diff --git a/README.md b/README.md
index 1737fbd4..9573257f 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ The current list of modules supports most of the core foundational and networkin
Currently available modules:
- **foundational** - [billing budget](./modules/billing-budget), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source)
-- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [Dedicated VLAN Attachment](./modules/net-dedicated-vlan-attachment/), [Global Load Balancer (classic)](./modules/net-glb/), [L4 ILB](./modules/net-ilb), [L7 ILB](./modules/net-ilb-l7), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [Network LB](./modules/net-nlb), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC firewall policy](./modules/net-vpc-firewall-policy), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory)
+- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [Global Load Balancer (classic)](./modules/net-glb/), [L4 ILB](./modules/net-ilb), [L7 ILB](./modules/net-ilb-l7), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [Network LB](./modules/net-nlb), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC firewall policy](./modules/net-vpc-firewall-policy), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory)
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool)
- **data** - [AlloyDB instance](./modules/alloydb-instance), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Cloud Dataplex](./modules/cloud-dataplex), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub)
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository)
diff --git a/blueprints/networking/ha-vpn-over-interconnect/underlay.tf b/blueprints/networking/ha-vpn-over-interconnect/underlay.tf
index 065d9c7c..6ad9c450 100644
--- a/blueprints/networking/ha-vpn-over-interconnect/underlay.tf
+++ b/blueprints/networking/ha-vpn-over-interconnect/underlay.tf
@@ -27,39 +27,43 @@ resource "google_compute_router" "encrypted-interconnect-underlay-router" {
}
module "va-a" {
- source = "../../../modules/net-dedicated-vlan-attachment"
- project_id = var.project_id
- network = var.network
- region = var.region
- name = "${var.underlay_config.attachments.a.base_name}-a"
- bandwidth = var.underlay_config.attachments.a.bandwidth
- bgp_range = var.underlay_config.attachments.a.bgp_range
- description = "Encrypted VLAN Attachment ${var.underlay_config.attachments.a.base_name}-a"
- interconnect = var.underlay_config.attachments.a.interconnect_self_link
- peer_asn = var.underlay_config.attachments.a.onprem_asn
+ source = "../../../modules/net-vlan-attachment"
+ project_id = var.project_id
+ network = var.network
+ region = var.region
+ name = "${var.underlay_config.attachments.a.base_name}-a"
+ description = "Encrypted VLAN Attachment ${var.underlay_config.attachments.a.base_name}-a"
+ peer_asn = var.underlay_config.attachments.a.onprem_asn
router_config = {
create = false
name = google_compute_router.encrypted-interconnect-underlay-router.name
}
- vlan_tag = var.underlay_config.attachments.a.vlan_tag
+ dedicated_interconnect_config = {
+ bandwidth = var.underlay_config.attachments.a.bandwidth
+ bgp_range = var.underlay_config.attachments.a.bgp_range
+ interconnect = var.underlay_config.attachments.a.interconnect_self_link
+ vlan_tag = var.underlay_config.attachments.a.vlan_tag
+ }
vpn_gateways_ip_range = var.underlay_config.attachments.a.vpn_gateways_ip_range
}
module "va-b" {
- source = "../../../modules/net-dedicated-vlan-attachment"
- project_id = var.project_id
- network = var.network
- region = var.region
- name = "${var.underlay_config.attachments.a.base_name}-b"
- bandwidth = var.underlay_config.attachments.b.bandwidth
- bgp_range = var.underlay_config.attachments.b.bgp_range
- description = "Encrypted VLAN Attachment ${var.underlay_config.attachments.a.base_name}-b"
- interconnect = var.underlay_config.attachments.b.interconnect_self_link
- peer_asn = var.underlay_config.attachments.b.onprem_asn
+ source = "../../../modules/net-vlan-attachment"
+ project_id = var.project_id
+ network = var.network
+ region = var.region
+ name = "${var.underlay_config.attachments.a.base_name}-b"
+ description = "Encrypted VLAN Attachment ${var.underlay_config.attachments.a.base_name}-b"
+ peer_asn = var.underlay_config.attachments.b.onprem_asn
router_config = {
create = false
name = google_compute_router.encrypted-interconnect-underlay-router.name
}
- vlan_tag = var.underlay_config.attachments.b.vlan_tag
+ dedicated_interconnect_config = {
+ bandwidth = var.underlay_config.attachments.b.bandwidth
+ bgp_range = var.underlay_config.attachments.b.bgp_range
+ interconnect = var.underlay_config.attachments.b.interconnect_self_link
+ vlan_tag = var.underlay_config.attachments.b.vlan_tag
+ }
vpn_gateways_ip_range = var.underlay_config.attachments.b.vpn_gateways_ip_range
}
diff --git a/modules/net-dedicated-vlan-attachment/README.md b/modules/net-dedicated-vlan-attachment/README.md
deleted file mode 100644
index d3df8457..00000000
--- a/modules/net-dedicated-vlan-attachment/README.md
+++ /dev/null
@@ -1,299 +0,0 @@
-# VLAN Attachment module
-
-This module allows for the provisioning of [VLAN Attachments](https://cloud.google.com/network-connectivity/docs/interconnect/how-to/dedicated/creating-vlan-attachments?hl=it) created from [Dedicated Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/dedicated-overview?hl=en) connections.
