Merge pull request #1420 from apichick/net-vlan-attachment
Move net-dedicated-vlan-attachment module to net-vlan-attachment and …
This commit is contained in:
commit
19860333a7
|
@ -30,7 +30,7 @@ The current list of modules supports most of the core foundational and networkin
|
|||
Currently available modules:
|
||||
|
||||
- **foundational** - [billing budget](./modules/billing-budget), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source)
|
||||
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [Dedicated VLAN Attachment](./modules/net-dedicated-vlan-attachment/), [Global Load Balancer (classic)](./modules/net-glb/), [L4 ILB](./modules/net-ilb), [L7 ILB](./modules/net-ilb-l7), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [Network LB](./modules/net-nlb), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC firewall policy](./modules/net-vpc-firewall-policy), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory)
|
||||
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [Global Load Balancer (classic)](./modules/net-glb/), [L4 ILB](./modules/net-ilb), [L7 ILB](./modules/net-ilb-l7), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [Network LB](./modules/net-nlb), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC firewall policy](./modules/net-vpc-firewall-policy), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory)
|
||||
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool)
|
||||
- **data** - [AlloyDB instance](./modules/alloydb-instance), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Cloud Dataplex](./modules/cloud-dataplex), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub)
|
||||
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository)
|
||||
|
|
|
@ -27,39 +27,43 @@ resource "google_compute_router" "encrypted-interconnect-underlay-router" {
|
|||
}
|
||||
|
||||
module "va-a" {
|
||||
source = "../../../modules/net-dedicated-vlan-attachment"
|
||||
source = "../../../modules/net-vlan-attachment"
|
||||
project_id = var.project_id
|
||||
network = var.network
|
||||
region = var.region
|
||||
name = "${var.underlay_config.attachments.a.base_name}-a"
|
||||
bandwidth = var.underlay_config.attachments.a.bandwidth
|
||||
bgp_range = var.underlay_config.attachments.a.bgp_range
|
||||
description = "Encrypted VLAN Attachment ${var.underlay_config.attachments.a.base_name}-a"
|
||||
interconnect = var.underlay_config.attachments.a.interconnect_self_link
|
||||
peer_asn = var.underlay_config.attachments.a.onprem_asn
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.encrypted-interconnect-underlay-router.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = var.underlay_config.attachments.a.bandwidth
|
||||
bgp_range = var.underlay_config.attachments.a.bgp_range
|
||||
interconnect = var.underlay_config.attachments.a.interconnect_self_link
|
||||
vlan_tag = var.underlay_config.attachments.a.vlan_tag
|
||||
}
|
||||
vpn_gateways_ip_range = var.underlay_config.attachments.a.vpn_gateways_ip_range
|
||||
}
|
||||
|
||||
module "va-b" {
|
||||
source = "../../../modules/net-dedicated-vlan-attachment"
|
||||
source = "../../../modules/net-vlan-attachment"
|
||||
project_id = var.project_id
|
||||
network = var.network
|
||||
region = var.region
|
||||
name = "${var.underlay_config.attachments.a.base_name}-b"
|
||||
bandwidth = var.underlay_config.attachments.b.bandwidth
|
||||
bgp_range = var.underlay_config.attachments.b.bgp_range
|
||||
description = "Encrypted VLAN Attachment ${var.underlay_config.attachments.a.base_name}-b"
|
||||
interconnect = var.underlay_config.attachments.b.interconnect_self_link
|
||||
peer_asn = var.underlay_config.attachments.b.onprem_asn
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.encrypted-interconnect-underlay-router.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = var.underlay_config.attachments.b.bandwidth
|
||||
bgp_range = var.underlay_config.attachments.b.bgp_range
|
||||
interconnect = var.underlay_config.attachments.b.interconnect_self_link
|
||||
vlan_tag = var.underlay_config.attachments.b.vlan_tag
|
||||
}
|
||||
vpn_gateways_ip_range = var.underlay_config.attachments.b.vpn_gateways_ip_range
|
||||
}
|
||||
|
|
|
@ -1,299 +0,0 @@
|
|||
# VLAN Attachment module
|
||||
|
||||
This module allows for the provisioning of [VLAN Attachments](https://cloud.google.com/network-connectivity/docs/interconnect/how-to/dedicated/creating-vlan-attachments?hl=it) created from [Dedicated Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/dedicated-overview?hl=en) connections.
