What is the Graphiant Gateway Service?
The Graphiant Gateway allows you to connect your on-premises Graphiant network to your public cloud workloads, using a private connection. It is the preferred way to connect your Graphiant on-premises, cloud and multi-cloud environments together to create a hybrid network. This document explains how to setup the Graphiant Gateway service and connect it to Google Cloud Platform (GCP).
To learn more about the Graphiant Gateway service, check out the Gateway Overview.
The first step in creating the gateway service for GCP is to create Cloud Routers in the Google Cloud portal, one for each region.
Note:
Any needed GCP Virtual Private Clouds will need to have been created (along with any subnets and associated route tables) to be accessible by the Graphiant network.
Building Cloud Connectivity in GCP
Note:
This document discusses creating a cloud connection for one region within a VPC; Graphiant only requires one region. Google Cloud Platform recommends using two regions for redundancy. If a cloud connection for a second region within a VPC is desired, follow these instructions a second time prior to requesting Gateway Service Connectivity in the Graphiant Portal.
Step 1: Creating a Cloud Router in GCP
Log into the Google Cloud Platform.
In the top search bar, type "cloud routers"; select 'Cloud Routers Network Connectivity'.
Click 'Create Router'.
Complete the following fields:
Name: The name for the Cloud Router
Description: If desired, enter the local description of the Cloud Router
Network: The VPC network that contains the instances to be reached
Region: Select the desired GCP region from the drop-down
Google ASN: Enter 16550.
Click 'Create'.
The Cloud Router now shows up in the table.
Step 2: Creating VLAN Attachments in GCP
The next step is to create VLAN attachments for each subnet.
Click 'Interconnect' in the left side menu.
Click the 'Create VLAN Attachments' tab.
Select 'Partner Interconnect connection'.
Select 'Set up unencrypted Interconnect'.
Click 'Continue'.
This will open a page to check the connection.
Click 'I already have a Service Provider'.
This opens the page to add VLAN attachments.
Select 'Create a redundant pair of VLAN attachments (recommended)'.
Complete the following fields:
Network: The VPC network where the attachments will connect (this should match the network from the Cloud Router)
Region: The Google Cloud region where the attachments will connect (this should match the region from the Cloud Router)
VLAN A:
Cloud Router: The Cloud Router created above
VLAN attachment name: The name for the VLAN attachment
IP stack type: Choose IPv4
Maximum transmission unit (MTU): The same MTU of the VPC network being used.
Repeat these same instructions for VLAN B.
Click 'Create'.
The VLAN attachments are now created.
The Pairing Keys will be shown here.
Take note of the Pairing keys.
Note:
Graphiant will need the Pairing Keys for connecting the Interconnect to the Graphiant Core.
If desired, Pre-activation can be selected so that when Graphiant has provisioned the Gateway service, the attachments are automatically activated.
To do this, click the 'Enable' checkbox above 'OK'.
Click 'OK'.
The attachments are created, and will have the message "Waiting for service provider".
The next step is to request gateway service for Google Cloud Platform in the Graphiant Portal.
Gateway Service for GCP Connectivity in the Graphiant Portal
Step 1: Locating Gateway Service in the Graphiant Portal
On the homepage of the Graphiant Portal, select and click ‘Gateway’ under the Service Management section in the left navigation menu.
This will take you to the ‘Gateway’ page of the Graphiant Portal where you will be able to view existing Gateway services as well as provision new ones.
Step 2: Configuring Gateway in the Graphiant Portal
To configure the Gateway service click the 'Create Gateway Service' button.
Next select the Graphiant region where you want to deploy the gateway service. This region should be the same as the cloud region where you have your Interconnect circuit deployed.
This opens the Cloud On Ramp screen.
Select 'Google Cloud Platform'.
Next, you need to configure the Graphiant Gateway to connect to your GCP Interconnect instance.
Below are descriptors for each of the fields required in order to configure the Gateway:
LAN Segment: The desired LAN segment to connect and have access to the cloud.
Speed: Speed of the circuit from the Gateway to the cloud.
Peering Key: Enter the Peering Keys from the GCP VLAN attachments.
Routing Policy: This is a free form text field that should include the subnets of the Interconnect BGP neighbor (in the form of "169.254.___.___" /30 Link-Local Only CIDR) as well as any BGP policy you wish to apply to the Graphiant Gateway. This policy will be reviewed with a Graphiant Customer Support agent at a later stage and can be updated if needed.
Click 'Next'; this will bring you to a review screen for your configurations.
Once you click 'Confirm' it will create a request for the Graphiant Customer Support team to follow up with you to provision your Gateway Service.
A message will come through saying that the new service is on the way!
Click 'Got it!'
A Graphiant Customer Support engineer will reach out to schedule a call to discuss the details of your Gateway Service.
During this call, the next step will be to activate the VLAN attachments in GCP.
Provisioning the Gateway Service for GCP with Graphiant
Activating the VLAN Attachments in GCP
From the Interconnect screen in the Google Cloud Platform, click the VLAN to be activated.
The VLAN will show as "Activation Needed".
When instructed by the Graphiant Customer Support engineer, click 'Activate'.
This will bring up a modal to confirm the activation of the VLAN attachment.
Click 'Accept'.
Repeat for the second VLAN attachment.
The next step while on the call with the Graphiant Customer Support engineer will be to configure the Interconnect BGP Peering with Graphiant.
Configuring Interconnect BGP Peering with Graphiant
Click 'Edit BGP Session' at the bottom of the VLAN screen.
A new section will slide in from the right to edit the BGP session.
Enter the Peer ASN for Graphiant of 30656.
Click 'Save and Continue'.
The BGP Session is now complete, and the information for the BGP Peers is found at the bottom of the VLAN attachment screen.
The Graphiant Customer Support engineer will complete the provisioning of your Gateway Service. This will change the Status for your Gateway Service in the Graphiant Portal to "Live" and it will be ready to use.
Note:
The status of "Live" is an indicator that the Gateway has been provisioned. It does not reflect the current status of the connection.
Requesting Changes to the Gateway in the Graphiant Portal
Once a Gateway Service has been created you can request changes to it via the Graphiant Portal. Navigate to the Gateway service page and locate the relevant instance. Use the action menu to navigate to the 'Configure (read-only)' view.
Click the 'Request Support' button.
This will open up a modal to provide details of what changes you would like to make to your Gateway service.
Once you click 'Submit', a request will be created for the Graphiant Customer Support team to make the requested changes to your Gateway service.
