Configure BGP for Google Cloud Connections

Before you begin, ensure the following:

  • You have completed the steps outlined in Add a Google Partner Interconnection to a Cloud Router.

  • You know the ASN you specified when creating your PacketFabric Cloud Router. If you aren’t sure which ASN you used, you can find it listed on the PacketFabric Cloud Router details page.

Configure BGP in the Google Cloud Console

  1. After you accept the connection, its status changes to BGP configuration needed.

    Screenshot of the BGP status and action in Google Cloud Console

  2. Click Configure BGP.

  3. In the Edit BGP Session window, enter the ASN you specified when creating the PacketFabric Cloud Router.

    You can find this in the PacketFabric portal on the Cloud Router details page or on the BGP Settings page of the connection.

  4. You can leave all other fields with their default settings. By default, the VLAN attachment will advertise whatever routes the Google Cloud Router advertises. If you would like to customize this, you can do so now or modify the session later.

  5. Click Save and continue.

Gather information from Google Cloud

You will use the following fields when configuring BGP:

  • Cloud Router IP
  • On-premises router IP

Screenshot of the VLAN attachment

Add BGP information to the Cloud Router connection

After completing the steps above, return to the Cloud Routers page in the PacketFabric portal.

If you have not yet configured a BGP session, you will see the Configure BGP action from the Cloud Routers table:

Screenshot of the Configure BGP action

If you have configured the BGP session but wish to make changes, you can access the BGP settings from the BGP Sessions page or by clicking the connection to open its side panel.

From here, click Manage BGP or click the view icon under BGP Sessions:

Screenshot of the Configure BGP action

Complete the following fields:

BGP settings
  • Header row
    • Field
    • Description
  • Row 1
    • PacketFabric ASN

    • This is the ASN you specified when creating your PacketFabric Cloud Router. You cannot edit this field.

      After you accept the VLAN from the Google side, you need to enter this ASN into the Peer ASN field of the BGP settings. See Configure BGP in the Google Cloud Console above.

  • Row 1
    • Google ASN

    • This is the ASN set on the Google Cloud Router. Enter 16550.

      NOTE: If you are adding multiple Google Cloud connections to a single PacketFabric Cloud Router and also plan to route between those connections, then only one can have the 16550 ASN. You must configure a private ASN for subsequent connections using a private ASN from 64512-65534 (2 byte) or 4200000000-4294967294 (4 byte). See Private Google-side ASN workaround below.
  • Row 1
    • PacketFabric Router Peer IP + Mask (CIDR notation)
    • Enter the On-premises router IP generated with the VLAN attachment.
  • Row 1
    • Google Router Peer IP + Mask (CIDR notation)
    • Enter the Cloud Router IP generated with the VLAN attachment.
  • Row 1
    • BGP Authentication Key
    • Optionally, you can include an MD5 authentication key.
  • Row 1
    • Multihop TTL

    • The value you enter depends on the Dataplane version used by the Google Cloud VLAN attachment:

      • If it is using Dataplane version 2 or later, enter 1.
      • If it is using Dataplane version 1, then enter 4.

      To find the Dataplane version, use the gcloud compute interconnects attachments describe command.

      If the command returns a dataplaneVersion field, then the version will be 2 or higher. If the command does not return a dataplaneVersion field, this indicates that the Dataplane version is 1.

BFD settings
NOTE: BFD is not supported with a multihop configuration, meaning that the Multihop TTL field must be set to 1. This also means that BFD is not supported for VLAN attachments using Dataplane version 1 (see above).

Select Enable BFD to enable Bidirectional Forwarding Detection (BFD) for this connection.

When BFD is enabled, test packets are periodically sent to BGP peers. If a peer fails to reply after a specified interval and number of attempts, the BGP session shuts down.

On its own, BGP will take about 90 seconds to detect a failure and shut down. With BFD, you can detect failures significantly faster.

  • Row
    • Field
    • Description
  • Row
    • BFD Interval
    • The interval (in milliseconds) at which to send test packets to peers. The default is 300 ms, and you can enter a value from 3 to 30000 ms.
  • Row
    • BFD Multiplier
    • The multiplier is the number of consecutive packets that can be lost before BFD considers a peer down and shuts down BGP. The default is 3, and you can enter a value from 2 to 16.
Session settings

These settings apply to all the prefixes you list below.

You can also set these on per-prefix basis. Settings specified on the prefix level override the session-level setting for that particular prefix.

You can leave these fields empty to accept the default values.

  • Header row

    • Field
    • Description
  • Row 1

    • AS Prepend

    • Number of additional times to add the ASN to the BGP path, resulting in a higher path length. Allowed values are integers from 0 to 5.

      Routes with higher path length (a higher ASN prepend value) have a lower priority.

  • Row 1

    • MED

    • The multi-exit discriminator (MED) value. Allowed values are integers from 0 to 4294967295.

      When the same route is advertised in multiple locations, those with a lower MED are preferred by the peer AS.

  • Row 1

    • Local Preference
    • When the same route is received in multiple locations, those with a higher local preference value are preferred by the PacketFabric Cloud Router. Allowed values are integers from 0 to 4294967295.
  • Row 1

    • Allow longer prefixes

    • This applies to all the allowed incoming and outgoing prefixes that you list below. You can also specify this on a per-prefix basis.