-
-## Examples
-
-### Single VLAN Attachment (No SLA)
-
-```hcl
-resource "google_compute_router" "interconnect-router" {
- name = "interconnect-router"
- network = "mynet"
- project = "myproject"
- region = "europe-west8"
- bgp {
- advertise_mode = "CUSTOM"
- asn = 64514
- advertised_groups = ["ALL_SUBNETS"]
- advertised_ip_ranges {
- range = "10.255.255.0/24"
- }
- advertised_ip_ranges {
- range = "192.168.255.0/24"
- }
- }
-}
-
-module "example-va" {
- source = "./fabric/modules/net-dedicated-vlan-attachment"
- network = "mynet"
- project_id = "myproject"
- region = "europe-west8"
- name = "vlan-attachment"
- bandwidth = "BPS_10G"
- bgp_range = "169.254.0.0/30"
- description = "Example vlan attachment"
- interconnect = "interconnect-a"
- peer_asn = "65000"
- router_config = {
- create = false
- name = google_compute_router.interconnect-router.id
- }
- vlan_tag = 12345
-}
-# tftest modules=1 resources=4
-```
-
-### Two VLAN Attachments on a single region (99.9% SLA)
-
-```hcl
-resource "google_compute_router" "interconnect-router" {
- name = "interconnect-router"
- network = "mynet"
- project = "myproject"
- region = "europe-west8"
- bgp {
- asn = 64514
- advertise_mode = "CUSTOM"
- advertised_groups = ["ALL_SUBNETS"]
- advertised_ip_ranges {
- range = "10.255.255.0/24"
- }
- advertised_ip_ranges {
- range = "192.168.255.0/24"
- }
- }
-}
-
-module "example-va-a" {
- source = "./fabric/modules/net-dedicated-vlan-attachment"
- network = "mynet"
- project_id = "myproject"
- region = "europe-west8"
- name = "vlan-attachment-a"
- bandwidth = "BPS_10G"
- bgp_range = "169.254.0.0/30"
- description = "interconnect-a vlan attachment 0"
- interconnect = "interconnect-a"
- peer_asn = "65000"
- router_config = {
- create = false
- name = google_compute_router.interconnect-router.id
- }
- vlan_tag = 1001
-}
-
-module "example-va-b" {
- source = "./fabric/modules/net-dedicated-vlan-attachment"
- network = "mynet"
- project_id = "myproject"
- region = "europe-west8"
- name = "vlan-attachment-b"
- bandwidth = "BPS_10G"
- bgp_range = "169.254.0.4/30"
- description = "interconnect-b vlan attachment 0"
- interconnect = "interconnect-b"
- peer_asn = "65000"
- router_config = {
- create = false
- name = google_compute_router.interconnect-router.id
- }
- vlan_tag = 1002
-}
-# tftest modules=2 resources=7
-```
-
-### Four VLAN Attachments on two regions (99.99% SLA)
-
-```hcl
-
-resource "google_compute_router" "interconnect-router-ew8" {
- name = "interconnect-router-ew8"
- network = "mynet"
- project = "myproject"
- region = "europe-west8"
- bgp {
- asn = 64514
- advertise_mode = "CUSTOM"
- advertised_groups = ["ALL_SUBNETS"]
- advertised_ip_ranges {
- range = "10.255.255.0/24"
- }
- advertised_ip_ranges {
- range = "192.168.255.0/24"
- }
- }
-}
-
-resource "google_compute_router" "interconnect-router-ew12" {
- name = "interconnect-router-ew12"
- network = "mynet"
- project = "myproject"
- region = "europe-west12"
- bgp {
- asn = 64514
- advertise_mode = "CUSTOM"
- advertised_groups = ["ALL_SUBNETS"]
- advertised_ip_ranges {
- range = "10.255.255.0/24"
- }
- advertised_ip_ranges {
- range = "192.168.255.0/24"
- }
- }
-}
-
-module "example-va-a-ew8" {
- source = "./fabric/modules/net-dedicated-vlan-attachment"
- network = "mynet"
- project_id = "myproject"
