GCP Multi-Peer BGP over LAN Workflow

Introduction

Transit BGP to LAN allows Aviatrix Transit Gateways to communicate with multiple instances in the same VPC in GCP without running any tunneling protocol such as IPsec or GRE. One use case is to interoperate with third-party virtual appliances such as SD-WAN cloud instances that do not have the capability to support BGP over any tunneling protocols.

For example, integrating with SD-WAN gateways can be deployed as below, where Aviatrix Multicloud Transit Gateways connect to third-party cloud instances in the same VPC in GCP:

sd_wan_integ_gcp

This document describes a step-by-step instruction on how to build Aviatrix Transit Gateway to External Device using BGP over LAN. In this Tech Note, you will learn the following:

For other BGP over LAN workflows, see the documents below:

For more information about Multicloud Transit Network and External Device, see the documents below:

  • ActiveMesh 2.0 is required. To migrate to ActiveMesh 2.0, see Migrating from Classic Aviatrix Encrypted Transit Network to Aviatrix ActiveMesh Transit Network.

  • This solution is available in Azure when connecting to a single BGP peer. Multi-peer BGP is supported in GCP and AWS. The workflow with GCP here is just an example. Please adjust the topology depending on your requirements.

  • GCP does not allow interfaces to be added to an instance after deployment. Verify the design before creating the instances to make sure they have all the interfaces required.

The key ideas for this solution are:

  • A BGP session establishes between third-party cloud instances and Aviatrix Transit Gateways via each LAN interface in the same VPC.

  • Dataplane traffic also runs between third-party cloud instances and Aviatrix Transit Gateways via each LAN interface without a tunnel protocol such as IPsec or GRE.

Prerequisite

  • This feature is available starting in Aviatrix software version 6.6. Upgrade Aviatrix Controller to at least version 6.6.

  • Third-party cloud instance has high throughput supported.

Deploying Aviatrix Multicloud Transit Solution

Refer to Global Transit Network Workflow Instructions for the below steps. Please adjust the topology depending on your requirements.

  1. Deploy Aviatrix Multicloud Transit Gateway and HA with High Performance Encryption Mode encryption enabled in Transit VPC.

  2. Deploy Spoke Gateway and HA with High Performance Encryption Mode encryption enabled in Spoke VPC(s).

  3. Attach Spoke Gateways to Transit Network.

Launching Third-Party Cloud Instances

Deploy third-party cloud instances with an interface in the same VPC as the Aviatrix Transit Gateway.

  1. Create a third-party cloud instance and put MGMT interface in public gateway subnet.

  2. Create a new WAN subnet and dedicated routing table for WAN interface if needed.

  3. Create a new LAN subnet and a dedicated routing table for the LAN interface.

  4. Make sure the IP forwarding function is enabled on the third-party cloud instances.

GCP allows a maximum of 8 interfaces per instance, and the max limit depends on the number of vCPUs. Due to this limitation, the solution supports 7 BGP peers without FireNet enabled and 6 BGP peers with FireNet enabled.

Building BGP over LAN

Deploy the Aviatrix Transit Gateway with all the required BGP interfaces.

  1. Log in to the Aviatrix Controller.

  2. Navigate to Multi-Cloud Transit > Setup > Transit tab.

  3. Set the parameters to deploy the Aviatrix Transit Gateway.

Cloud Type GCloud

Gateway Name

Provide a unique name to identify the Transit Gateway

Access Account Name

Select the appropriate GCP account

VPC ID

Select the VPC where the Transit Gateway will be deployed

Public Subnet

Select the subnet the Transit Gateway interface will use

Zone

Select the Availability Zone where the Transit Gateway will be deployed

Gateway Size

Select an instance size that allows interfaces to be created for all BGP peers

High Performance Encryption Mode

Check this box to enable high throughput

BGP over LAN

Check this box and then Add Interface for all BGP peers

transit_bgp_over_lan_gcloud

Enable HA on the Aviatrix Transit Gateway, deploying the HA Gateway in a different Availability Zone.

transit_bgp_over_lan_gcloud_ha

Configuring BGP over LAN on Aviatrix Transit Gateway

  1. Log in to the Aviatrix Controller.

  2. Navigate to Multi-Cloud Transit > Setup > External Connection tab > Connect to VGW / External Device / Azure VNG section.

  3. Select the options External Device > BGP > LAN.

  4. Enter the following information in the fields below.

VPC Name / Site ID

Select the Transit VPC ID where the Transit Gateway was deployed.

Connection Name

Provide a unique name to identify the connection to external device.

Aviatrix Gateway BGP ASN

Configure a BGP AS number that the Transit Gateway will use to exchange routes with the external device.

Primary Aviatrix Gateway

Select the Transit Gateway.

Enable Remote Gateway HA

Check this box to connect two external devices.

BGP Activemesh

Check this box to enable full mesh BGP connections to the external devices.

Remote BGP AS Number

Configure the BGP AS number that the third-party cloud instance will use to exchange routes with the Aviatrix Transit Gateway.

Remote LAN IP

Use the private IP of the LAN interface of the third-party cloud primary instance.

Local LAN IP

If blank, the controller will assign an IP in the same subnet as the Remote LAN IP. Optionally, configure a specific IP within the same subnet as the Remote LAN IP.

Remote BGP AS Number (Backup)

Configure the BGP AS number that the third-party HA cloud instance will use to exchange routes with the Aviatrix HA Transit Gateway.

Remote LAN IP (Backup)

Use the private IP of the LAN interface of the third-party HA cloud instance.

Local LAN IP (Backup)

If blank, the controller will assign an IP in the same subnet as the Remote LAN IP (Backup). Optionally, configure a specific IP within the same subnet as the Remote LAN IP (Backup).

  1. Click Connect to generate the BGP sessions.

transit_s2c_conn_bgp_peer_gcloud
  1. Create a Site2Cloud connection for each BGP peer.

(Optional) Downloading the BGP over LAN configuration sample from Aviatrix Controller

  1. Navigate to Site2Cloud > Setup.

  2. Select the previously created connection(s).

  3. Click Edit.

  4. Select the Vendor, Platform and Software that correspond to the third-party device.

  5. Click Download Configuration.

Configuring BGP over LAN on the Third-Party Cloud Instance(s)

  1. (Optional) Open the downloaded BGP over LAN configuration file.

  2. Configure the relevant BGP over LAN information on the third-party cloud instance(s).

Verifying the Connection Status on Aviatrix Controller

  1. Navigate to Site2Cloud > Setup.

  2. Find the previously created connection(s).

  3. Check the tunnel status.

transit_check_tunnel_gcloud
  1. Navigate to Multi-Cloud Transit → List.

  2. Select the previously created Aviatrix Transit Gateway.

  3. Click Details/Diag.

  4. Scroll down to the Connections > On-prem Connections section.

  5. Under On-prem Connections, find the previously created connection(s).

  6. Check the tunnel status in the Status column.

transit_verify_bgp_status_onprem_gcloud

Verifying the BGP session status on Aviatrix Controller

  1. Navigate to Multi-Cloud Transit > BGP.

  2. Find the previously created connection(s).

  3. Check the Neighbor status.

transit_verify_bgp_status_gcloud

Ready to Go

At this point, run connectivity and performance test to ensure everything is working correctly.