Saturday, May 20, 2023

HYBRID CONNECTIVITY, VPN, ROUTING, BGP






 HYBRID CONNECTIVITY: This is the connectivity between Google Cloud Platform and on-premises data centre. There are several ways to provide this connectivity, depending on enterprise bandwidth and latency requirements. 

INTERCONNECT

1. Dedicated Interconnect.

2. Partner Interconnect.

Clients that make use of workspaces, when it comes to communication you make use of partner peering.

PEERING

3. Direct peering 

4. Career / Partner Peering 

5. VPN

VPN: Virtual Private Network. It allows you to be able to share data from one open internet to another. for example, You can set up your connection from on-premises data centre to cloud via the VPN tunnel and the data is encrypted. VPN communication when it comes to the bandwidth is between 3 - 30GBPS. However, If your environment have a massive data to migrate VPN will not be the best choice. 

TWO OPTIONS OF VPN

This depends on the client preferences, when it comes to the actual data transmission.

Classic VPN: Allows you to set up one tunnel per direction. This is a one way connection from from on-premises to cloud environment. Classic VPN gateways provides an SLA of 9.99% service availability. If the data application is low classic VPN will be best to leverage. 

High Availability VPN : Google cloud gives you the options to boost the two or more tunnel and channels from on-premises to GCP infrastructure. You can use automatic or static external IP addressAnd if one of the environment goes down, other tunnels will be active and functional. You can use ACTIVE ACTIVE tunnel or ACTIVE PASSIVE tunnel. This only support dynamic routing. 

VPN TERMINOLOGY

Tunnel: Is the based security you configure. The IPsec and SSL are both protocols used for securing data in transit  through encryption. SSL is a protocol for web browser that encrypts, decrypts and authenticate all the data.

                     VPN GATEWAY

When you are setting up a connection from on-premises to cloud, you will need two gateways. One set-up on-premises and cloud. The gateway on-premises will be encrypting the data while the cloud gateway will be decrypting the data and this is done automatically before translating based on the IPSEC set up. 

Interfaces: The entry and exit point of data between gateways. You can have a gateways that has dual IP's and its represented by an IP. When you create a VM, you need an IP to communicate. It is your responsibility to know what IPS address from on-premises is managed 

Packets/Payload: It means the data that is communicating between gateways. 

                        ROUTING

Google Cloud provides static and dynamic routes.

Dynamic routing: During configuration process, you must create a cloud router to make that connection from on-premises to cloud infrastructure. Google cloud provides an internal BGP IP range 169.254.0.0/16, that you literally need to connect with VPN configuration. When it comes with the BGP intelligence, it provision more route which automatically integrate the communication with an autonomous system number to generates a seamless workload. 

Border Gateway Protocol:Allows you to be able to discover your IPS address automatically . It is based on a particular IP that google cloud provides and this will comes in when you're establishing tunnels. The IPs that will be assign to the interface, this will be based on BGP and the BGP makes use of the assign IP. 

Autonomous System Number (ASN): Is a globally unique number for autonomous system on the internet.

Static routing : You manually configure the integration from on-premises to cloud environment. 

                                
                           INTERCONNECT

Google gives you the ability to connect with the mini data center with the closet point of presence(edge location), which google will establish that connection. The interconnect uses google to communicate with data and cloud infrastructure. it also uses google
backbone network and its bandwidth is about 200 GBPS per sec for the dedicated solution and this is more than enough for any workload and this is for one single connection. It makes use of premium network because data travels through only google cloud. This is more expensive than partner interconnect. 

PROCESS OF  DEDICATED INTERCONNECT

You will go to the console and within the hybrid connectivity, you define the connectivity. The LOA CFA will capture the company name, address all the information will be provided into his documentation via email when you make the request through the console and then, you establish that connection. 

dedicated interconnect identifies co-location which makes you to integrate with other provider. 

          PARTNER INTERCONNECT
Google cloud partner with AT &T , CISCO and so on. In order to integrate with google network at the level of their network you go through ISP connection. It is cheap.

                  PEERING
Direct peering has a direct link to google and career peering you make use of ISP ( broker) And both make use of public IP's in a very secured manner. This workflow ensure workspace is included within your environment.


Referencing: Google Documentation.




at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

GRC

  How confident are you in your security program (Tools, systems, controls etc)? In the context of information security , the terms valida...