Can Cloud VPN connect to on-prem through the Internet without Cloud Router?

Google Cloud Compute Infrastructure
,
1

Hi, this is an update my former post.
https://www.googlecloudcommunity.com/gc/Infrastructure-Compute-Storage/How-can-I-connect-Cloud-Router-to-Cloud-VPN/td-p/616321

Please let me post a new question.
It founds the Partner needs more time than I have thought (because of it’s summer).
So I would like to use the Internet between GCP and On-prem.

And I guess if Cloud VPN has a public IP, it can connect VPN tunnel to on-prem without Cloud Router,
Or does it require BGP on a Cloud Router as underlayer?
*I mean it will be placed between Cloud VPN and Internet on the structure below.

■Physical
(GCP)Cloud VPN — ((*Cloud Router???)) — (Internet) — (On-Prem)
■Underlay
the Internet (a public IP for VPN on Cloud VPN)

Best regards,

1 Like
2

Hi @Thomasaw ,

To answer this question, yes, it needs a Cloud Router (Dynamic) for the routing options. When setting up a dynamic VPN a Cloud Router is used to facilitate the communication and routing between the on-premises network and the GCP network.

You can also refer to this documentation for the explanation.

2 Likes
3

Hi @Marvin_Lucero

Thank you for your reply.

In case of using Classic VPN, it needs Cloud Router and to run BGP. On the other hands, does it also need Cloud Router and BGP on HA VPN?

It seems to be necessary from documents regarding to HA VPN like:

https://cloud.google.com/network-connectivity/docs/vpn/how-to/configuring-peer-gateway

However in my thought, that BGP is for a routing between VPC and a peer(includes on-prem), so VPN simply connects to a peer through the Internet, right?

I have dedicated to a on-prem network for a long time, so this cloud topology is still difficult.

I appreciate all of you who teach and help me a lot.

Best regards,

1 Like
4

Hi @Thomasaw ,

Let me give you a comparison :

Classic VPN:

  • uses a single VPN gateway
  • requires the use of Cloud Router (BGP)

HA VPN :

  • uses two VPN gateways in separate regions
  • also requires the use of Cloud Router and BGP for route advertisement between your on-premises network and the VPC network

In both situations, Cloud Router and BGP are utilized to share routes and handle the dynamic path selection between your local network and your GCP Virtual Private Cloud (VPC). This helps your networks to understand each other’s paths and effectively guide the flow of data.

So, to address your question: Yes, both Classic VPN and HA VPN rely on Cloud Router and BGP to dynamically manage routes and share information between your local network and your GCP VPC. The key distinction is that HA VPN offers added redundancy and architecture compared to Classic VPN.

2 Likes
5

Hi @Marvin_Lucero ,

Your very kind explanations help me understanding HA VPN and BGP, thank you.

I have comprehended why on the process of creating HA VPN, we have to create Cloud Router; to guarantee a redundancy route between a local site network and a peer site network.

Best regards,

2 Likes