- region = "europe-west8"
- name = "vlan-attachment-a-ew8"
- bandwidth = "BPS_10G"
- bgp_range = "169.254.0.0/30"
- description = "interconnect-a-ew8 vlan attachment 0"
- interconnect = "interconnect-a-ew8"
- peer_asn = "65000"
- router_config = {
- create = false
- name = google_compute_router.interconnect-router-ew8.id
- }
- vlan_tag = 1001
-}
-
-module "example-va-b-ew8" {
- source = "./fabric/modules/net-dedicated-vlan-attachment"
- network = "mynet"
- project_id = "myproject"
- region = "europe-west8"
- name = "vlan-attachment-b-ew8"
- bandwidth = "BPS_10G"
- bgp_range = "169.254.0.4/30"
- description = "interconnect-b-ew8 vlan attachment 0"
- interconnect = "interconnect-b-ew8"
- peer_asn = "65000"
- router_config = {
- create = false
- name = google_compute_router.interconnect-router-ew8.id
- }
- vlan_tag = 1002
-}
-
-module "example-va-a-ew12" {
- source = "./fabric/modules/net-dedicated-vlan-attachment"
- network = "mynet"
- project_id = "myproject"
- region = "europe-west12"
- name = "vlan-attachment-a-ew12"
- bandwidth = "BPS_10G"
- bgp_range = "169.254.1.0/30"
- description = "interconnect-a-ew12 vlan attachment 0"
- interconnect = "interconnect-a-ew12"
- peer_asn = "65000"
- router_config = {
- create = false
- name = google_compute_router.interconnect-router-ew12.id
- }
- vlan_tag = 1003
-}
-
-module "example-va-b-ew12" {
- source = "./fabric/modules/net-dedicated-vlan-attachment"
- network = "mynet"
- project_id = "myproject"
- region = "europe-west12"
- name = "vlan-attachment-b-ew12"
- bandwidth = "BPS_10G"
- bgp_range = "169.254.1.4/30"
- description = "interconnect-b-ew12 vlan attachment 0"
- interconnect = "interconnect-b-ew12"
- peer_asn = "65000"
- router_config = {
- create = false
- name = google_compute_router.interconnect-router-ew12.id
- }
- vlan_tag = 1004
-}
-# tftest modules=4 resources=14
-```
-
-### IPSec over Interconnect enabled setup
-
-Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
-
-```hcl
-resource "google_compute_router" "encrypted-interconnect-underlay-router-ew8" {
- name = "encrypted-interconnect-underlay-router-ew8"
- project = "myproject"
- network = "mynet"
- region = "europe-west8"
- encrypted_interconnect_router = true
- bgp {
- advertise_mode = "DEFAULT"
- asn = 64514
- }
-}
-
-module "example-va-a" {
- source = "./fabric/modules/net-dedicated-vlan-attachment"
- project_id = "myproject"
- network = "mynet"
- region = "europe-west8"
- name = "encrypted-vlan-attachment-a"
- bandwidth = "BPS_10G"
- bgp_range = "169.254.0.0/30"
- description = "example-va-a vlan attachment"
- interconnect = "interconnect-a"
- peer_asn = "65001"
- router_config = {
- create = false
- name = google_compute_router.encrypted-interconnect-underlay-router-ew8.id
- }
- vlan_tag = 1001
- vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
-}
-
-module "example-va-b" {
- source = "./fabric/modules/net-dedicated-vlan-attachment"
- project_id = "myproject"
- network = "mynet"
- region = "europe-west8"
- name = "encrypted-vlan-attachment-b"
- bandwidth = "BPS_10G"
- bgp_range = "169.254.0.4/30"
- description = "example-va-b vlan attachment"
- interconnect = "interconnect-b"
- peer_asn = "65001"
- router_config = {
- create = false
- name = google_compute_router.encrypted-interconnect-underlay-router-ew8.id
- }
- vlan_tag = 1002
- vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
-}
-# tftest modules=2 resources=9
-```
-
-
-## Variables
-
-| name | description | type | required | default |
-|---|---|:---:|:---:|:---:|
-| [description](variables.tf#L36) | VLAN attachment description. | string | ✓ | |
-| [interconnect](variables.tf#L41) | The identifier of the interconnect the VLAN attachment binds to. | string | ✓ | |
-| [name](variables.tf#L58) | The common resources name, used after resource type prefix and suffix. | string | ✓ | |
-| [network](variables.tf#L63) | The VPC name to which resources are associated to. | string | ✓ | |
-| [peer_asn](variables.tf#L68) | The on-premises underlay router ASN. | string | ✓ | |
-| [project_id](variables.tf#L73) | The project id where resources are created. | string | ✓ | |
-| [region](variables.tf#L78) | The region where resources are created. | string | ✓ | |
-| [router_config](variables.tf#L83) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…}) | ✓ | |
-| [vlan_tag](variables.tf#L104) | The VLAN id to be used for this VLAN attachment. | number | ✓ | |
-| [admin_enabled](variables.tf#L17) | Whether the VLAN attachment is enabled. | bool | | true |
-| [bandwidth](variables.tf#L23) | The bandwidth assigned to the VLAN attachment (e.g. BPS_10G). | string | | "BPS_10G" |
-| [bgp_range](variables.tf#L30) | The underlay link-local IP range (in CIDR notation). | string | | "169.254.128.0/29" |
-| [ipsec_gateway_ip_ranges](variables.tf#L46) | IPSec Gateway IP Ranges. | map(string) | | {} |
-| [mtu](variables.tf#L52) | The MTU associated to the VLAN attachment (1440 / 1500). | number | | 1500 |
-| [vpn_gateways_ip_range](variables.tf#L109) | The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. | string | | null |
-
-
diff --git a/modules/net-ipsec-over-interconnect/README.md b/modules/net-ipsec-over-interconnect/README.md
index cfe1dfd3..507c7e54 100644
--- a/modules/net-ipsec-over-interconnect/README.md
+++ b/modules/net-ipsec-over-interconnect/README.md
@@ -2,7 +2,7 @@
This module allows for the provisioning of [HA VPN over Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/ha-vpn-interconnect?hl=it). Specifically, this module creates a VPN gateway, a configurable number of tunnels, and all the resources required to established IPSec and BGP with the peer routers.
-The required pair of encrypted VLAN Attachments can be created leveraging the [net-dedicated-vlan-attachment](../net-dedicated-vlan-attachment/) module, as shown in the [IoIC Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/).
+The required pair of encrypted VLAN Attachments can be created leveraging the [net-vlan-attachment](../net-vlan-attachment/) module, as shown in the [IoIC Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/).
## Examples
diff --git a/modules/net-vlan-attachment/README.md b/modules/net-vlan-attachment/README.md
new file mode 100644
index 00000000..f324a036
--- /dev/null
+++ b/modules/net-vlan-attachment/README.md
@@ -0,0 +1,518 @@
+# VLAN Attachment module
+
+This module allows for the provisioning of VLAN Attachments for [Dedicated Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/how-to/dedicated/creating-vlan-attachments) or [Partner Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/how-to/partner/creating-vlan-attachments).
+
+## Examples
+
+### Dedicated Interconnect - Single VLAN Attachment (No SLA)
+
+```hcl
+resource "google_compute_router" "interconnect-router" {
+ name = "interconnect-router"
+ network = "mynet"
+ project = "myproject"
+ region = "europe-west8"
+ bgp {
+ advertise_mode = "CUSTOM"
+ asn = 64514
+ advertised_groups = ["ALL_SUBNETS"]
+ advertised_ip_ranges {
+ range = "10.255.255.0/24"
+ }
+ advertised_ip_ranges {
+ range = "192.168.255.0/24"
+ }
+ }
+}
+
+module "example-va" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment"
+ description = "Example vlan attachment"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router.name
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.0.0/30"
+ interconnect = "interconnect-a"
+ vlan_tag = 12345
+ }
+}
+# tftest modules=1 resources=4
+```
+
+### Partner Interconnect - Single VLAN Attachment (No SLA)
+
+```hcl
+resource "google_compute_router" "interconnect-router" {
+ name = "interconnect-router"
+ network = "mynet"
+ project = "myproject"
+ region = "europe-west8"
+ bgp {
+ advertise_mode = "CUSTOM"
+ asn = 16550
+ advertised_groups = ["ALL_SUBNETS"]
+ advertised_ip_ranges {
+ range = "10.255.255.0/24"
+ }
+ advertised_ip_ranges {
+ range = "192.168.255.0/24"
+ }
+ }
+}
+
+module "example-va" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment"
+ description = "Example vlan attachment"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router.name
+ }
+}
+# tftest modules=1 resources=3
+```
+
+### Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
+
+```hcl
+resource "google_compute_router" "interconnect-router" {
+ name = "interconnect-router"
+ network = "mynet"
+ project = "myproject"
+ region = "europe-west8"
+ bgp {
+ asn = 64514
+ advertise_mode = "CUSTOM"
+ advertised_groups = ["ALL_SUBNETS"]
+ advertised_ip_ranges {
+ range = "10.255.255.0/24"
+ }
+ advertised_ip_ranges {
+ range = "192.168.255.0/24"
+ }
+ }
+}
+
+module "example-va-a" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment-a"
+ description = "interconnect-a vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router.name
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.0.0/30"
+ interconnect = "interconnect-a"
+ vlan_tag = 1001
+ }
+}
+
+module "example-va-b" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment-b"
+ description = "interconnect-b vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router.name
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.0.4/30"
+ interconnect = "interconnect-b"
+ vlan_tag = 1002
+ }
+}
+# tftest modules=2 resources=7
+```
+
+### Partner Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
+
+```hcl
+resource "google_compute_router" "interconnect-router" {
+ name = "interconnect-router"
+ network = "mynet"
+ project = "myproject"
+ region = "europe-west8"
+ bgp {
+ asn = 16550
+ advertise_mode = "CUSTOM"
+ advertised_groups = ["ALL_SUBNETS"]
+ advertised_ip_ranges {
+ range = "10.255.255.0/24"
+ }
+ advertised_ip_ranges {
+ range = "192.168.255.0/24"
+ }
+ }
+}
+
+module "example-va-a" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment-a"
+ description = "interconnect-a vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router.name
+ }
+ partner_interconnect_config = {
+ edge_availability_domain = "AVAILABILITY_DOMAIN_1"
+ }
+}
+
+module "example-va-b" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment-b"
+ description = "interconnect-b vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router.name
+ }
+ partner_interconnect_config = {
+ edge_availability_domain = "AVAILABILITY_DOMAIN_2"
+ }
+}
+# tftest modules=2 resources=5
+```
+
+### Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
+
+```hcl
+resource "google_compute_router" "interconnect-router-ew8" {
+ name = "interconnect-router-ew8"
+ network = "mynet"
+ project = "myproject"
+ region = "europe-west8"
+ bgp {
+ asn = 64514
+ advertise_mode = "CUSTOM"
+ advertised_groups = ["ALL_SUBNETS"]
+ advertised_ip_ranges {
+ range = "10.255.255.0/24"
+ }
+ advertised_ip_ranges {
+ range = "192.168.255.0/24"
+ }
+ }
+}
+
+resource "google_compute_router" "interconnect-router-ew12" {
+ name = "interconnect-router-ew12"
+ network = "mynet"
