Enabling GCP Global VPC Routing

Overview

GCP Global VPC creates regional awareness between the VPC and Aviatrix gateways allowing you to restrict spoke gateway traffic to transit gateways in the same region as the spoke gateway. Without global VPC, communications between spokes over transit in the same region are routed outside the region. Regional awareness is achieved by appending regional network tags to virtual machines and adding regional routes to the gateways in the routing table using tags.

Global VPC enabled spokes can be deployed in a single region, multi-region, or hybrid configuration providing a variety of options for segmenting your workload traffic. A multi-region spoke VPC is a spoke VPC that has a pair of spokes in each region where workloads are deployed.

Multi-Region Spoke VPC

Multi-Region Spoke VPC

A regional spoke VPC is a spoke VPC with a unique group of spoke gateways, and workloads in one or more individual regions. Workloads outside the spoke gateway region can exit the VPC through the spoke gateways using Global VPC global routing tables.

Regional Spoke VPC

Regional Spoke VPC

You can deploy a hybrid configuration where the spoke VPC has more than one pair of spoke gateways, and workloads in a region with no spoke gateways. Workloads can communicate with other workloads in the same VPC, but they cannot communicate outside the VPC using the Aviatrix transit gateway. In this example, the us-east 1 gateways need to manually advertise subnets without gateways using the custom spoke advertise CIDR feature so that if the gateways are advertised the tagging is performed.

Hybrid Spoke VPC

Hybrid Spoke VPC

Enabling and Disabling GCP Global VPC

When global VPC is enabled, the spoke only advertises its own region to the transit network. It also makes changes to the routing tables and virtual machine tags to make the RFC 1918 traffic regional to the gateway.

To enable Global VPC tag routing:

  1. Go to Cloud Fabric > Gateways > Spoke Gateways > and select the gateway to be configured.

  2. Select the gateway in the Edit Spoke Gateway window and click on the Edit icon.

  3. Use the Global VPC button Gateway to turn Global VPC on or off for the selected gateway region.

  4. Click Save to save your spoke gateway configuration changes.

Tagging GCP Global VPC Spoke Gateways

To add and manage GCP Global VPC tags:

  1. Go to Cloud Fabric > Gateways > Settings > GCP Global VPC Configuration and click on the Modify button.

  2. Select the method of tagging for your Aviatrix gateways. There are three methods of tagging GCP spoke gateways:

    • Tag on Changes - Aviatrix recommends this method. Any time there is a configuration change to the gateway or connections to the gateway, Aviatrix reevaluates the tags in your environment and verifies all gateways are regionally aware of the changes and that the regions can communicate with each other.

    • Auto Tag - Aviatrix Controller monitors virtual machines launched in the VPCs and automatically adds tags for newly launched virtual machines in the VPC or removes tags for virtual machines removed from the VPC.

    • Manage Manually - You do all the tagging through the GCP console and Aviatrix becomes regionally aware of those tags.

  3. Optional. Exclude virtual machines connected to the gateway from GCP Global VPC routing by selecting them from the drop-down menu in the Modify GCP Global VPC Configuration window. Any virtual machines excluded from the Aviatrix tags are still accessible through the global routing tables.

  4. Optional. Use the notification button in the Modify GCP Global VPC Configuration window to start or stop notifications when instances are discovered and tagged in your global VPC environment.

  5. Click Save to save your Global VPC configuration changes.

Spokes using the Global VPC Routing for GCP feature cannot be connected to FireNet transit gateways.

Reapplying Tags to Sync VPC Subnets

Whenever new subnets are added, the Reapply Tags operation must be performed to sync VPC subnets to update the routing tables and add the routes to the newly deployed regions. This operation applies tags to new or existing virtual machines in the new region that haven’t been tagged.

The Reapply Tags operation can only be performed in Tag on Changes and Auto Tag configurations.

To reapply GCP Global VPC tags: Go to Cloud Fabric > Gateways > Settings > GCP Global VPC Configuration and click on the Reapply Tags button.