GCP Cloud Network Configuration

Overview

This guide explains the network topologies supported by Avi Vantage in GCP.

Notes:

  • You can share VPC networks across the projects in GCP. For more details on shared VPC, refer to Shared VPC guide.

  • GCP does not allow two NIC’s from the same VPC (even if there are multiple subnets in the VPC) to be associated with a single VM (Creating instances with multiple network interfaces). Thus both the Data and Management NIC’s have to be in separate VPC’s.

  • GCP load balancer forwards traffic to only the first interface of the virtual machine.

The following are the types of networks used:

  • Frontend Data Network — This network connects the VIP to the Service Engines. All the VIP traffic reaches the Service Engines through this network.

  • Backend Data Network — This network connects the Service Engines to the application servers. All the traffic between the Service Engines and the application servers flows through this network.

  • Management Network — This network connects the Service Engines with the Controller for all the management operations.

Network Configuration Modes

The following are the types of network configuration modes:

  • Inband Management

  • One-Arm with Dedicated Management

  • Two-Arm Mode with Dedicated Management

Inband Management

The following are the features of inband management:

  • The Service Engines will be connected to only 1 VPC subnet.

  • No network isolation between front-end and back-end data and management traffic as both will go through the same VPC subnet.

  • The Service Engine subnet VPC can be a shared VPC which provides the flexibility of having Avi Controllers, Service Engines and servers in different projects without the need for VPC peering.

  • The inband management needs minimum 1 vCPU for the Service Engine virtual machines.

The following is the diagrammatic representation of the inband management:

inband-management

Configuring GCP Cloud

Configuring GCP Cloud via UI

Starting with NSX Advanced Load Balancer version 22.1.3, you can configure shared VPC via UI. The following are the steps to configure GCP cloud:

  1. Navigate to Infrastructure > Clouds. Select Google Cloud Platform from CREATE drop-down list.

    gcp-cloud

  2. Specify the general details and click SET CREDENTIALS to set GCP credentials. Specify the Service Engine Project ID. You can either select Compute Account as Default Service Account checkbox or select credentials from the drop-down list.

  3. Specify the following Management details:

    1. Management VPC Project ID

    2. Management VPC Network Name

    3. Management VPC Subnet Name

  4. Specify the Target Tags. This is optional.

  5. Specify the storage details such as Cloud Storage ID and Cloud Storage Bucket Name.

  6. Specify the encryption key details as follows. However, this is optional.

    1. Service Engine Image Encryption Key ID

    2. Service Engine Disk Encryption Key ID

    3. GCS Bucket Encryption Key ID

    4. GCS Objects Encryption Key ID

  7. You can set VIP allocation through routes or through ILB.

  8. Specify IPAM/ DNS profile details. You can enable state based DNS registration by checking Enable State based DNS Registration box.

  9. Add keys and values in Tags section.

  10. After specifying the necessary details, click Save to save the cloud.

Configuring GCP Cloud via CLI

Set the network_config field of gcp_configuration to inband_management. The following fields need to be set in the inband object.

  • vpc_project_id — The VPC project ID of the network which needs to be attached to the Service Engine virtual machine. By default, the Service Engine project ID will be used.

  • vpc_network_name — The VPC network name of the network which needs to be attached to the Service Engine virtual machine.

  • vpc_subnet_name — The VPC subnet name from which the Service Engine interface IP will be allocated.

Example


[admin:10-138-10-31]: > configure cloud gcp-cloud-inband
[admin:10-138-10-31]: cloud> vtype cloud_gcp

[admin:10-138-10-31]: cloud> gcp_configuration
[admin:10-138-10-31]: cloud:gcp_configuration> se_project_id service-engine-project
[admin:10-138-10-31]: cloud:gcp_configuration> region_name us-central1
[admin:10-138-10-31]: cloud:gcp_configuration> zones us-central1-a
[admin:10-138-10-31]: cloud:gcp_configuration> zones us-central1-b

