I’m looking to understand the limitations of Cloud Interconnect, Private Service Connect and VLAN attachments to a consumer VPC network.
The application I’m working with has two services: 1) a HTTPS service, and 2) a custom protocol running over TCP.
The customer requires that traffic not traverse the public internet and that they have control over the IPv4 addressing and ACLs. They’ll be using a cloud interconnect to reach GCP, terminating it as a VLAN attachment into a VPC network under their control.
To expose our services I configured an internal HTTPS loadbalancer, and an internal TCP loadbalancer. Then configured two private service connect published services. Below is a diagram of what this looks like.
To test I substituted the cloud interconnect with a cloud VPN; everything seemed to work good. However, I’m concerned about this wording on a doc page covering PSC.
You cannot send requests from an on-premises environment that is connected to a VPC using Cloud Interconnect attachments (VLANs) to a Private Service Connect endpoint that is used to access services in another VPC network.
https://cloud.google.com/vpc/docs/configure-private-service-connect-services
This would indicate that I can’t use the above architecture. Am I understanding this limitation correctly? Any good workarounds short of asking the customer to deploy VMs in their VPC network to act as set of loadbalancers or proxies.