|
||||
|
||||
## Examples
|
||||
|
||||
### Single VLAN Attachment (No SLA)
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "interconnect-router" {
|
||||
name = "interconnect-router"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west8"
|
||||
bgp {
|
||||
advertise_mode = "CUSTOM"
|
||||
asn = 64514
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va" {
|
||||
source = "./fabric/modules/net-dedicated-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment"
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.0/30"
|
||||
description = "Example vlan attachment"
|
||||
interconnect = "interconnect-a"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router.id
|
||||
}
|
||||
vlan_tag = 12345
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
```
|
||||
|
||||
### Two VLAN Attachments on a single region (99.9% SLA)
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "interconnect-router" {
|
||||
name = "interconnect-router"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west8"
|
||||
bgp {
|
||||
asn = 64514
|
||||
advertise_mode = "CUSTOM"
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a" {
|
||||
source = "./fabric/modules/net-dedicated-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-a"
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.0/30"
|
||||
description = "interconnect-a vlan attachment 0"
|
||||
interconnect = "interconnect-a"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router.id
|
||||
}
|
||||
vlan_tag = 1001
|
||||
}
|
||||
|
||||
module "example-va-b" {
|
||||
source = "./fabric/modules/net-dedicated-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-b"
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.4/30"
|
||||
description = "interconnect-b vlan attachment 0"
|
||||
interconnect = "interconnect-b"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router.id
|
||||
}
|
||||
vlan_tag = 1002
|
||||
}
|
||||
# tftest modules=2 resources=7
|
||||
```
|
||||
|
||||
### Four VLAN Attachments on two regions (99.99% SLA)
|
||||
|
||||
```hcl
|
||||
|
||||
resource "google_compute_router" "interconnect-router-ew8" {
|
||||
name = "interconnect-router-ew8"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west8"
|
||||
bgp {
|
||||
asn = 64514
|
||||
advertise_mode = "CUSTOM"
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_router" "interconnect-router-ew12" {
|
||||
name = "interconnect-router-ew12"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west12"
|
||||
bgp {
|
||||
asn = 64514
|
||||
advertise_mode = "CUSTOM"
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a-ew8" {
|
||||
source = "./fabric/modules/net-dedicated-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-a-ew8"
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.0/30"
|
||||
description = "interconnect-a-ew8 vlan attachment 0"
|
||||
interconnect = "interconnect-a-ew8"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew8.id
|
||||
}
|
||||
vlan_tag = 1001
|
||||
}
|
||||
|
||||
module "example-va-b-ew8" {
|
||||
source = "./fabric/modules/net-dedicated-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-b-ew8"
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.4/30"
|
||||
description = "interconnect-b-ew8 vlan attachment 0"
|
||||
interconnect = "interconnect-b-ew8"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew8.id
|
||||
}
|
||||
vlan_tag = 1002
|
||||
}
|
||||
|
||||
module "example-va-a-ew12" {
|
||||
source = "./fabric/modules/net-dedicated-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west12"
|
||||
name = "vlan-attachment-a-ew12"
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.1.0/30"
|
||||
description = "interconnect-a-ew12 vlan attachment 0"
|
||||
interconnect = "interconnect-a-ew12"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew12.id
|
||||
}
|
||||
vlan_tag = 1003
|
||||
}
|
||||
|
||||
module "example-va-b-ew12" {
|
||||
source = "./fabric/modules/net-dedicated-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west12"
|
||||
name = "vlan-attachment-b-ew12"
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.1.4/30"
|
||||
description = "interconnect-b-ew12 vlan attachment 0"
|
||||
interconnect = "interconnect-b-ew12"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew12.id
|
||||
}
|
||||
vlan_tag = 1004
|
||||
}
|
||||
# tftest modules=4 resources=14
|
||||
```
|
||||
|
||||
### IPSec over Interconnect enabled setup
|
||||
|
||||
Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "encrypted-interconnect-underlay-router-ew8" {
|
||||
name = "encrypted-interconnect-underlay-router-ew8"
|
||||
project = "myproject"
|
||||
network = "mynet"
|
||||
region = "europe-west8"
|
||||
encrypted_interconnect_router = true
|
||||
bgp {
|
||||
advertise_mode = "DEFAULT"
|
||||
asn = 64514
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a" {
|
||||
source = "./fabric/modules/net-dedicated-vlan-attachment"
|
||||
project_id = "myproject"
|
||||
network = "mynet"
|
||||
region = "europe-west8"
|
||||
name = "encrypted-vlan-attachment-a"
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.0/30"
|
||||
description = "example-va-a vlan attachment"
|
||||
interconnect = "interconnect-a"
|
||||
peer_asn = "65001"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.encrypted-interconnect-underlay-router-ew8.id
|
||||
}
|
||||
vlan_tag = 1001
|
||||
vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
|
||||
}
|
||||
|
||||
module "example-va-b" {
|
||||
source = "./fabric/modules/net-dedicated-vlan-attachment"
|
||||
project_id = "myproject"
|
||||
network = "mynet"
|
||||
region = "europe-west8"
|
||||
name = "encrypted-vlan-attachment-b"
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.4/30"
|
||||
description = "example-va-b vlan attachment"
|
||||
interconnect = "interconnect-b"
|
||||
peer_asn = "65001"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.encrypted-interconnect-underlay-router-ew8.id
|
||||
}
|
||||
vlan_tag = 1002
|
||||
vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
|
||||
}
|
||||
# tftest modules=2 resources=9
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [description](variables.tf#L36) | VLAN attachment description. | <code>string</code> | ✓ | |
|
||||
| [interconnect](variables.tf#L41) | The identifier of the interconnect the VLAN attachment binds to. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L58) | The common resources name, used after resource type prefix and suffix. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L63) | The VPC name to which resources are associated to. | <code>string</code> | ✓ | |
|
||||
| [peer_asn](variables.tf#L68) | The on-premises underlay router ASN. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L73) | The project id where resources are created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L78) | The region where resources are created. | <code>string</code> | ✓ | |
|
||||
| [router_config](variables.tf#L83) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | <code title="object({ create = optional(bool, true) asn = optional(number, 65001) name = optional(string, "router") keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) bfd = optional(object({ session_initialization_mode = optional(string, "ACTIVE") min_receive_interval = optional(number) min_transmit_interval = optional(number) multiplier = optional(number) })) })">object({…})</code> | ✓ | |
|
||||
| [vlan_tag](variables.tf#L104) | The VLAN id to be used for this VLAN attachment. | <code>number</code> | ✓ | |
|
||||
| [admin_enabled](variables.tf#L17) | Whether the VLAN attachment is enabled. | <code>bool</code> | | <code>true</code> |
|
||||
| [bandwidth](variables.tf#L23) | The bandwidth assigned to the VLAN attachment (e.g. BPS_10G). | <code>string</code> | | <code>"BPS_10G"</code> |
|
||||
| [bgp_range](variables.tf#L30) | The underlay link-local IP range (in CIDR notation). | <code>string</code> | | <code>"169.254.128.0/29"</code> |
|
||||
| [ipsec_gateway_ip_ranges](variables.tf#L46) | IPSec Gateway IP Ranges. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [mtu](variables.tf#L52) | The MTU associated to the VLAN attachment (1440 / 1500). | <code>number</code> | | <code>1500</code> |
|
||||
| [vpn_gateways_ip_range](variables.tf#L109) | The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. | <code>string</code> | | <code>null</code> |
|
||||
|
||||
<!-- END TFDOC -->
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
This module allows for the provisioning of [HA VPN over Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/ha-vpn-interconnect?hl=it). Specifically, this module creates a VPN gateway, a configurable number of tunnels, and all the resources required to established IPSec and BGP with the peer routers.
