How to set up a VPN connection between GCP (HA) and Azure (Active-Active) with BGP?
Table of contents
- Introduction
- Steps
- Set up two VMs, one in GCP and one in Azure
- Ping from one VM to another VM using the private IP
- Set up VPN Gateway and tunnels in GCP and Azure
- Ping between two VMs to test
- Set up two VMs, one in GCP and one in Azure
- Ping from one VM to another VM using the private IP
- Set up VPN Gateway and tunnels in GCP and Azure
- Ping between two VMs to test
- Conclusion
Introduction
In GCP HA VPN and Azure Active-Active configuration, we need two separate peer VPN devices where each peer device has its own external IP address. The bandwidth of a GCP VPN tunnel is 3Gbps per tunnel while Azure is based on a gateway SKU.
We will set up two VMs, one in each cloud for testing. After setup, we should be able to ping each other VMs using private IP.
You can watch the demo on my youtube channel
Steps
Set up two VMs, one in GCP and one in Azure
Ping from one VM to another VM using the private IP
Set up VPN Gateway and tunnels in GCP and Azure
Ping between two VMs to test
Set up two VMs, one in GCP and one in Azure
- Set up VM in Azure First I created gcpazrs Resource groups in Azure and added VNET (192.168.0.0/16) with subnet 192.168.1.0/24 in the US East region. You also need a "GatewaySubnet" which is required by Azure for VPN. I added that subnet too. Using 192.168.1.0/24 subnet I created a Linux VM, which had a private IP 192.168.1.4.
- Set up VM in GCP I created a project gcp-az-vpn in GCP. I also add a custom VPC network and a 10.10.0.0/23 subnet in the US east region. Created one VM in the same region which had a private IP 10.10.0.2.
Ping from one VM to another VM using the private IP
Ping from 192.168.1.4 (GCP VM) to 10.10.0.2 (Azure) and from 10.10.0.2 to 192.168.1.4 should fail.
Set up VPN Gateway and tunnels in GCP and Azure
- Create two public IP addresses in Azure for the Network gateway. GCP creates public IPs automatically when we create a VPN gateway.
- Set up a Cloud HA VPN gateway in GCP We will use GCP ASN 65001 and Azure 65002. Also, Azure has restrictions to use only 169.254.21. and 169.254.22. addresses for BGP link-local addresses. For GCP we will use 169.254.21.1 and 169.254.22.1 and in Azure, we will use 169.254.21.2 and 169.254.22.2 for BGP link-local address addresses.
We will not set the GCP BGP Configuration yet.
- Set up an Active-Active Azure Virtual Network gateway
Azure Virtual network gateway setup takes time to finish.
- Set up two local network gateway
- Set up two connections (tunnels) in the Virtual network gateway
- CONFIGURE BGP SESSION in GCP
After successfully setting up the above steps, you should see connections Established.
Ping between two VMs to test
The last step is to check the connections and the connection should be successful.
Conclusion
The process is straightforward as long as you plan link-local IP addresses and ASN numbers.
I didn't put the picture of many second steps as it's the same but I have put the whole setup video on youtube.