HA VPN topologies

HA VPN supports one of the following recommended topologies:

⁠

Connect Google Cloud to your peer VPN gateway⁠

: This topology requires two VPN tunnels from the HA VPN gateway to achieve the high availability SLA. In this configuration, HA VPN has three typical peer gateway configurations:

Two separate peer VPN gateways, each with its own IP address.

One peer VPN gateway with two separate IP addresses.

One peer VPN gateway with one IP address.

⁠

HA VPN to two peer (on-premises) VPN gateways

HA VPN to two peer (on-premises) VPN gateways

⁠

HA VPN to one peer (on-premises) VPN gateway with two IP addresses

HA VPN to one peer (on-premises) VPN gateway with two IP addresses

⁠

HA VPN to one peer (on-premises) VPN gateway with one IP address

HA VPN to one peer (on-premises) VPN gateway with one IP address

⁠

Connect multiple Google Cloud VPC networks⁠

: To connect two Google Cloud VPC networks, you create an HA VPN gateway in each network. The networks can be in the same or different

Google Cloud regions⁠

You receive a different availability SLA for HA VPN gateways deployed in the same region versus those deployed across different regions. For more information, see

High availability Configurations for HA VPN⁠

⁠

Connect a HA VPN gateway to Compute Engine VM instances⁠

: In this topology, you connect an HA VPN gateway to a Compute Engine virtual machine (VM) instance. Your VM instances can be in same zone or different zones.

The availability SLA of the Compute Engine VM instance determines the availability SLA for the VPN connection.

⁠

A topology that connects an HA VPN gateway to a Compute Engine VM

A topology that connects an HA VPN gateway to a Compute Engine VM

⁠

A topology that connects an HA VPN gateway to two Compute Engine VM instances with each VM in a different zone

A topology that connects an HA VPN gateway to two Compute Engine VM instances with each VM in a different zone

⁠

HA VPN over Cloud Interconnect⁠

: In this topology, you create HA VPN tunnels to carry IPsec-encrypted traffic over VLAN attachments of either Dedicated Interconnect or Partner Interconnect. You can reserve regional internal IP address ranges for your HA VPN gateways. Your peer VPN gateway can also have internal IP addresses. For more information and architecture diagrams, see

HA VPN over Cloud Interconnect deployment architecture⁠

In Google Cloud, all peer gateway scenarios are represented by a single external peer VPN resource.

⁠

Cloud VPN supports both static and dynamic routes. In order to use dynamic routes, you need to configure Cloud Routers. Cloud Router can manage routes for a Cloud VPN tunnel using Border Gateway Protocol, or BGP. This routing method allows for routes to be updated and exchanged without changing the tunnel configuration.

⁠

HA VPN topologies | Google Cloud⁠

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.