_ip_ranges : {}
|
||||||
|
content {
|
||||||
|
description = advertised_ip_ranges.key
|
||||||
|
range = advertised_ip_ranges.value
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -106,13 +114,14 @@ resource "google_compute_router_interface" "default" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_router_peer" "default" {
|
resource "google_compute_router_peer" "default" {
|
||||||
|
count = var.dedicated_interconnect_config != null ? 1 : 0
|
||||||
name = "${var.name}-peer"
|
name = "${var.name}-peer"
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
router = local.router
|
router = local.router
|
||||||
region = var.region
|
region = var.region
|
||||||
peer_ip_address = split("/", google_compute_interconnect_attachment.default.customer_router_ip_address)[0]
|
peer_ip_address = split("/", google_compute_interconnect_attachment.default.customer_router_ip_address)[0]
|
||||||
peer_asn = var.peer_asn
|
peer_asn = var.peer_asn
|
||||||
interface = "${var.name}-intf"
|
interface = google_compute_router_interface.default[0].name
|
||||||
advertised_route_priority = 100
|
advertised_route_priority = 100
|
||||||
advertise_mode = "CUSTOM"
|
advertise_mode = "CUSTOM"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue