From 58c90feca29c53770b2f9165d19899cf830f09bd Mon Sep 17 00:00:00 2001
From: Julio Diez <jdiez@google.com>
Date: Tue, 7 Mar 2023 11:06:23 +0100
Subject: [PATCH] Add example of load-balanced router appliances

---
 modules/net-ncc/README.md | 75 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)

diff --git a/modules/net-ncc/README.md b/modules/net-ncc/README.md
index f3c4b859..5a2ff8bc 100644
--- a/modules/net-ncc/README.md
+++ b/modules/net-ncc/README.md
@@ -161,3 +161,78 @@ module "ncc" {
 }
 # tftest
 ```
+
+### Use load-balanced router appliance instances
+
+The following topology shows a site that uses load-balanced router appliance instances to connect to Google Cloud. Both router appliance instances are backing resources for the same spoke.
+
+```hcl
+module "vpc" {
+  source     = "./fabric/modules/net-vpc"
+  project_id = "my-project"
+  name       = "network-a"
+  subnets = [
+    {
+      name          = "subnet-a-1"
+      ip_cidr_range = "10.0.1.0/24"
+      region        = "us-west1"
+    }
+  ]
+}
+
+module "nva1" {
+  source     = "./fabric/modules/compute-vm"
+  project_id = "my-project"
+  zone       = "us-west1-a"
+  name       = "router-app-a"
+  network_interfaces = [{
+    network    = module.vpc.self_link
+    subnetwork = module.vpc.subnet_self_links["us-west1/subnet-a-1"]
+    addresses  = { external = null, internal = "10.0.1.10" }
+  }]
+  can_ip_forward = true
+}
+
+module "nva2" {
+  source     = "./fabric/modules/compute-vm"
+  project_id = "my-project"
+  zone       = "us-west1-b"
+  name       = "router-app-b"
+  network_interfaces = [{
+    network    = module.vpc.self_link
+    subnetwork = module.vpc.subnet_self_links["us-west1/subnet-a-1"]
+    addresses  = { external = null, internal = "10.0.1.11" }
+  }]
+  can_ip_forward = true
+}
+
+module "ncc" {
+  source     = "./fabric/modules/net-ncc"
+  asn        = 65000
+  name       = "ncc-hub"
+  project_id = "my-project"
+  spokes = {
+    spoke-a = {
+      vpc        = module.vpc.name
+      region     = "us-west1"
+      subnetwork = module.vpc.subnet_self_links["us-west1/subnet-a-1"]
+      nvas = [
+        {
+          vm = module.nva1.self_link
+          ip = module.nva1.internal_ip
+        },
+        {
+          vm = module.nva2.self_link
+          ip = module.nva2.internal_ip
+        }
+      ]
+      router = {
+        ip1      = "10.0.1.5"
+        ip2      = "10.0.1.6"
+        peer_asn = 65001
+      }
+    }
+  }
+}
+# tftest
+```