# How to set up a VPN connection between GCP (HA) and Azure (Active-Active) with BGP?

# Introduction
 
In GCP HA VPN and Azure Active-Active configuration, we need two separate peer VPN devices where each peer device has its own external IP address. The bandwidth of a GCP VPN tunnel is 3Gbps per tunnel while Azure is based on a gateway SKU. 

We will set up two VMs, one in each cloud for testing. After setup, we should be able to ping each other VMs using private IP.  
 
>  You can watch the demo on my [youtube channel](https://youtu.be/HVcmIN9npHY)

# Steps
1. ### Set up two VMs, one in GCP and one in Azure
2. ### Ping from one VM to another VM using the private IP  
3. ### Set up VPN Gateway and tunnels in GCP and Azure
4. ### Ping between two VMs to test

### Set up two VMs, one in GCP and one in Azure

- Set up VM in Azure
First I created gcpazrs  Resource groups in Azure and added VNET (192.168.0.0/16) with subnet 192.168.1.0/24 in the US East region. You also need a "GatewaySubnet" which is required by Azure for VPN. I added that subnet too.
Using 192.168.1.0/24 subnet I created a Linux VM, which had a private IP 192.168.1.4.  
- Set up VM in GCP
I created a project gcp-az-vpn in GCP. I also add a custom VPC network and a 10.10.0.0/23 subnet in the US east region.
Created one VM in the same region which had a private IP 10.10.0.2.

### Ping from one VM to another VM using the private IP  
 
Ping from 192.168.1.4 (GCP VM) to 10.10.0.2 (Azure) and from 10.10.0.2  to 192.168.1.4 should fail.

### Set up VPN Gateway and tunnels in GCP and Azure

- Create two public IP addresses in Azure for the Network gateway. GCP creates public IPs automatically when we create a VPN gateway.

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654473803781/M5YNER2Q3.png align="left")

- Set up a Cloud HA VPN gateway in GCP
We will use GCP ASN 65001 and Azure 65002. Also, Azure has restrictions to use only 169.254.21.* and 169.254.22.* addresses for BGP link-local addresses. 
For GCP we will use 169.254.21.1 and 169.254.22.1 and in Azure, we will use 169.254.21.2 and  169.254.22.2 for BGP link-local address addresses.

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654378370462/HaUzUSr96.png align="left")

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654378443708/UQoqFernX.png align="left")
 
![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654379830794/vGQCEWe0m.png align="left")

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654379887601/m_moDAcl4.png align="left")


![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654379943627/6BK17DDJy.png align="left")

We will not set the GCP BGP Configuration yet. 

- Set up an Active-Active Azure Virtual Network gateway

Azure Virtual network gateway setup takes time to finish.

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654473938903/xj3scNeZ4.png align="left")

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654473996861/yksW9Ip64.png align="left")

- Set up two local network gateway

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654474321343/cjPzEjoZr.png align="left")

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654474350496/dMo3bEajB.png align="left")

- Set up two connections (tunnels) in the Virtual network gateway

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654474583294/yyspS2XkV.png align="left")
- CONFIGURE BGP SESSION in GCP

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654474767338/Z5guzTqF0.png align="left")

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654474830199/baU9Uo5H5.png align="left")

After successfully setting up the above steps, you should see connections Established.

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654474876516/pj-Y2R8LC.png align="left")
### Ping between two VMs to test

The last step is to check the connections and the connection should be successful. 

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654475033804/6kkI3VCEw.png align="left")

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1654475097671/C7rdwu3tj.png align="left")
# Conclusion
The process is straightforward as long as you plan link-local IP addresses and ASN numbers.  
I didn't put the picture of many second steps as it's the same but I have put the whole setup video on [youtube](https://youtu.be/HVcmIN9npHY).






