GCP Cross-Cloud Interconnect

Overview

Connect your Google Cloud Platform (GCP) production workloads to VGS APIs hosted on AWS without traversing the public internet. This is accomplished using GCP's managed Cross-Cloud Interconnect product.

How it works

Your GCP production workloads connect to VGS over a dedicated physical or managed interconnect path. At the Equinix colocation facility, GCP and AWS equipment coexists in the same building. A cross-connect (physical cable or managed virtual circuit) runs between the GCP and AWS servers. On the VGS side, the connection terminates at an AWS Direct Connect Dedicated Port, passes through an AWS Transit Gateway with an IPsec encrypted tunnel, and reaches VGS API private endpoints.

Detailed Connection Steps

Steps:

1. Order a Dedicated Cross-Cloud Interconnect port in the GCP Console under Network Connectivity > Cloud Interconnect. Select a 10G or 100G port at the Equinix location (to align with VGS's AWS region).

2. Obtain the LOA from GCP. GCP will issue a Letter of Authorization (LOA) authorizing a cross-connect at the Equinix facility. Download this from the GCP Console.

3. Submit the LOA to Equinix. Submit the LOA to Equinix to request a physical cross-connect between the GCP cage and the AWS Direct Connect cage. VGS can assist with the AWS-side cage details.

4. Equinix provisions the cross-connect. Equinix runs the physical fiber between the two cages. This typically takes 1–5 business days.

5. Share cross-connect details with VGS. Once provisioned, share the cross-connect ID and interconnect details with your VGS implementation contact. VGS will accept the connection on the AWS Direct Connect side.

6. Create a VLAN attachment in GCP. In the GCP Console, create a VLAN attachment on your interconnect port and associate it with a Cloud Router in your VPC.

7. Configure Cloud Router BGP. VGS will provide BGP peer IPs and AS numbers. Apply these to your Cloud Router to establish the BGP session.

8. VGS configures the AWS side. VGS sets up the Transit Gateway, attaches the Direct Connect Transit VIF, and configures the IPsec VPN tunnel.

9. VGS provides your private DNS endpoint. You will receive a private DNS hostname (e.g. customer01.prod.vgsapiprivate.com) resolvable only from within your connected network.

10. Validate connectivity. Run a GCP connectivity test or traceroute from a GCP VM to the VGS private endpoint. VGS will confirm traffic is arriving at the EKS cluster.