+ project = "myproject"
+ region = "europe-west12"
+ bgp {
+ asn = 64514
+ advertise_mode = "CUSTOM"
+ advertised_groups = ["ALL_SUBNETS"]
+ advertised_ip_ranges {
+ range = "10.255.255.0/24"
+ }
+ advertised_ip_ranges {
+ range = "192.168.255.0/24"
+ }
+ }
+}
+
+module "example-va-a-ew8" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment-a-ew8"
+ description = "interconnect-a-ew8 vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router-ew8.name
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.0.0/30"
+ interconnect = "interconnect-a-ew8"
+ vlan_tag = 1001
+ }
+}
+
+module "example-va-b-ew8" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment-b-ew8"
+ description = "interconnect-b-ew8 vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router-ew8.name
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.0.4/30"
+ interconnect = "interconnect-b-ew8"
+ vlan_tag = 1002
+ }
+}
+
+module "example-va-a-ew12" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west12"
+ name = "vlan-attachment-a-ew12"
+ description = "interconnect-a-ew12 vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router-ew12.name
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.1.0/30"
+ interconnect = "interconnect-a-ew12"
+ vlan_tag = 1003
+ }
+}
+
+module "example-va-b-ew12" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west12"
+ name = "vlan-attachment-b-ew12"
+ description = "interconnect-b-ew12 vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router-ew12.name
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.1.4/30"
+ interconnect = "interconnect-b-ew12"
+ vlan_tag = 1004
+ }
+}
+# tftest modules=4 resources=14
+```
+
+### Partner Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
+
+```hcl
+resource "google_compute_router" "interconnect-router-ew8" {
+ name = "interconnect-router-ew8"
+ network = "mynet"
+ project = "myproject"
+ region = "europe-west8"
+ bgp {
+ asn = 16550
+ advertise_mode = "CUSTOM"
+ advertised_groups = ["ALL_SUBNETS"]
+ advertised_ip_ranges {
+ range = "10.255.255.0/24"
+ }
+ advertised_ip_ranges {
+ range = "192.168.255.0/24"
+ }
+ }
+}
+
+resource "google_compute_router" "interconnect-router-ew12" {
+ name = "interconnect-router-ew12"
+ network = "mynet"
+ project = "myproject"
+ region = "europe-west12"
+ bgp {
+ asn = 64514
+ advertise_mode = "CUSTOM"
+ advertised_groups = ["ALL_SUBNETS"]
+ advertised_ip_ranges {
+ range = "10.255.255.0/24"
+ }
+ advertised_ip_ranges {
+ range = "192.168.255.0/24"
+ }
+ }
+}
+
+module "example-va-a-ew8" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment-a-ew8"
+ description = "interconnect-a-ew8 vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router-ew8.name
+ }
+ partner_interconnect_config = {
+ edge_availability_domain = "AVAILABILITY_DOMAIN_1"
+ }
+}
+
+module "example-va-b-ew8" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west8"
+ name = "vlan-attachment-b-ew8"
+ description = "interconnect-b-ew8 vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router-ew8.name
+ }
+ partner_interconnect_config = {
+ edge_availability_domain = "AVAILABILITY_DOMAIN_2"
+ }
+}
+
+module "example-va-a-ew12" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west12"
+ name = "vlan-attachment-a-ew12"
+ description = "interconnect-a-ew12 vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router-ew12.name
+ }
+ partner_interconnect_config = {
+ edge_availability_domain = "AVAILABILITY_DOMAIN_1"
+ }
+}
+
+module "example-va-b-ew12" {
+ source = "./fabric/modules/net-vlan-attachment"
+ network = "mynet"
+ project_id = "myproject"
+ region = "europe-west12"
+ name = "vlan-attachment-b-ew12"
+ description = "interconnect-b-ew12 vlan attachment 0"
+ peer_asn = "65000"
+ router_config = {
+ create = false
+ name = google_compute_router.interconnect-router-ew12.name
+ }
+ partner_interconnect_config = {
+ edge_availability_domain = "AVAILABILITY_DOMAIN_2"
+ }
+}
+# tftest modules=4 resources=10
+```
+
+### IPSec over Interconnect enabled setup
+
+Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
+
+```hcl
+resource "google_compute_router" "encrypted-interconnect-underlay-router-ew8" {
+ name = "encrypted-interconnect-underlay-router-ew8"
