# GCP Cross-Cloud Interconnect ## Overview Connect your Google Cloud Platform (GCP) production workloads to VGS APIs hosted on AWS without traversing the public internet. This is accomplished using GCP's managed Cross-Cloud Interconnect product. ### How it works Your GCP production workloads connect to VGS over a dedicated physical or managed interconnect path. At the Equinix colocation facility, GCP and AWS equipment coexists in the same building. A cross-connect (physical cable or managed virtual circuit) runs between the GCP and AWS servers. On the VGS side, the connection terminates at an AWS Direct Connect Dedicated Port, passes through an AWS Transit Gateway with an IPsec encrypted tunnel, and reaches VGS API private endpoints. ```mermaid graph TD A["GCP Production Workloads (VPC / Subnets)"] -->|"Dedicated Fiber"| B["Equinix Shared Colocation Facility - Physical Cross-Connect"] B -->|"Private Circuit No Public Internet"| C["AWS Direct Connect Dedicated Port (VGS)"] C --> D["AWS Transit Gateway (IPsec Encrypted Tunnel)"] D --> E["VGS APIs Private Endpoints"] ``` #### Detailed Connection Steps ```mermaid sequenceDiagram participant WMT as Your Team participant GCP as GCP Console participant Equinix as Equinix Facility participant AWS as AWS (VGS account) participant VGS as VGS Infrastructure WMT->>GCP: Order Dedicated Cross-Cloud Interconnect port GCP-->>WMT: Provide LOA (Letter of Authorization) for Equinix cross-connect WMT->>Equinix: Submit LOA to Equinix — request physical cross-connect Equinix-->>WMT: Cross-connect provisioned (fiber run between GCP and AWS cages) WMT->>VGS: Share cross-connect details and LOA VGS->>AWS: Accept Direct Connect connection on VGS AWS account WMT->>GCP: Create VLAN attachment on interconnect port WMT->>GCP: Configure Cloud Router with BGP session and AS numbers VGS->>AWS: Configure Transit Gateway + IPsec VPN tunnel VGS-->>WMT: Provide BGP peer IPs, VPN tunnel config, and private DNS endpoint WMT->>GCP: Apply BGP config to Cloud Router WMT->>VGS: Validate end-to-end connectivity VGS-->>WMT: Confirm traffic flowing to VGS APIs ✅ ``` Steps: 1. Order a Dedicated Cross-Cloud Interconnect port in the GCP Console under *Network Connectivity > Cloud Interconnect*. Select a 10G or 100G port at the Equinix location (to align with VGS's AWS region). 2. Obtain the LOA from GCP. GCP will issue a Letter of Authorization (LOA) authorizing a cross-connect at the Equinix facility. Download this from the GCP Console. 3. Submit the LOA to Equinix. Submit the LOA to Equinix to request a physical cross-connect between the GCP cage and the AWS Direct Connect cage. VGS can assist with the AWS-side cage details. 4. Equinix provisions the cross-connect. Equinix runs the physical fiber between the two cages. This typically takes 1–5 business days. 5. Share cross-connect details with VGS. Once provisioned, share the cross-connect ID and interconnect details with your VGS implementation contact. VGS will accept the connection on the AWS Direct Connect side. 6. Create a VLAN attachment in GCP. In the GCP Console, create a VLAN attachment on your interconnect port and associate it with a Cloud Router in your VPC. 7. Configure Cloud Router BGP. VGS will provide BGP peer IPs and AS numbers. Apply these to your Cloud Router to establish the BGP session. 8. VGS configures the AWS side. VGS sets up the Transit Gateway, attaches the Direct Connect Transit VIF, and configures the IPsec VPN tunnel. 9. VGS provides your private DNS endpoint. You will receive a private DNS hostname (e.g. `customer01.prod.vgsapiprivate.com`) resolvable only from within your connected network. 10. Validate connectivity. Run a GCP connectivity test or traceroute from a GCP VM to the VGS private endpoint. VGS will confirm traffic is arriving at the EKS cluster. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.verygoodsecurity.com/enterprise-platform/developer-resources/advanced-connectivity/gcp-cross-cloud-interconnect.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.