|
||||
|
||||
The required pair of encrypted VLAN Attachments can be created leveraging the [net-dedicated-vlan-attachment](../net-dedicated-vlan-attachment/) module, as shown in the [IoIC Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/).
|
||||
The required pair of encrypted VLAN Attachments can be created leveraging the [net-vlan-attachment](../net-vlan-attachment/) module, as shown in the [IoIC Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/).
|
||||
|
||||
## Examples
|
||||
|
||||
|
|
|
@ -0,0 +1,518 @@
|
|||
# VLAN Attachment module
|
||||
|
||||
This module allows for the provisioning of VLAN Attachments for [Dedicated Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/how-to/dedicated/creating-vlan-attachments) or [Partner Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/how-to/partner/creating-vlan-attachments).
|
||||
|
||||
## Examples
|
||||
|
||||
### Dedicated Interconnect - Single VLAN Attachment (No SLA)
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "interconnect-router" {
|
||||
name = "interconnect-router"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west8"
|
||||
bgp {
|
||||
advertise_mode = "CUSTOM"
|
||||
asn = 64514
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment"
|
||||
description = "Example vlan attachment"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.0/30"
|
||||
interconnect = "interconnect-a"
|
||||
vlan_tag = 12345
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
```
|
||||
|
||||
### Partner Interconnect - Single VLAN Attachment (No SLA)
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "interconnect-router" {
|
||||
name = "interconnect-router"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west8"
|
||||
bgp {
|
||||
advertise_mode = "CUSTOM"
|
||||
asn = 16550
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment"
|
||||
description = "Example vlan attachment"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router.name
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
```
|
||||
|
||||
### Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "interconnect-router" {
|
||||
name = "interconnect-router"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west8"
|
||||
bgp {
|
||||
asn = 64514
|
||||
advertise_mode = "CUSTOM"
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-a"
|
||||
description = "interconnect-a vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.0/30"
|
||||
interconnect = "interconnect-a"
|
||||
vlan_tag = 1001
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-b" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-b"
|
||||
description = "interconnect-b vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.4/30"
|
||||
interconnect = "interconnect-b"
|
||||
vlan_tag = 1002
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=7
|
||||
```
|
||||
|
||||
### Partner Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "interconnect-router" {
|
||||
name = "interconnect-router"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west8"
|
||||
bgp {
|
||||
asn = 16550
|
||||
advertise_mode = "CUSTOM"
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-a"
|
||||
description = "interconnect-a vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router.name
|
||||
}
|
||||
partner_interconnect_config = {
|
||||
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-b" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-b"
|
||||
description = "interconnect-b vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router.name
|
||||
}
|
||||
partner_interconnect_config = {
|
||||
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=5
|
||||
```
|
||||
|
||||
### Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "interconnect-router-ew8" {
|
||||
name = "interconnect-router-ew8"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west8"
|
||||
bgp {
|
||||
asn = 64514
|
||||
advertise_mode = "CUSTOM"
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_router" "interconnect-router-ew12" {
|
||||
name = "interconnect-router-ew12"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west12"
|
||||
bgp {
|
||||
asn = 64514
|
||||
advertise_mode = "CUSTOM"
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a-ew8" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-a-ew8"