      For example, say you list 172.16.2.0/24 as an allowed incoming prefix. You have three other cloud connections with the following outgoing prefixes:

      Connection A: 172.16.2.0/24
      Connection B: 172.16.0.0/16
      Connection C: 172.16.2.128/25

      If you do not select this option, only routes from Connection A are allowed.

      If you select this option, the routes from Connection A and Connection C are allowed. (Any IPs from 172.16.2.0/24 to 172.16.2.0/32 are allowed.)

  • Row 1

    • Network Address Translation

    • These options appear if you opted for NAT capability when creating the connection.

      If you do not see these options or they are greyed out, your connection is not NAT capable.

      Source NAT – Translate the source IP address. For example, you can translate a pool of private IP addresses to a public IP address in order to reach an external resource that only accepts public IPs.

      Destination NAT – Translate the destination IP address. For example, if you need to translate a public IP address to a private IP addresses in your network. This may be necessary if you plan to make the connection exportable via Quick Connect.

Source NAT settings
  • Row
    • Field
    • Description
  • Row
    • Source NAT Direction

    • Egress: Egress SNAT. Traffic leaving the Cloud Router and entering your on-premises/cloud network will be subject to source NAT.

      You would typically use this to translate private IP addresses to a public NAT pool as traffic exits your network. For example, 192.168.1.0/24 to 185.161.1.5/32.

      Ingress: Ingress SNAT. Traffic leaving your on-premises/cloud network and entering the Cloud Router will be subject to source NAT.

      You would typically use this to translate public IP addresses to a private NAT pool when directing traffic elsewhere in your network.

  • Row
    • Prefixes to NAT
    • The prefixes from your on-premises environment that you want to associate with the NAT pool.
  • Row
    • NAT Pool Prefixes

    • All prefixes that are NATed on this connection will be translated to the pool prefix address.

      If this connection uses a PacketFabric-assigned public IP address, then this field should be pre-populated with a newly generated /32 public IP.

      If this connection uses a private IP address, then enter a /32 prefix that is different than the router peer IPs you entered above and not used on any of your other Cloud Router connections.

Destination NAT settings
  • Row
    • Field
    • Description
  • Row
    • Pre-translation IP prefix
    • The destination IP prefix that you want translated via DNAT.
  • Row
    • Post-translation IP prefix
    • The destination IP prefix into which you want DNAT to translate your original (pre-translation) destination IP.
  • Row
    • Conditional IP prefix

    • Optional. The prefix being received must fall within the conditional prefix range before the Cloud Router will advertise the pre-translation prefix.

      Note that the post-translation prefix must be equal to or included within conditional IP prefix.

Allowed prefixes to cloud

This is a list of addresses that you want to allow into your Google Cloud VPC from other connections within the Cloud Router. You can add up to 1000 prefixes.

If you are using NAT, this is pre-populated with the PacketFabric router peer IP.

The values you set above under Session settings apply to all prefixes. However, you can override those settings on a per-prefix basis.

For example, if you enabled Allow longer prefixes above but want to specify an exact prefix, then you can override the Allow longer setting by selecting Match type > Exact next to that particular prefix.

  • Row
    • Field
    • Description
  • Row
    • Prefix/Mask
    • Enter an allowed IP address range in CIDR format.
  • Row
    • Match type
    • Allow or disallow longer prefixes for this row (see the description above).
  • Row
    • AS prepend

    • Number of additional times to add the ASN to the BGP path, resulting in a higher path length. Allowed values are integers from 0 to 5.

      Routes with higher path length (a higher ASN prepend value) have a lower priority.

  • Row
    • MED

    • The multi-exit discriminator (MED) value. Allowed values are integers from 0 to 4294967295.

      When the same route is advertised in multiple locations, those with a lower MED are preferred by the peer AS.

Allowed prefixes from cloud

This is a list of addresses from within the attached Google Cloud environment that you want to advertise to other connections on the Cloud Router. This can include the VPC internal space and any routes you have created. You can add up to 1000 prefixes.

The values you set above under Session settings apply to all prefixes. However, you can override those settings on a per-prefix basis.

  • Row
    • Field
    • Description
  • Row
    • Prefix/Mask
    • Enter an allowed IP address range in CIDR format.
  • Row
    • Match type
    • Allow or disallow longer prefixes for this row (see the description above).
  • Row
    • Local preference
    • When the same route is received in multiple locations, those with a higher local preference value are preferred by the PacketFabric Cloud Router. Allowed values are integers from 0 to 4294967295.

Google-side ASN workaround

When creating a VLAN attachment, you are required to select a Google Cloud Router with ASN 16550. However, some routing scenarios require a private Google-side ASN.

Example 1: You are routing traffic between an AWS environment and two Google Cloud environments. Routes are only exchanged between AWS and Google Cloud. In this case, both Google Cloud Routers can have ASN 16550.

AWS to Google routing

Example 2: You are routing traffic between an AWS environment and two Google Cloud environments. Routes are exchanged between AWS and Google Cloud, as well as from one Google Cloud VPC to another. In this case, only one of the Google Cloud Routers can have ASN 16550.

AWS to Google routing

Use the following steps to associate a private ASN with a VLAN attachment:

  1. Create a Google Cloud Router with ASN 16550.

  2. Create a VLAN attachment and associate it with the Google Cloud Router.

  3. Edit the Google Cloud Router and modify the ASN to a value within the 64512-65534 range.