英文:
GCP Multiple VPC networks in same region but different zone need to connect on-premise network
问题
以下是您要翻译的内容:
我们根据环境类型拥有多个VPC网络,例如dev/sit/e2e/pre-prod/prod等,以隔离工作负载。每个VPC网络都有多个子网。核心应用程序是使用GCP服务构建的,如GCE、GKE、Cloud Storage、负载均衡器等。应用程序的底层数据库仍在本地网络中,并且由于各种问题尚未迁移到GCP。对于测试/开发环境,我们计划使用HA-VPN与本地数据库进行通信,而对于生产和预生产环境,我们将使用专用互联。
对于我们的非生产和生产环境,我们正在评估中心和辐射架构,其中所有辐射VPC将连接到中心,中心VPC将使用HA VPN或专用互联连接到本地网络。
我找不到任何好的文档或分步指南来支持这种架构。如果您能分享关于如何以最简单的方式连接多个VPC网络与本地网络的知识,对我将非常有帮助。
我在GCP混合云架构方面相对新,并且在向客户提供解决方案之前,我们需要进行PoC。
谢谢!!!
为每个VPC设置HA-VPN可能不是一个好的解决方案。需要更精确的方法来连接多个VPC网络到本地网络。
英文:
We have multiple VPC networks with respect to the env type, like dev/sit/e2e/pre-prod/prod etc to isolate the workload. Each VPC network having multiple subnets. The core applications are built using the GCP services like GCE, GKE, Cloud Storage, Load balancer etc. The underlying databases of the application are still in the on-premise network and yet to be migrated in the GCP due to various issues. For Test/Dev env we are planning to use HA-VPN to communicate with the on-premise database and for prod & pre-prod we will use dedicated interconnect.
For our non-production & production env, we are evaluating the Hub & Spoke architecture where all the spoke VPC will connect to the Hub and the Hub VPC will connect to the on-premise network using either HA VPN or Dedicated Interconnect.
I'm not able to find out any good document or step by step guide to facilitate this architecture. If you can share your knowledge regarding how we can connect multiple VPC network with on-prem in most simplest way, it would be very much helpful for me.
I'm relative new on the GCP hybrid cloud architecture and we need to do PoC before providing the solution to the customer.
Thank you!!!
Setting up HA-VPN for each VPC may not be good solution. Need more precise way to connect multiple VPC network to On-prem network.
答案1
得分: 0
我建议您查看Shared VPC,虽然我不知道您现在是否可以进行切换。但基本上它包括一个集中管理的VPC(您的主机项目),您可以在其中创建子网并分配给其他项目(称为服务项目)来使用。因此,您可以从主机项目创建单个VPN连接到您的本地网络,并让您的服务项目共享它。
英文:
I would suggest you look into Shared VPC, although I don't know how feasible it is for you to make the switch now. But essentially it consists of a centrally managed VPC (your host project) in which you can create subnets and assign to other projects (called service projects) to use. So you can create a single VPN from your host project to your on-prem and have your service projects share it.
答案2
得分: 0
一个简单且安全的选择是使用 Aviatrix 来构建集线器和辐射架构。 集线器 VPC 连接到本地网络,您可以将辐射与辐射和/或与本地网络之间的流量进行宏观或微观分段。 您还可以将所有内容都设定为代码,因此可以在几分钟内为测试进行设置 - 这里是集线器 tf 模块的示例链接:https://registry.terraform.io/modules/terraform-aviatrix-modules/mc-transit/aviatrix/latest
这是辐射模块的示例链接:https://registry.terraform.io/modules/terraform-aviatrix-modules/mc-spoke/aviatrix/latest
此外,您可以获得有关在集线器和辐射之间传输的各种流量类型的大量可见性,可以运行报告等。
英文:
an easy and secure option is to use Aviatrix to build out the hub and spoke architecture. Hub VPC is connected to on prem and you can Macro or micro segment spoke to spoke and/or spoke to on prem traffic. You can also do everything as code so setting it up for a test can be done in a couple of minutes - here’s an example of the hub tf module: https://registry.terraform.io/modules/terraform-aviatrix-modules/mc-transit/aviatrix/latest
Here’s an example of the spoke module: https://registry.terraform.io/modules/terraform-aviatrix-modules/mc-spoke/aviatrix/latest
In addition you get lots of visibility into types of traffic passing over your hub and spokes, can run reports, etc
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论