|
||||
description = "interconnect-a-ew8 vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew8.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.0/30"
|
||||
interconnect = "interconnect-a-ew8"
|
||||
vlan_tag = 1001
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-b-ew8" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-b-ew8"
|
||||
description = "interconnect-b-ew8 vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew8.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.4/30"
|
||||
interconnect = "interconnect-b-ew8"
|
||||
vlan_tag = 1002
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a-ew12" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west12"
|
||||
name = "vlan-attachment-a-ew12"
|
||||
description = "interconnect-a-ew12 vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew12.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.1.0/30"
|
||||
interconnect = "interconnect-a-ew12"
|
||||
vlan_tag = 1003
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-b-ew12" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west12"
|
||||
name = "vlan-attachment-b-ew12"
|
||||
description = "interconnect-b-ew12 vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew12.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.1.4/30"
|
||||
interconnect = "interconnect-b-ew12"
|
||||
vlan_tag = 1004
|
||||
}
|
||||
}
|
||||
# tftest modules=4 resources=14
|
||||
```
|
||||
|
||||
### Partner Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "interconnect-router-ew8" {
|
||||
name = "interconnect-router-ew8"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west8"
|
||||
bgp {
|
||||
asn = 16550
|
||||
advertise_mode = "CUSTOM"
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_router" "interconnect-router-ew12" {
|
||||
name = "interconnect-router-ew12"
|
||||
network = "mynet"
|
||||
project = "myproject"
|
||||
region = "europe-west12"
|
||||
bgp {
|
||||
asn = 64514
|
||||
advertise_mode = "CUSTOM"
|
||||
advertised_groups = ["ALL_SUBNETS"]
|
||||
advertised_ip_ranges {
|
||||
range = "10.255.255.0/24"
|
||||
}
|
||||
advertised_ip_ranges {
|
||||
range = "192.168.255.0/24"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a-ew8" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-a-ew8"
|
||||
description = "interconnect-a-ew8 vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew8.name
|
||||
}
|
||||
partner_interconnect_config = {
|
||||
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-b-ew8" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west8"
|
||||
name = "vlan-attachment-b-ew8"
|
||||
description = "interconnect-b-ew8 vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew8.name
|
||||
}
|
||||
partner_interconnect_config = {
|
||||
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a-ew12" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west12"
|
||||
name = "vlan-attachment-a-ew12"
|
||||
description = "interconnect-a-ew12 vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew12.name
|
||||
}
|
||||
partner_interconnect_config = {
|
||||
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-b-ew12" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
network = "mynet"
|
||||
project_id = "myproject"
|
||||
region = "europe-west12"
|
||||
name = "vlan-attachment-b-ew12"
|
||||
description = "interconnect-b-ew12 vlan attachment 0"
|
||||
peer_asn = "65000"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.interconnect-router-ew12.name
|
||||
}
|
||||
partner_interconnect_config = {
|
||||
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
|
||||
}
|
||||
}
|
||||
# tftest modules=4 resources=10
|
||||
```
|
||||
|
||||
### IPSec over Interconnect enabled setup
|
||||
|
||||
Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.
|
||||
|
||||
```hcl
|
||||
resource "google_compute_router" "encrypted-interconnect-underlay-router-ew8" {
|
||||
name = "encrypted-interconnect-underlay-router-ew8"
|
||||
project = "myproject"
|
||||
network = "mynet"
|
||||
region = "europe-west8"
|
||||
encrypted_interconnect_router = true
|
||||
bgp {
|
||||
advertise_mode = "DEFAULT"
|
||||
asn = 64514
|
||||
}
|
||||
}
|
||||
|
||||
