Tag: gcpcloud

multi-cloud networkingLeave a comment

GCP Routing Without Subtitles

rtrentin

Topology 1 Metric 100 comes from: Topology 2 Topology 3 CSR: Subnetworks 10.11.64-66 are on us-east1. Adding a new subnet to vpc001 but located in us-central1: 100.64.0.0/24 is advertised from central gateway. Topology 4 Default Config: Import/Export: Topology 5 CSR1000v RIB: Using the same AS vpc001 and vpc002 does not exchange routes. If we change vpc002 CR to a different AS (64515): Topology 6 Topology 7 Topology 8 References https://cloud.google.com/vpc/docs/using-routes#gcloud https://cloud.google.com/network-connectivity/docs/router/support/troubleshooting https://developer.hashicorp.com/terraform/tutorials/kubernetes/gke?in=terraform%2Fkubernetes&utm_offer=ARTICLE_PAGE https://cloud.google.com/vpc/docs/routes Continue reading GCP Routing Without Subtitles

multi-cloud networking1 Comment

“Terraform-ing” your way towards Secure Multi Cloud Networking with Aviatrix

rtrentin

I’m going to Terraform an entire Aviatrix deployment using terraform on this blog, mainly the controller and copilot. There is always discussion around the controller and copilot deployment using automation but I’m assume if you are reading this post you are already convinced. Management Network I’m creating a new management network and subnet. This step is not necessary but it helps validating that the gcp controller terraform module can deploy a controller into an existing vpc: Controller Deployment The module gcp-controller allows you to launch the Aviatrix Controller and create the Aviatrix access account connecting to the Controller in Google … Continue reading “Terraform-ing” your way towards Secure Multi Cloud Networking with Aviatrix

multi-cloud networkingLeave a comment

Using Aviatrix for Google Cloud VMware Services Secure Cloud Networking Part 1

rtrentin

Google Cloud VMware Engine VMware Engine is a Google managed VMware software-defined data center (SDDC). It consists of the following components:  VMware vSphere vCenter Server vSAN NSX-T HCX (application migration and workload re-balancing across data centers and clouds) VMWare Engine is not available in all regions. Check the regions where the service is available following the link below: https://cloud.google.com/about/locations/#americas I’m going to use central-1 for my tests. Configuration The first step is enable the VMware Engine API: Once the API is enable, you have access to the engine dashboard: I’m going to create a private cloud for testing with a single node: … Continue reading Using Aviatrix for Google Cloud VMware Services Secure Cloud Networking Part 1

multi-cloud networkingLeave a comment

Networking Snowflake on GCP with Aviatrix

rtrentin

Snowflake is a cloud based Software as a Service data platform. Snowflake’s architecture consists of three key layers: Database Storage: When data is loaded into Snowflake, Snowflake reorganizes that data into its internal optimized, compressed, columnar format. Snowflake stores this optimized data in cloud storage. Query Processing: Query execution is performed in the processing layer. Snowflake processes queries using “virtual warehouses”. Each virtual warehouse is an MPP compute cluster composed of multiple compute nodes allocated by Snowflake from a cloud provider. Cloud Services: a collection of services that coordinate activities across Snowflake. Services managed in this layer include: Authentication Infrastructure … Continue reading Networking Snowflake on GCP with Aviatrix

multi-cloud networkingLeave a comment

Providing Secure Cloud Networking for Google Vertex AI with Aviatrix

rtrentin

Using Aviatrix to secure cloud networking Vertex AI has several advantages such as: In this blog I show how to combine Vertex AI with a cloud network managed by Aviatrix. Aviatrix Overview Aviatrix is a cloud network platform that brings multi-cloud networking, security, and operational visibility capabilities that go beyond what any cloud service provider offers. Aviatrix software leverages AWS, Azure, GCP and Oracle Cloud APIs to interact with and directly program native cloud networking constructs, abstracting the unique complexities of each cloud to form one network data plane, and adds advanced networking, security and operational features enterprises require. FireNet … Continue reading Providing Secure Cloud Networking for Google Vertex AI with Aviatrix

multi-cloud networkingLeave a comment

Networking Google Cloud Build with Aviatrix

rtrentin

From Google Cloud Build overview documentation, Cloud Build executes builds (a build contains instructions for Cloud Build to perform tasks) as a series of build steps, where each build step is run in a Docker container. Executing build steps is analogous to executing commands in a script. Private pools Cloud Build by default runs in a secure, hosted environment with access to the public internet. Each build runs on its own worker and is isolated from other workloads. Private pools are dedicated pools of workers that can access resources in a private network. Private pools are hosted in a Google-owned … Continue reading Networking Google Cloud Build with Aviatrix

cloud networking, multi-cloud networking, thrid party integrationLeave a comment

Hybrid Google Cloud DNS Connectivity with Aviatrix

rtrentin

The following services are offered by gcp for name resolution: Internal DNS (169.254.169.254) is a service that automatically creates DNS names for virtual machines and internal load balancers on Compute Engine. Cloud DNS is a service providing DNS zone serving. Zones Cloud DNS supports public and private zones: Private zones have the following options: forward queries to another server DNS peering Manage reserve lookup zone Use a service directory namespace Cloud Networking Reference Architecture The Aviatrix FireNet reference architecture is described below: Hybrid approach with two authoritative DNS systems For hybrid environments there are a few options but the recommended … Continue reading Hybrid Google Cloud DNS Connectivity with Aviatrix

multi-cloud networkingLeave a comment

Running a GKE on top of an Aviatrix Secure Cloud Network – Part 2

rtrentin

Multi Cluster Systems (MCS) Aviatrix Overview Aviatrix is a cloud network platform that brings multi-cloud networking, security, and operational visibility capabilities that go beyond what any cloud service provider offers. Aviatrix software leverages AWS, Azure, GCP and Oracle Cloud APIs to interact with and directly program native cloud networking constructs, abstracting the unique complexities of each cloud to form one network data plane, and adds advanced networking, security and operational features enterprises require. FireNet Aviatrix Transit FireNet allows the deployment of 3rd party firewalls onto the Aviatrix transit architecture. Transit FireNet works the same way as the Firewall Network where … Continue reading Running a GKE on top of an Aviatrix Secure Cloud Network – Part 2

multi-cloud networking2 Comments

Deploying Aviatrix Controller and CoPilot on GCP behind Cloud Armor

rtrentin

Quick Overview The Aviatrix Cloud Network Platform consists of a centralized controller that is multi-cloud aware, intelligent cloud routers called gateways, and CoPilot, a day 2 platform providing visibility and analytics. An example of an Aviatrix managed deployment is provided below. The diagram below depicts the design I’m going to detail in the next sections: Aviatrix controller is exposed as a backend service through a external HTTPs classic load balancer the Load Balancer also protects the Controller against L2/L3/L4 exhaustion attacks Cloud DNS provides name resolution to the front end IPs of the load balancer Google Certificate Authority is used … Continue reading Deploying Aviatrix Controller and CoPilot on GCP behind Cloud Armor