Abstract: This article delves into setting up a dynamic routing Site-to-Site VPN between AWS and Google Cloud Platforms, addressing key setup considerations, benefits, and challenges, enabling seamless interconnectivity between these two prominent cloud service providers.
The article covers the Site-to-Site Tunnel configuration between AWS Managed VPN and Google Cloud Platform (GCP), using dynamic BGP routing protocol. This article will be helpful to engineers who are looking to incorporate multi-cloud architecture to have high availability setup.
Prerequisite:
- Configure VPC network and its firewall rules on Google Cloud Platform side.
- Configure Virtual Private Cloud, subnets, and routing on AWS side.
Architecture:
While this can be implemented programmatically on both ends, I chose to use the console since it better helps understand the process easily.
Configuration on GCP side:
1. Navigate to the “Hybrid connectivity” and create “Cloud router”
2. Navigate to the “Hybrid connectivity” and create “High-Availability VPN Gateway”
Once, High-Availability VPN Gateway is created, we get two interface IPs (check below screenshot) which we can use them as customer gateway IPs on AWS side. Here, I am using only one interface IP: 35.242.2.145 as I am configuring single VPN connection on AWS side.
Configuration on AWS side:
3. Create a Customer Gateway in the AWS VPC console
4. Create a Virtual Private gateway in the AWS VPC console
5. Create a site-to-site VPN connection in the AWS console by specifying the Customer gateway (created in step 3) and Virtual private gateway (Created in step 4).
Under "Advanced Options for Tunnel 1", disabled ikev1 and enabled ikev2 with advanced encryption algorithms. Enabling advanced encryption algorithms is optional. You can disable some algorithms if you don’t want to us as I did in below screenshot.
6. Download the generic VPN configuration file from AWS VPN console.
Return to GCP console and configure VPN Gateway using downloaded configuration file
---------------------------------------------------------------------------------------------
7. Configure VPN connection by creating a peer VPN Gateway on GCP Console
- Configure BGP on GCP side:
Tunnel and BGP status is UP on GCP side:
Tunnel and BGP UP on AWS Console:
Bi-directional Connectivity test
Ping test from GCP to AWS:
Ping test rom AWS to GCP: