Skip to content

Latest commit

 

History

History
 
 

net-vlan-attachment

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

VLAN Attachment module

This module allows for the provisioning of VLAN Attachments for Dedicated Interconnect or Partner Interconnect.

Examples

Dedicated Interconnect - Single VLAN Attachment (No SLA)

resource "google_compute_router" "interconnect-router" {
  name    = "interconnect-router"
  network = "mynet"
  project = "myproject"
  region  = "europe-west8"
  bgp {
    advertise_mode    = "CUSTOM"
    asn               = 64514
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "10.255.255.0/24"
    }
    advertised_ip_ranges {
      range = "192.168.255.0/24"
    }
  }
}

module "example-va" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment"
  description = "Example vlan attachment"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router.name
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.0.0/30"
    interconnect = "interconnect-a"
    vlan_tag     = 12345
  }
}
# tftest modules=1 resources=4

Dedicated Interconnect - Single VLAN Attachment (No SLA) - BFD and MD5 Auth

resource "google_compute_router" "interconnect-router" {
  name    = "interconnect-router"
  network = "mynet"
  project = "myproject"
  region  = "europe-west8"
  bgp {
    advertise_mode    = "CUSTOM"
    asn               = 64514
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "10.255.255.0/24"
    }
    advertised_ip_ranges {
      range = "192.168.255.0/24"
    }
  }
}

module "example-va" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment"
  description = "Example vlan attachment"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router.name
    bfd = {
      min_receive_interval        = 1000
      min_transmit_interval       = 1000
      multiplier                  = 5
      session_initialization_mode = "ACTIVE"
    }
    md5_authentication_key = {
      name = "foo"
      key  = "bar"
    }
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.0.0/30"
    interconnect = "interconnect-a"
    vlan_tag     = 12345
  }
}

# tftest modules=1 resources=4

Partner Interconnect - Single VLAN Attachment (No SLA)

resource "google_compute_router" "interconnect-router" {
  name    = "interconnect-router"
  network = "mynet"
  project = "myproject"
  region  = "europe-west8"
  bgp {
    advertise_mode    = "CUSTOM"
    asn               = 16550
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "10.255.255.0/24"
    }
    advertised_ip_ranges {
      range = "192.168.255.0/24"
    }
  }
}

module "example-va" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment"
  description = "Example vlan attachment"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router.name
  }
}
# tftest modules=1 resources=2

Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)

resource "google_compute_router" "interconnect-router" {
  name    = "interconnect-router"
  network = "mynet"
  project = "myproject"
  region  = "europe-west8"
  bgp {
    asn               = 64514
    advertise_mode    = "CUSTOM"
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "10.255.255.0/24"
    }
    advertised_ip_ranges {
      range = "192.168.255.0/24"
    }
  }
}

module "example-va-a" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment-a"
  description = "interconnect-a vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router.name
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.0.0/30"
    interconnect = "interconnect-a"
    vlan_tag     = 1001
  }
}

module "example-va-b" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment-b"
  description = "interconnect-b vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router.name
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.0.4/30"
    interconnect = "interconnect-b"
    vlan_tag     = 1002
  }
}
# tftest modules=2 resources=7

Partner Interconnect - Two VLAN Attachments on a single region (99.9% SLA)

resource "google_compute_router" "interconnect-router" {
  name    = "interconnect-router"
  network = "mynet"
  project = "myproject"
  region  = "europe-west8"
  bgp {
    asn               = 16550
    advertise_mode    = "CUSTOM"
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "10.255.255.0/24"
    }
    advertised_ip_ranges {
      range = "192.168.255.0/24"
    }
  }
}

module "example-va-a" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment-a"
  description = "interconnect-a vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router.name
  }
  partner_interconnect_config = {
    edge_availability_domain = "AVAILABILITY_DOMAIN_1"
  }
}

module "example-va-b" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment-b"
  description = "interconnect-b vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router.name
  }
  partner_interconnect_config = {
    edge_availability_domain = "AVAILABILITY_DOMAIN_2"
  }
}
# tftest modules=2 resources=3

Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)

resource "google_compute_router" "interconnect-router-ew8" {
  name    = "interconnect-router-ew8"
  network = "mynet"
  project = "myproject"
  region  = "europe-west8"
  bgp {
    asn               = 64514
    advertise_mode    = "CUSTOM"
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "10.255.255.0/24"
    }
    advertised_ip_ranges {
      range = "192.168.255.0/24"
    }
  }
}

resource "google_compute_router" "interconnect-router-ew12" {
  name    = "interconnect-router-ew12"
  network = "mynet"
  project = "myproject"
  region  = "europe-west12"
  bgp {
    asn               = 64514
    advertise_mode    = "CUSTOM"
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "10.255.255.0/24"
    }
    advertised_ip_ranges {
      range = "192.168.255.0/24"
    }
  }
}

module "example-va-a-ew8" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment-a-ew8"
  description = "interconnect-a-ew8 vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router-ew8.name
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.0.0/30"
    interconnect = "interconnect-a-ew8"
    vlan_tag     = 1001
  }
}

module "example-va-b-ew8" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment-b-ew8"
  description = "interconnect-b-ew8 vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router-ew8.name
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.0.4/30"
    interconnect = "interconnect-b-ew8"
    vlan_tag     = 1002
  }
}

module "example-va-a-ew12" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west12"
  name        = "vlan-attachment-a-ew12"
  description = "interconnect-a-ew12 vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router-ew12.name
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.1.0/30"
    interconnect = "interconnect-a-ew12"
    vlan_tag     = 1003
  }
}

module "example-va-b-ew12" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west12"
  name        = "vlan-attachment-b-ew12"
  description = "interconnect-b-ew12 vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router-ew12.name
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.1.4/30"
    interconnect = "interconnect-b-ew12"
    vlan_tag     = 1004
  }
}
# tftest modules=4 resources=14

Partner Interconnect - Four VLAN Attachments on two regions (99.99% SLA)

resource "google_compute_router" "interconnect-router-ew8" {
  name    = "interconnect-router-ew8"
  network = "mynet"
  project = "myproject"
  region  = "europe-west8"
  bgp {
    asn               = 16550
    advertise_mode    = "CUSTOM"
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "10.255.255.0/24"
    }
    advertised_ip_ranges {
      range = "192.168.255.0/24"
    }
  }
}

resource "google_compute_router" "interconnect-router-ew12" {
  name    = "interconnect-router-ew12"
  network = "mynet"
  project = "myproject"
  region  = "europe-west12"
  bgp {
    asn               = 16550
    advertise_mode    = "CUSTOM"
    advertised_groups = ["ALL_SUBNETS"]
    advertised_ip_ranges {
      range = "10.255.255.0/24"
    }
    advertised_ip_ranges {
      range = "192.168.255.0/24"
    }
  }
}

module "example-va-a-ew8" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment-a-ew8"
  description = "interconnect-a-ew8 vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router-ew8.name
  }
  partner_interconnect_config = {
    edge_availability_domain = "AVAILABILITY_DOMAIN_1"
  }
}

module "example-va-b-ew8" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west8"
  name        = "vlan-attachment-b-ew8"
  description = "interconnect-b-ew8 vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router-ew8.name
  }
  partner_interconnect_config = {
    edge_availability_domain = "AVAILABILITY_DOMAIN_2"
  }
}

module "example-va-a-ew12" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west12"
  name        = "vlan-attachment-a-ew12"
  description = "interconnect-a-ew12 vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router-ew12.name
  }
  partner_interconnect_config = {
    edge_availability_domain = "AVAILABILITY_DOMAIN_1"
  }
}

module "example-va-b-ew12" {
  source      = "./fabric/modules/net-vlan-attachment"
  network     = "mynet"
  project_id  = "myproject"
  region      = "europe-west12"
  name        = "vlan-attachment-b-ew12"
  description = "interconnect-b-ew12 vlan attachment 0"
  peer_asn    = "65000"
  router_config = {
    create = false
    name   = google_compute_router.interconnect-router-ew12.name
  }
  partner_interconnect_config = {
    edge_availability_domain = "AVAILABILITY_DOMAIN_2"
  }
}
# tftest modules=4 resources=6

IPSec for Dedicated Interconnect

Refer to the HA VPN over Interconnect Blueprint for an all-encompassing example.

resource "google_compute_router" "encrypted-interconnect-underlay-router-ew8" {
  name                          = "encrypted-interconnect-underlay-router-ew8"
  project                       = "myproject"
  network                       = "mynet"
  region                        = "europe-west8"
  encrypted_interconnect_router = true
  bgp {
    advertise_mode = "DEFAULT"
    asn            = 64514
  }
}

module "example-va-a" {
  source      = "./fabric/modules/net-vlan-attachment"
  project_id  = "myproject"
  network     = "mynet"
  region      = "europe-west8"
  name        = "encrypted-vlan-attachment-a"
  description = "example-va-a vlan attachment"
  peer_asn    = "65001"
  router_config = {
    create = false
    name   = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.0.0/30"
    interconnect = "interconnect-a"
    vlan_tag     = 1001
  }
  vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
}

module "example-va-b" {
  source      = "./fabric/modules/net-vlan-attachment"
  project_id  = "myproject"
  network     = "mynet"
  region      = "europe-west8"
  name        = "encrypted-vlan-attachment-b"
  description = "example-va-b vlan attachment"
  peer_asn    = "65001"
  router_config = {
    create = false
    name   = google_compute_router.encrypted-interconnect-underlay-router-ew8.name
  }
  dedicated_interconnect_config = {
    bandwidth    = "BPS_10G"
    bgp_range    = "169.254.0.4/30"
    interconnect = "interconnect-b"
    vlan_tag     = 1002
  }
  vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
}
# tftest modules=2 resources=9

IPSec for Partner Interconnect

module "example-va-a" {
  source      = "./fabric/modules/net-vlan-attachment"
  project_id  = "myproject"
  network     = "mynet"
  region      = "europe-west8"
  name        = "encrypted-vlan-attachment-a"
  description = "example-va-a vlan attachment"
  peer_asn    = "65001"
  router_config = {
    create = true
  }
  partner_interconnect_config = {
    edge_availability_domain = "AVAILABILITY_DOMAIN_1"
  }
  vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
}

module "example-va-b" {
  source      = "./fabric/modules/net-vlan-attachment"
  project_id  = "myproject"
  network     = "mynet"
  region      = "europe-west8"
  name        = "encrypted-vlan-attachment-b"
  description = "example-va-b vlan attachment"
  peer_asn    = "65001"
  router_config = {
    create = true
  }
  partner_interconnect_config = {
    edge_availability_domain = "AVAILABILITY_DOMAIN_2"
  }
  vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
}
# tftest modules=2 resources=6

Variables

name description type required default
description VLAN attachment description. string
name The common resources name, used after resource type prefix and suffix. string
network The VPC name to which resources are associated to. string
peer_asn The on-premises underlay router ASN. string
project_id The project id where resources are created. string
region The region where resources are created. string
router_config Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. object({…})
admin_enabled Whether the VLAN attachment is enabled. bool true
dedicated_interconnect_config Partner interconnect configuration. object({…}) null
ipsec_gateway_ip_ranges IPSec Gateway IP Ranges. map(string) {}
mtu The MTU associated to the VLAN attachment (1440 / 1500). number 1500
partner_interconnect_config Partner interconnect configuration. object({…}) null
vpn_gateways_ip_range The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. string null

Outputs

name description sensitive
attachment VLAN Attachment resource.
id Fully qualified VLAN attachment id.
name The name of the VLAN attachment created.
pairing_key Opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner.
router Router resource (only if auto-created).
router_interface Router interface created for the VLAN attachment.
router_name Router name.