+ project = "myproject"
+ network = "mynet"
+ region = "europe-west8"
+ encrypted_interconnect_router = true
+ bgp {
+ advertise_mode = "DEFAULT"
+ asn = 64514
+ }
+}
+
+module "example-va-a" {
+ source = "./fabric/modules/net-vlan-attachment"
+ project_id = "myproject"
+ network = "mynet"
+ region = "europe-west8"
+ name = "encrypted-vlan-attachment-a"
+ description = "example-va-a vlan attachment"
+ peer_asn = "65001"
+ router_config = {
+ create = false
+ name = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.0.0/30"
+ interconnect = "interconnect-a"
+ vlan_tag = 1001
+ }
+ vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
+}
+
+module "example-va-b" {
+ source = "./fabric/modules/net-vlan-attachment"
+ project_id = "myproject"
+ network = "mynet"
+ region = "europe-west8"
+ name = "encrypted-vlan-attachment-b"
+ description = "example-va-b vlan attachment"
+ peer_asn = "65001"
+ router_config = {
+ create = false
+ name = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
+ }
+ dedicated_interconnect_config = {
+ bandwidth = "BPS_10G"
+ bgp_range = "169.254.0.4/30"
+ interconnect = "interconnect-b"
+ vlan_tag = 1002
+ }
+ vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
+}
+# tftest modules=2 resources=9
+```
+
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [description](variables.tf#L35) | VLAN attachment description. | string | ✓ | |
+| [name](variables.tf#L52) | The common resources name, used after resource type prefix and suffix. | string | ✓ | |
+| [network](variables.tf#L57) | The VPC name to which resources are associated to. | string | ✓ | |
+| [peer_asn](variables.tf#L70) | The on-premises underlay router ASN. | string | ✓ | |
+| [project_id](variables.tf#L75) | The project id where resources are created. | string | ✓ | |
+| [region](variables.tf#L80) | The region where resources are created. | string | ✓ | |
+| [router_config](variables.tf#L85) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…}) | ✓ | |
+| [admin_enabled](variables.tf#L17) | Whether the VLAN attachment is enabled. | bool | | true |
+| [dedicated_interconnect_config](variables.tf#L23) | Partner interconnect configuration. | object({…}) | | null |
+| [ipsec_gateway_ip_ranges](variables.tf#L40) | IPSec Gateway IP Ranges. | map(string) | | {} |
+| [mtu](variables.tf#L46) | The MTU associated to the VLAN attachment (1440 / 1500). | number | | 1500 |
+| [partner_interconnect_config](variables.tf#L62) | Partner interconnect configuration. | object({…}) | | null |
+| [vlan_tag](variables.tf#L106) | The VLAN id to be used for this VLAN attachment. | number | | null |
+| [vpn_gateways_ip_range](variables.tf#L112) | The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. | string | | null |
+
+
diff --git a/modules/net-dedicated-vlan-attachment/main.tf b/modules/net-vlan-attachment/main.tf
similarity index 81%
rename from modules/net-dedicated-vlan-attachment/main.tf
rename to modules/net-vlan-attachment/main.tf
index 38d4426f..877ec4a7 100644
--- a/modules/net-dedicated-vlan-attachment/main.tf
+++ b/modules/net-vlan-attachment/main.tf
@@ -41,14 +41,15 @@ resource "google_compute_interconnect_attachment" "default" {
router = local.router
name = var.name
description = var.description
- interconnect = var.interconnect
- bandwidth = var.bandwidth
+ interconnect = try(var.dedicated_interconnect_config.interconnect, null)
+ bandwidth = try(var.dedicated_interconnect_config.bandwidth, null)
mtu = local.ipsec_enabled ? null : var.mtu
- candidate_subnets = [var.bgp_range]
- vlan_tag8021q = var.vlan_tag
+ candidate_subnets = var.dedicated_interconnect_config != null ? [var.dedicated_interconnect_config.bgp_range] : null
+ vlan_tag8021q = try(var.dedicated_interconnect_config.vlan_tag, null)
admin_enabled = var.admin_enabled
encryption = local.ipsec_enabled ? "IPSEC" : null
- type = "DEDICATED"
+ type = var.dedicated_interconnect_config == null ? "PARTNER" : "DEDICATED"
+ edge_availability_domain = try(var.partner_interconnect_config.edge_availability_domain, null)
ipsec_internal_addresses = local.ipsec_enabled ? [google_compute_address.default[0].self_link] : null
}
