Configure BGP for Google Cloud Connections

Before you begin, ensure the following:

  • You have completed the steps outlined in Add a Google Partner Interconnection to a Cloud Router.

  • You know the ASN you specified when creating your PacketFabric Cloud Router. If you aren’t sure which ASN you used, you can find it listed on the PacketFabric Cloud Router details page.

Configure BGP in the Google Cloud Console

  1. After you accept the connection, its status changes to BGP configuration needed.

    Screenshot of the BGP status and action in Google Cloud Console

  2. Click Configure BGP.

  3. In the Edit BGP Session window, enter the ASN you specified when creating the PacketFabric Cloud Router.

    You can find this in the PacketFabric portal on the Cloud Router details page or on the BGP Settings page of the connection.

  4. You can leave all other fields with their default settings. By default, the VLAN attachment will advertise whatever routes the Google Cloud Router advertises. If you would like to customize this, you can do so now or modify the session later.

  5. Click Save and continue.

Gather information from Google Cloud

You will use the following fields when configuring BGP:

  • Cloud Router IP
  • On-premises router IP

Screenshot of the VLAN attachment

Add BGP information to the Cloud Router connection

  1. After completing the steps above, return to the Cloud Routers page in the PacketFabric portal.

  2. Click the connection to open its side panel.

  3. Under BGP Sessions, click Create New Session.

    Screenshot of the Create New Session action

Complete the following fields:

BGP Settings
  • Header row
    • Field
    • Description
  • Row 1
    • PacketFabric ASN

    • This is the ASN you specified when creating your PacketFabric Cloud Router. You cannot edit this field.

      After you accept the VLAN from the Google side, you need to enter this ASN into the Peer ASN field of the BGP settings. See Configure BGP in the Google Cloud Console above.

  • Row 1
    • Google ASN

    • This is the ASN set on the Google Cloud Router. Enter 16550.

      NOTE: If you are adding multiple Google Cloud connections to a single PacketFabric Cloud Router and also plan to route between those connections, then only one can have the 16550 ASN. You must configure a private ASN for subsequent connections. See Private Google-side ASN workaround below.
  • Row 1
    • PacketFabric Router Peer IP
    • Enter the On-premises router IP generated with the VLAN attachment.
  • Row 1
    • Google Router Peer IP
    • Enter the Cloud Router IP generated with the VLAN attachment.
  • Row 1
    • Multihop TTL

    • The value you enter depends on the Dataplane version used by the Google Cloud VLAN attachment:

      • If it is using Dataplane version 2 or later, enter 1.
      • If it is using Dataplane version 1, then enter 4.

      To find the Dataplane version, use the gcloud compute interconnects attachments describe command.

      If the command returns a dataplaneVersion field, then the version will be 2 or higher. If the command does not return a dataplaneVersion field, this indicates that the Dataplane version is 1.

  • Row 1
    • Allow longer prefixes

    • This applies to the allowed incoming and outgoing prefixes that you list below.

      For example, say you list 172.16.2.0/24 as an allowed incoming prefix. You have three other cloud connections with the following outgoing prefixes:

      Connection A: 172.16.2.0/24
      Connection B: 172.16.0.0/16
      Connection C: 172.16.2.128/25

      If you do not select this option, only routes from Connection A are allowed.

      If you select this option, the routes from Connection A and Connection C are allowed.

BFD settings
NOTE: BFD is not supported with a multihop configuration, meaning that the Multihop TTL field must be set to 1. This also means that BFD is not supported for VLAN attachments using Dataplane version 1 (see above).

Select Enable BFD to enable Bidirectional Forwarding Detection (BFD) for this connection.

When BFD is enabled, test packets are periodically sent to BGP peers. If a peer fails to reply after a specified interval and number of attempts, the BGP session shuts down.

On its own, BGP will take about 90 seconds to detect a failure and shut down. With BFD, you can detect failures significantly faster.

Interval
The interval (in milliseconds) at which to send test packets to peers. The default is 300 ms, and you can enter a value from 3 to 30000 ms.
Multiplier
The multiplier is the number of consecutive packets that can be lost before BFD considers a peer down and shuts down BGP. The default is 3, and you can enter a value from 2 to 16.
NAT settings

This option appears if you selected a NAT-capable on-ramp.

Prefixes to NAT
The prefixes from the cloud that you want to associate with the NAT pool.
NAT Pool Prefixes
All prefixes that are NATed on this connection will be translated to the pool prefix address.
If this connection uses a public IP address, then this field is autofilled with the PacketFabric router prefix with /32.
If this connection uses a private IP address, then manually enter a /32 prefix that is different than the router peer IPs you entered above.
Allowed prefixes to cloud

This is a list of addresses that you want to allow into your Google Cloud VPC. These can be addresses from other cloud service providers or from a different Google Cloud VPC.

If you are using NAT, this is pre-populated with the PacketFabric router peer IP.

  • Row
    • Field
    • Description
  • Row
    • ASN prepend

    • Number of additional times to add the ASN to the BGP path, resulting in a higher path length.

      Routes with higher path length (a higher ASN prepend value) have a lower priority.

  • Row
    • MED

    • The multi-exit discriminator (MED) value.

      When the same route is advertised in multiple locations, those with a lower MED are preferred by the peer AS.

  • Row
    • Prefix/Mask
    • Enter an allowed IP address range in CIDR format. You can add up to 1000 prefixes.
Allowed prefixes from cloud

This is a list of addresses from within the attached Google Cloud environment that you want to advertise to other clouds. This can include the VPC internal space and any routes you have created.

  • Row
    • Field
    • Description
  • Row
    • Local preference
    • When the same route is received in multiple locations, those with a higher local preference value are preferred by the PacketFabric Cloud Router.
  • Row
    • Prefix/Mask
    • Enter an allowed IP address range in CIDR format. You can add up to 1000 prefixes.

Google-side ASN workaround

When creating a VLAN attachment, you are required to select a Google Cloud Router with ASN 16550. However, some routing scenarios require a private Google-side ASN.

Example 1: You are routing traffic between an AWS environment and two Google Cloud environments. Routes are only exchanged between AWS and Google Cloud. In this case, both Google Cloud Routers can have ASN 16550.

AWS to Google routing

Example 2: You are routing traffic between an AWS environment and two Google Cloud environments. Routes are exchanged between AWS and Google Cloud, as well as from one Google Cloud VPC to another. In this case, only one of the Google Cloud Routers can have ASN 16550.

AWS to Google routing

Use the following steps to associate a private ASN with a VLAN attachment:

  1. Create a Google Cloud Router with ASN 16550.

  2. Create a VLAN attachment and associate it with the Google Cloud Router.

  3. Edit the Google Cloud Router and modify the ASN to a value within the 64512-65534 range.

Annotated screenshots

Router IP addresses

Mapping IP fields between Google Cloud Console and PacketFabric portal

ASNs

Mapping ASN fields between Google Cloud Console and PacketFabric portal