Skip to content

Commit

Permalink
Fix for partner interconnect, the router interface and the BGP peers …
Browse files Browse the repository at this point in the history
…are automatically created
  • Loading branch information
apichick committed Sep 12, 2023
1 parent f225b60 commit 0019328
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 6 deletions.
49 changes: 45 additions & 4 deletions modules/net-vlan-attachment/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ module "example-va" {
name = google_compute_router.interconnect-router.name
}
}
# tftest modules=1 resources=3
# tftest modules=1 resources=2
```

### Dedicated Interconnect - Two VLAN Attachments on a single region (99.9% SLA)
Expand Down Expand Up @@ -201,7 +201,7 @@ module "example-va-b" {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
# tftest modules=2 resources=5
# tftest modules=2 resources=3
```

### Dedicated Interconnect - Four VLAN Attachments on two regions (99.99% SLA)
Expand Down Expand Up @@ -431,10 +431,10 @@ module "example-va-b-ew12" {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
}
# tftest modules=4 resources=10
# tftest modules=4 resources=6
```

### IPSec over Interconnect enabled setup
### IPSec for Dedicated Interconnect

Refer to the [HA VPN over Interconnect Blueprint](../../blueprints/networking/ha-vpn-over-interconnect/) for an all-encompassing example.

Expand Down Expand Up @@ -494,6 +494,47 @@ module "example-va-b" {
}
# tftest modules=2 resources=9
```

### IPSec for Partner Interconnect

```hcl
module "example-va-a" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-a"
description = "example-va-a vlan attachment"
peer_asn = "65001"
router_config = {
create = true
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_1"
}
vpn_gateways_ip_range = "10.255.255.0/29" # Allows for up to 8 tunnels
}
module "example-va-b" {
source = "./fabric/modules/net-vlan-attachment"
project_id = "myproject"
network = "mynet"
region = "europe-west8"
name = "encrypted-vlan-attachment-b"
description = "example-va-b vlan attachment"
peer_asn = "65001"
router_config = {
create = true
}
partner_interconnect_config = {
edge_availability_domain = "AVAILABILITY_DOMAIN_2"
}
vpn_gateways_ip_range = "10.255.255.8/29" # Allows for up to 8 tunnels
}
# tftest modules=2 resources=6
```


<!-- BEGIN TFDOC -->

## Variables
Expand Down
13 changes: 11 additions & 2 deletions modules/net-vlan-attachment/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,15 @@ resource "google_compute_router" "encrypted" {
region = var.region
encrypted_interconnect_router = true
bgp {
asn = var.router_config.asn
asn = var.router_config.asn
advertise_mode = var.dedicated_interconnect_config == null ? "DEFAULT" : "CUSTOM"
dynamic "advertised_ip_ranges" {
for_each = var.dedicated_interconnect_config == null ? var.ipsec_gateway_ip_ranges : {}
content {
description = advertised_ip_ranges.key
range = advertised_ip_ranges.value
}
}
}
}

Expand Down Expand Up @@ -106,13 +114,14 @@ resource "google_compute_router_interface" "default" {
}

resource "google_compute_router_peer" "default" {
count = var.dedicated_interconnect_config != null ? 1 : 0
name = "${var.name}-peer"
project = var.project_id
router = local.router
region = var.region
peer_ip_address = split("/", google_compute_interconnect_attachment.default.customer_router_ip_address)[0]
peer_asn = var.peer_asn
interface = "${var.name}-intf"
interface = google_compute_router_interface.default[0].name
advertised_route_priority = 100
advertise_mode = "CUSTOM"

Expand Down

0 comments on commit 0019328

Please sign in to comment.