@@ -95,12 +96,13 @@ resource "google_compute_router" "unencrypted" {
}
resource "google_compute_router_interface" "default" {
+ count = var.dedicated_interconnect_config != null ? 1 : 0
project = var.project_id
region = var.region
name = "${var.name}-intf"
router = local.router
- ip_range = "${cidrhost(var.bgp_range, 1)}/${split("/", var.bgp_range)[1]}"
- interconnect_attachment = google_compute_interconnect_attachment.default.name
+ ip_range = google_compute_interconnect_attachment.default.cloud_router_ip_address
+ interconnect_attachment = google_compute_interconnect_attachment.default.self_link
}
resource "google_compute_router_peer" "default" {
@@ -108,7 +110,7 @@ resource "google_compute_router_peer" "default" {
project = var.project_id
router = local.router
region = var.region
- peer_ip_address = cidrhost(var.bgp_range, 2)
+ peer_ip_address = split("/", google_compute_interconnect_attachment.default.customer_router_ip_address)[0]
peer_asn = var.peer_asn
interface = "${var.name}-intf"
advertised_route_priority = 100
diff --git a/modules/net-dedicated-vlan-attachment/output.tf b/modules/net-vlan-attachment/output.tf
similarity index 84%
rename from modules/net-dedicated-vlan-attachment/output.tf
rename to modules/net-vlan-attachment/output.tf
index 9e55eb09..8085fe30 100644
--- a/modules/net-dedicated-vlan-attachment/output.tf
+++ b/modules/net-vlan-attachment/output.tf
@@ -29,6 +29,11 @@ output "name" {
value = google_compute_interconnect_attachment.default.name
}
+output "pairing_key" {
+ description = "Opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner."
+ value = google_compute_interconnect_attachment.default.pairing_key
+}
+
output "router" {
description = "Router resource (only if auto-created)."
value = local.ipsec_enabled ? one(google_compute_router.encrypted[*]) : one(google_compute_router.unencrypted[*])
diff --git a/modules/net-dedicated-vlan-attachment/variables.tf b/modules/net-vlan-attachment/variables.tf
similarity index 77%
rename from modules/net-dedicated-vlan-attachment/variables.tf
rename to modules/net-vlan-attachment/variables.tf
index 10e771ad..dacc3b4d 100644
--- a/modules/net-dedicated-vlan-attachment/variables.tf
+++ b/modules/net-vlan-attachment/variables.tf
@@ -20,17 +20,16 @@ variable "admin_enabled" {
default = true
}
-variable "bandwidth" {
- # Possible values @ https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_interconnect_attachment#bandwidth
- description = "The bandwidth assigned to the VLAN attachment (e.g. BPS_10G)."
- type = string
- default = "BPS_10G"
-}
-
-variable "bgp_range" {
- description = "The underlay link-local IP range (in CIDR notation)."
- type = string
- default = "169.254.128.0/29"
+variable "dedicated_interconnect_config" {
+ description = "Partner interconnect configuration."
+ type = object({
+ # Possible values @ https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_interconnect_attachment#bandwidth
+ bandwidth = optional(string, "BPS_10G")
+ bgp_range = optional(string, "169.254.128.0/29")
+ interconnect = string
+ vlan_tag = string
+ })
+ default = null
}
variable "description" {
@@ -38,11 +37,6 @@ variable "description" {
type = string
}
-variable "interconnect" {
- description = "The identifier of the interconnect the VLAN attachment binds to."
- type = string
-}
-
variable "ipsec_gateway_ip_ranges" {
description = "IPSec Gateway IP Ranges."
type = map(string)
@@ -65,6 +59,14 @@ variable "network" {
type = string
}
+variable "partner_interconnect_config" {
+ description = "Partner interconnect configuration."
+ type = object({
+ edge_availability_domain = optional(string, "AVAILABILITY_DOMAIN_ANY")
+ })
+ default = null
+}
+
variable "peer_asn" {
description = "The on-premises underlay router ASN."
type = string
@@ -104,6 +106,7 @@ variable "router_config" {
variable "vlan_tag" {
description = "The VLAN id to be used for this VLAN attachment."
type = number
+ default = null
}
variable "vpn_gateways_ip_range" {
diff --git a/modules/net-dedicated-vlan-attachment/versions.tf b/modules/net-vlan-attachment/versions.tf
similarity index 100%
rename from modules/net-dedicated-vlan-attachment/versions.tf
rename to modules/net-vlan-attachment/versions.tf