VLAN Attachment module
This module allows for the provisioning of VLAN Attachments for Dedicated Interconnect or Partner Interconnect.
Examples
Dedicated Interconnect - Single VLAN Attachment (No SLA)
resource "google_compute_router" "interconnect-router" {
name = "interconnect-router"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
advertise_mode = "CUSTOM"
asn = 64514
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment"
description = "Example vlan attachment"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.0/30"
interconnect = "interconnect-a"
vlan_tag = 12345
}
}
# tftest modules=1 resources=4
Partner Interconnect - Single VLAN Attachment (No SLA)
resource "google_compute_router" "interconnect-router" {
name = "interconnect-router"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
advertise_mode = "CUSTOM"
asn = 16550
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment"
description = "Example vlan attachment"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
}
# tftest modules=1 resources=2
Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
resource "google_compute_router" "interconnect-router" {
name = "interconnect-router"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
asn = 64514
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va-a" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-a"
description = "interconnect-a vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.0/30"
interconnect = "interconnect-a"
vlan_tag = 1001
}
}
module "example-va-b" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-b"
description = "interconnect-b vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.4/30"
interconnect = "interconnect-b"
vlan_tag = 1002
}
}
# tftest modules=2 resources=7
Partner Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
resource "google_compute_router" "interconnect-router" {
name = "interconnect-router"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
asn = 16550
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va-a" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-a"
description = "interconnect-a vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
}
}
module "example-va-b" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-b"
description = "interconnect-b vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
# tftest modules=2 resources=3
Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
resource "google_compute_router" "interconnect-router-ew8" {
name = "interconnect-router-ew8"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
asn = 64514
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
resource "google_compute_router" "interconnect-router-ew12" {
name = "interconnect-router-ew12"
network = "mynet"
project = "myproject"
region = "europe-west12"
bgp {
asn = 64514
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va-a-ew8" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-a-ew8"
description = "interconnect-a-ew8 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew8.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.0/30"
interconnect = "interconnect-a-ew8"
vlan_tag = 1001
}
}
module "example-va-b-ew8" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-b-ew8"
description = "interconnect-b-ew8 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew8.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.4/30"
interconnect = "interconnect-b-ew8"
vlan_tag = 1002
}
}
module "example-va-a-ew12" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west12"
name = "vlan-attachment-a-ew12"
description = "interconnect-a-ew12 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew12.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.1.0/30"
interconnect = "interconnect-a-ew12"
vlan_tag = 1003
}
}
module "example-va-b-ew12" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west12"
name = "vlan-attachment-b-ew12"
description = "interconnect-b-ew12 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew12.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.1.4/30"
interconnect = "interconnect-b-ew12"
vlan_tag = 1004
}
}
# tftest modules=4 resources=14
Partner Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
resource "google_compute_router" "interconnect-router-ew8" {
name = "interconnect-router-ew8"
network = "mynet"
project = "myproject"
region = "europe-west8"
bgp {
asn = 16550
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
resource "google_compute_router" "interconnect-router-ew12" {
name = "interconnect-router-ew12"
network = "mynet"
project = "myproject"
region = "europe-west12"
bgp {
asn = 16550
advertise_mode = "CUSTOM"
advertised_groups = ["ALL_SUBNETS"]
advertised_ip_ranges {
range = "10.255.255.0/24"
}
advertised_ip_ranges {
range = "192.168.255.0/24"
}
}
}
module "example-va-a-ew8" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-a-ew8"
description = "interconnect-a-ew8 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew8.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
}
}
module "example-va-b-ew8" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west8"
name = "vlan-attachment-b-ew8"
description = "interconnect-b-ew8 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew8.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
module "example-va-a-ew12" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west12"
name = "vlan-attachment-a-ew12"
description = "interconnect-a-ew12 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew12.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
}
}
module "example-va-b-ew12" {
source = "./fabric/modules/net-vlan-attachment"
network = "mynet"
project_id = "myproject"
region = "europe-west12"
name = "vlan-attachment-b-ew12"
description = "interconnect-b-ew12 vlan attachment 0"
peer_asn = "65000"
router_config = {
create = false
name = google_compute_router.interconnect-router-ew12.name
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
# tftest modules=4 resources=6
IPSec for Dedicated Interconnect
Refer to the HA VPN over Interconnect Blueprint for an all-encompassing example.
resource "google_compute_router" "encrypted-interconnect-underlay-router-ew8" {
name = "encrypted-interconnect-underlay-router-ew8"
project = "myproject"
network = "mynet"
region = "europe-west8"
encrypted_interconnect_router = true
bgp {
advertise_mode = "DEFAULT"
asn = 64514
}
}
module "example-va-a" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-a"
description = "example-va-a vlan attachment"
peer_asn = "65001"
router_config = {
create = false
name = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.0/30"
interconnect = "interconnect-a"
vlan_tag = 1001
}
vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
}
module "example-va-b" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-b"
description = "example-va-b vlan attachment"
peer_asn = "65001"
router_config = {
create = false
name = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
}
dedicated_interconnect_config = {
bandwidth = "BPS_10G"
bgp_range = "169.254.0.4/30"
interconnect = "interconnect-b"
vlan_tag = 1002
}
vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
}
# tftest modules=2 resources=9
IPSec for Partner Interconnect
module "example-va-a" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-a"
description = "example-va-a vlan attachment"
peer_asn = "65001"
router_config = {
create = true
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
}
vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
}
module "example-va-b" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-b"
description = "example-va-b vlan attachment"
peer_asn = "65001"
router_config = {
create = true
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
}
# tftest modules=2 resources=6
Variables
name |
description |
type |
required |
default |
description |
VLAN attachment description. |
string |
✓ |
|
name |
The common resources name, used after resource type prefix and suffix. |
string |
✓ |
|
network |
The VPC name to which resources are associated to. |
string |
✓ |
|
peer_asn |
The on-premises underlay router ASN. |
string |
✓ |
|
project_id |
The project id where resources are created. |
string |
✓ |
|
region |
The region where resources are created. |
string |
✓ |
|
router_config |
Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. |
object({…}) |
✓ |
|
admin_enabled |
Whether the VLAN attachment is enabled. |
bool |
|
true |
dedicated_interconnect_config |
Partner interconnect configuration. |
object({…}) |
|
null |
ipsec_gateway_ip_ranges |
IPSec Gateway IP Ranges. |
map(string) |
|
{} |
mtu |
The MTU associated to the VLAN attachment (1440 / 1500). |
number |
|
1500 |
partner_interconnect_config |
Partner interconnect configuration. |
object({…}) |
|
null |
vlan_tag |
The VLAN id to be used for this VLAN attachment. |
number |
|
null |
vpn_gateways_ip_range |
The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. |
string |
|
null |
Outputs
name |
description |
sensitive |
attachment |
VLAN Attachment resource. |
|
id |
Fully qualified VLAN attachment id. |
|
name |
The name of the VLAN attachment created. |
|
pairing_key |
Opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner. |
|
router |
Router resource (only if auto-created). |
|
router_interface |
Router interface created for the VLAN attachment. |
|
router_name |
Router name. |
|