This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Transitive routing

Posted on 11-25-2021 04:57 AM
marcbiggar23
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

We currently have a Dedicated Interconnect and some VPNs connecting on-prem to a GCP VPC(VPC-A). We also have a peering connection between VPC-A and VPC-B(shared vpc).

 

My question is...Can servers from our on-premise network reach resources deployed into VPC-B, or will the "transitive routing rule" prevent this from happening. 

 

What other options are available if that is the case.

 

Thanks 

marc 

0 5 3,638
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
cloudpaul
Staff
Reply posted on --/--/---- --:-- AM

Hi @marcbiggar23,

As a rule, transitive peering is not supported. This means any two networks that are not directly peered are not able to communicate with each other.

You could use a proxy-style setup where On-Prem connects to a proxy in NetA that then makes the connection to NetB.

Can you clarify if the connection between A and B is a peering connection or a Shared VPC setup? They are quite different modes of connection. This may assist someone in helping you further.

0 Likes

Posted on --/--/---- --:-- AM
marcbiggar23
Bronze 1
Bronze 1
In response to cloudpaul
Reply posted on --/--/---- --:-- AM

It's a peering connection from A to B with B being a Shared VPC for developers to take advantage of the network resources. 

The following docs seem to suggest I can do it, as since I am exporting custom routes,  so peered VPC networks can also connect to my on-premises network

https://cloud.google.com/vpc/docs/vpc-peering#on-premises_access_from_peer_network

 

Also worth noting, that I have just advertised the on-prem networks into the dedicated interconnect and VPNS (which connect to VPC A) and I can see the networks on the imported routes section of the VPC peering config on VPC B

0 Likes

Posted on --/--/---- --:-- AM
dham_kannan
New Member
Reply posted on --/--/---- --:-- AM

Hi Marc, Were you able to find a solution

0 Likes

Posted on --/--/---- --:-- AM
jstrs
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We have this working by using a central VPC connected to on-premises and setting "export custom routes" on all peerings to developer VPCS and "import custom routes" on the dev VPCs side.

Using shared VPC for everything. Only case where this doesn't work is when the service runs on a provider-side VPC like GKE,Atlas,Cloud SQL.
In this case we either have to access from public IP/proxy or connect the peering to our central VPC.

0 Likes

Posted on --/--/---- --:-- AM
dusty_dev
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

If we use HA VPN instead of VPC peering between our VPCs, what additional steps do I need to do so I can advertise on prem prefixes learned in the hub VPC to spoke VPCs (interconnected with HA VPN).

0 Likes