module "example-va-a" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
project_id = "myproject"
|
||||
network = "mynet"
|
||||
region = "europe-west8"
|
||||
name = "encrypted-vlan-attachment-a"
|
||||
description = "example-va-a vlan attachment"
|
||||
peer_asn = "65001"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.0/30"
|
||||
interconnect = "interconnect-a"
|
||||
vlan_tag = 1001
|
||||
}
|
||||
vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
|
||||
}
|
||||
|
||||
module "example-va-b" {
|
||||
source = "./fabric/modules/net-vlan-attachment"
|
||||
project_id = "myproject"
|
||||
network = "mynet"
|
||||
region = "europe-west8"
|
||||
name = "encrypted-vlan-attachment-b"
|
||||
description = "example-va-b vlan attachment"
|
||||
peer_asn = "65001"
|
||||
router_config = {
|
||||
create = false
|
||||
name = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
|
||||
}
|
||||
dedicated_interconnect_config = {
|
||||
bandwidth = "BPS_10G"
|
||||
bgp_range = "169.254.0.4/30"
|
||||
interconnect = "interconnect-b"
|
||||
vlan_tag = 1002
|
||||
}
|
||||
vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
|
||||
}
|
||||
# tftest modules=2 resources=9
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [description](variables.tf#L35) | VLAN attachment description. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L52) | The common resources name, used after resource type prefix and suffix. | <code>string</code> | ✓ | |
|
||||
| [network](variables.tf#L57) | The VPC name to which resources are associated to. | <code>string</code> | ✓ | |
|
||||
| [peer_asn](variables.tf#L70) | The on-premises underlay router ASN. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L75) | The project id where resources are created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L80) | The region where resources are created. | <code>string</code> | ✓ | |
|
||||
| [router_config](variables.tf#L85) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | <code title="object({ create = optional(bool, true) asn = optional(number, 65001) name = optional(string, "router") keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) bfd = optional(object({ session_initialization_mode = optional(string, "ACTIVE") min_receive_interval = optional(number) min_transmit_interval = optional(number) multiplier = optional(number) })) })">object({…})</code> | ✓ | |
|
||||
| [admin_enabled](variables.tf#L17) | Whether the VLAN attachment is enabled. | <code>bool</code> | | <code>true</code> |
|
||||
| [dedicated_interconnect_config](variables.tf#L23) | Partner interconnect configuration. | <code title="object({ bandwidth = optional(string, "BPS_10G") bgp_range = optional(string, "169.254.128.0/29") interconnect = string vlan_tag = string })">object({…})</code> | | <code>null</code> |
|
||||
| [ipsec_gateway_ip_ranges](variables.tf#L40) | IPSec Gateway IP Ranges. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [mtu](variables.tf#L46) | The MTU associated to the VLAN attachment (1440 / 1500). | <code>number</code> | | <code>1500</code> |
|
||||
| [partner_interconnect_config](variables.tf#L62) | Partner interconnect configuration. | <code title="object({ edge_availability_domain = optional(string, "AVAILABILITY_DOMAIN_ANY") })">object({…})</code> | | <code>null</code> |
|
||||
| [vlan_tag](variables.tf#L106) | The VLAN id to be used for this VLAN attachment. | <code>number</code> | | <code>null</code> |
|
||||
| [vpn_gateways_ip_range](variables.tf#L112) | The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. | <code>string</code> | | <code>null</code> |
|
||||
|
||||
<!-- END TFDOC -->
|
|
@ -41,14 +41,15 @@ resource "google_compute_interconnect_attachment" "default" {
|
|||
router = local.router
|
||||
name = var.name
|
||||
description = var.description
|
||||
interconnect = var.interconnect
|
||||
bandwidth = var.bandwidth
|
||||
interconnect = try(var.dedicated_interconnect_config.interconnect, null)
|
||||
bandwidth = try(var.dedicated_interconnect_config.bandwidth, null)
|
||||
mtu = local.ipsec_enabled ? null : var.mtu
|
||||
candidate_subnets = [var.bgp_range]
|
||||
vlan_tag8021q = var.vlan_tag
|
||||
candidate_subnets = var.dedicated_interconnect_config != null ? [var.dedicated_interconnect_config.bgp_range] : null
