Source URL: https://cloud.google.com/blog/products/networking/inter-network-communication-design-with-ncc-vpc-peering/
Source: Cloud Blog
Title: Inter-VPC connectivity architecture patterns in Cross-Cloud Network
Feedly Summary: Connecting hybrid environments to the cloud is a very important aspect of cloud architecture. In addition to connecting from on-premises environments, you also have multicloud environments that all need to communicate. In this blog we will look at some reference architectures for hub-and-spoke communication using Cross-Cloud Network.
The power of Cross-Cloud Network
As your cloud projects grow and you add additional networks, you need inter-network communication. Cross-Cloud Network provides a set of functionality and architectures for any-to-any connectivity leveraging Google’s software-defined global scaled backbone to connect your distributed applications.
Let’s look at two architectural patterns: one based on VPC Network Peering, and the other on Network Connectivity Center.
#1 – Inter-VPC communication with VPC Network Peering example pattern
To understand how to think about designing your network, let’s look at the flow of a packet from an external network to an application located in workload VPC network 1 located in Google Cloud. This design is focused on the use of VPC Network Peering. The network is composed of an external network (on-prem and other clouds), and the Google Cloud network (transit VPC, services access VPC, managed services VPC, workloads VPC).
This design uses the following services for its end-to-end solution:
Cloud Interconnect (Direct, Partner, Cross-Cloud) – To connect connect from your on-prem or other clouds to the transit VPC
Cloud VPN – To connect from service-access VPC to transit VPC and export custom routes from private services access network
VPC Network Peering – To connect from workload VPC to transit VPC
Private services access – To connect to managed services privately in the services access VPC
Private Service Connect – To expose services in the managed services VPC network to be consumed in the services access VPC
Network Connectivity Center VPC spokes – To allow communication between workload VPCs if necessary
To understand more specific details like route exchange and packet flow, please read the full architecture document reference guide: Cross-Cloud Network inter-VPC connectivity using VPC Network Peering.
aside_block
#2 – Inter-VPC communication with Network Connectivity Center
In this more modern design, we use Network Connectivity Center with a star configuration and interconnect spokes. To understand how to think about designing your network in this configuration, let’s look at the flow of a packet from an external network to an application located in the workload VPC 1.
The network consists of an external network (on-prem and other clouds), and the Google Cloud network (transit VPC, service access VPC, managed services VPC, Private Service Connect consumer VPC, and workload VPC).
This design uses the following services to provide an end-to-end solution.
Cloud Interconnect (Direct, Partner, Cross-Cloud) – To connect from your on-prem or other clouds to the transit VPC. In this case multiple external locations are connecting in different regions.
Cloud VPN – To connect from service access VPC to transit VPC and export custom routes from private services access network
VPC Network Peering – To connect from workload VPC to transit VPC
Private services access – To connect to managed services privately in the services access VPC
Private Service Connect – To expose services in the managed services VPC network to be consumed in the services access VPC and Private Service Connect consumer VPC with endpoints to service made available to connected peers.
Network Connectivity Center VPC spokes – To allow communication between workload VPCs if necessary
Network Connectivity Center topology – Utilizes preset topologies (choose mesh or star depending on your requirements)
To understand the specific details such as the Network Connectivity Center star topology, route exchange and packet flow, please read the full architecture document reference guide: Cross-Cloud Network inter-VPC connectivity using Network Connectivity Center.
Next steps
Take a deeper dive into network migration support and Cross-Cloud Network.
Document: Cross-Cloud Network for distributed applications
Document: Designing networks for migrating enterprise workloads: Architectural approaches
Want to ask a question, find out more or share a thought? Please connect with me on Linkedin.
Related Article
Networking support for AI workloads
In this blog we look at some of the benefits of the Cross-Cloud Network in supporting AI and HPC workloads, both managed and self-managed.
Read Article
AI Summary and Description: Yes
Summary: The text discusses the importance and architecture of connecting hybrid and multicloud environments using Web protocols like Cross-Cloud Network. It details two architectural patterns involving VPC Network Peering and Network Connectivity Center with implications for professionals in cloud infrastructure and security.
Detailed Description:
The provided text outlines essential strategies for establishing effective communication between hybrid environments and the cloud, particularly focusing on Google Cloud’s Cross-Cloud Network. The discussion includes technical architecture patterns and the services involved in creating secure and efficient connectivity between various Virtual Private Clouds (VPCs). This is highly relevant for security and compliance professionals who need to ensure data integrity and secure data transmission across different network configurations.
Key insights include:
– **Cross-Cloud Network**: A powerful solution for any-to-any connectivity through Google’s software-defined global backbone, enabling various cloud applications to communicate seamlessly.
– **Architectural Patterns**: Two specific patterns are covered:
– **Inter-VPC communication using VPC Network Peering**:
– Involves an external network connection to Google Cloud’s network.
– Services used include Cloud Interconnect, Cloud VPN, VPC Network Peering, and Private Service Connect, facilitating communication across different VPC structures.
– **Inter-VPC communication using Network Connectivity Center**:
– Utilizes a star design configuration.
– Similar services as in the first architecture but with an emphasis on connecting multiple external locations effectively.
– Highlights the benefits of designated topologies (mesh or star) for networking configurations.
– **Security Implications**: The specifics such as route exchange, packet flow, and private services access need to be meticulously understood to preserve security while maintaining communication.
– **Next Steps for Professionals**: The text suggests further exploration into network migration support and architectural approaches for migrating enterprise workloads, which are critical considerations for compliance and governance.
This information is crucial for professionals working in cloud security and infrastructure as it outlines foundational architectures, connectivity solutions, and strategic considerations needed to secure multi-cloud and hybrid environments effectively.