|
||||
vlan_tag8021q = try(var.dedicated_interconnect_config.vlan_tag, null)
|
||||
admin_enabled = var.admin_enabled
|
||||
encryption = local.ipsec_enabled ? "IPSEC" : null
|
||||
type = "DEDICATED"
|
||||
type = var.dedicated_interconnect_config == null ? "PARTNER" : "DEDICATED"
|
||||
edge_availability_domain = try(var.partner_interconnect_config.edge_availability_domain, null)
|
||||
ipsec_internal_addresses = local.ipsec_enabled ? [google_compute_address.default[0].self_link] : null
|
||||
}
|
||||
|
||||
|
@ -95,12 +96,13 @@ resource "google_compute_router" "unencrypted" {
|
|||
}
|
||||
|
||||
resource "google_compute_router_interface" "default" {
|
||||
count = var.dedicated_interconnect_config != null ? 1 : 0
|
||||
project = var.project_id
|
||||
region = var.region
|
||||
name = "${var.name}-intf"
|
||||
router = local.router
|
||||
ip_range = "${cidrhost(var.bgp_range, 1)}/${split("/", var.bgp_range)[1]}"
|
||||
interconnect_attachment = google_compute_interconnect_attachment.default.name
|
||||
ip_range = google_compute_interconnect_attachment.default.cloud_router_ip_address
|
||||
interconnect_attachment = google_compute_interconnect_attachment.default.self_link
|
||||
}
|
||||
|
||||
resource "google_compute_router_peer" "default" {
|
||||
|
@ -108,7 +110,7 @@ resource "google_compute_router_peer" "default" {
|
|||
project = var.project_id
|
||||
router = local.router
|
||||
region = var.region
|
||||
peer_ip_address = cidrhost(var.bgp_range, 2)
|
||||
peer_ip_address = split("/", google_compute_interconnect_attachment.default.customer_router_ip_address)[0]
|
||||
peer_asn = var.peer_asn
|
||||
interface = "${var.name}-intf"
|
||||
advertised_route_priority = 100
|
|
@ -29,6 +29,11 @@ output "name" {
|
|||
value = google_compute_interconnect_attachment.default.name
|
||||
}
|
||||
|
||||
output "pairing_key" {
|
||||
description = "Opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner."
|
||||
value = google_compute_interconnect_attachment.default.pairing_key
|
||||
}
|
||||
|
||||
output "router" {
|
||||
description = "Router resource (only if auto-created)."
|
||||
value = local.ipsec_enabled ? one(google_compute_router.encrypted[*]) : one(google_compute_router.unencrypted[*])
|
|
@ -20,17 +20,16 @@ variable "admin_enabled" {
|
|||
default = true
|
||||
}
|
||||
|
||||
variable "bandwidth" {
|
||||
variable "dedicated_interconnect_config" {
|
||||
description = "Partner interconnect configuration."
|
||||
type = object({
|
||||
# Possible values @ https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_interconnect_attachment#bandwidth
|
||||
description = "The bandwidth assigned to the VLAN attachment (e.g. BPS_10G)."
|
||||
type = string
|
||||
default = "BPS_10G"
|
||||
}
|
||||
|
||||
variable "bgp_range" {
|
||||
description = "The underlay link-local IP range (in CIDR notation)."
|
||||
type = string
|
||||
default = "169.254.128.0/29"
|
||||
bandwidth = optional(string, "BPS_10G")
|
||||
bgp_range = optional(string, "169.254.128.0/29")
|
||||
interconnect = string
|
||||
vlan_tag = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
|
@ -38,11 +37,6 @@ variable "description" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "interconnect" {
|
||||
description = "The identifier of the interconnect the VLAN attachment binds to."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ipsec_gateway_ip_ranges" {
|
||||
description = "IPSec Gateway IP Ranges."
|
||||
type = map(string)
|
||||
|
@ -65,6 +59,14 @@ variable "network" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "partner_interconnect_config" {
|
||||
description = "Partner interconnect configuration."
|
||||
type = object({
|
||||
edge_availability_domain = optional(string, "AVAILABILITY_DOMAIN_ANY")
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "peer_asn" {
|
||||
description = "The on-premises underlay router ASN."
|
||||
type = string
|
||||
|
@ -104,6 +106,7 @@ variable "router_config" {
|
|||
variable "vlan_tag" {
|
||||
description = "The VLAN id to be used for this VLAN attachment."
|
||||
type = number
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpn_gateways_ip_range" {
|
Loading…
Reference in New Issue