[admin:10-138-10-31]: cloud:gcp_configuration> network_config config inband_management
[admin:10-138-10-31]: cloud:gcp_configuration:network_config> inband
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:inband> vpc_network_name network-shared
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:inband> vpc_project_id network-project
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:inband> vpc_subnet_name subnet-1
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:inband> save
[admin:10-138-10-31]: cloud:gcp_configuration:network_config> save
[admin:10-138-10-31]: cloud:gcp_configuration> save
[admin:10-138-10-31]: cloud> save
+------------------------------+--------------------------------------------+
| Field                        | Value                                      |
+------------------------------+--------------------------------------------+
| uuid                         | cloud-ce377a7b-965f-4714-be1a-7b6c0e64c22f |
| name                         | gcp-cloud-inband                           |
| vtype                        | CLOUD_GCP                                  |
| apic_mode                    | False                                      |
| gcp_configuration            |                                            |
|   region_name                | us-central1                                |
|   zones[1]                   | us-central1-a                              |
|   zones[2]                   | us-central1-b                              |
|   se_project_id              | service-engine-project                     |
|   network_config             |                                            |
|     config                   | INBAND_MANAGEMENT                          |
|     inband                   |                                            |
|       vpc_subnet_name        | subnet-1                                   |
|       vpc_project_id         | network-project                            |
|       vpc_network_name       | network-shared                             |
|   vip_allocation_strategy    |                                            |
|     mode                     | ROUTES                                     |
| dhcp_enabled                 | True                                       |
| mtu                          | 1500 bytes                                 |
| prefer_static_routes         | False                                      |
| enable_vip_static_routes     | False                                      |
| license_type                 | LIC_CORES                                  |
| state_based_dns_registration | True                                       |
| ip6_autocfg_enabled          | False                                      |
| dns_resolution_on_se         | False                                      |
| enable_vip_on_all_interfaces | False                                      |
| tenant_ref                   | admin                                      |
| license_tier                 | ENTERPRISE_18                              |
| autoscale_polling_interval   | 60 seconds                                 |
+------------------------------+--------------------------------------------+
[admin:10-138-10-31]: >

Inband via UI

If you select Inband option in Network section, you need to specify the VPC project and network name.

inband

One-Arm with Dedicated Management

The following are the features of one-arm with dedicated management:

  • The Service Engines will be connected to two VPC subnets, one for the management traffic and the other for the data traffic.

  • Provides network isolation between the data and the management traffic but still frontend data and backend data goes through same network.

  • First interface of the SE will be connected to the data network.

  • Prior to Avi Vantage version 20.1.6, the shared VPC is supported only on first NIC, therefore only the data NIC can be in a shared VPC.

  • Starting with Avi Vantage version 20.1.6, shared VPC is supported on multiple NICs. Therefore, both the data NIC and the management NIC can be from a shared VPC.

  • If the Service Engines and the Controller are in different projects then management VPC needs to be peered with the other project VPC.

  • Needs minimum 1 vCPU for the Service Engine virtual machines.

one-arm-with-dedicated-management

The following is the diagrammatic representation of one-arm with dedicated management:

one-arm-with-dedicated-management-2

Configuring GCP Cloud via CLI

Set the network_config field of gcp_configuration to one_arm_mode. The following fields need to be set in the one_arm object.

  • data_vpc_project_id — The VPC project ID of the data network which needs to be attached to the Service Engine virtual machine. By default, the Service Engine project ID will be used.

  • data_vpc_network_name — The VPC network name of the data network which needs to be attached to the Service Engine virtual machine.

  • data_vpc_subnet_name — The VPC subnet name from which the Service Engine data interface IP will be allocated.

  • management_vpc_network_name — The VPC network name of the management network which needs to be attached to the Service Engine virtual machine.

  • management_vpc_subnet_name — The VPC subnet name from which the Service Engine management interface IP will be allocated.

  • management_vpc_project_id (introduced in 20.1.6) — The project ID of the Service Engine management network. By default, Service Engine Project ID will be used.

Example


[admin:10-138-10-31]: > configure cloud gcp-cloud-onearm
[admin:10-138-10-31]: cloud> vtype cloud_gcp
[admin:10-138-10-31]: cloud> gcp_configuration
[admin:10-138-10-31]: cloud:gcp_configuration> se_project_id service-engine-project
[admin:10-138-10-31]: cloud:gcp_configuration> region_name us-central1
[admin:10-138-10-31]: cloud:gcp_configuration> zones us-central1-a
[admin:10-138-10-31]: cloud:gcp_configuration> zones us-central1-b

[admin:10-138-10-31]: cloud:gcp_configuration> network_config config one_arm_mode
[admin:10-138-10-31]: cloud:gcp_configuration:network_config> one_arm
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:one_arm> data_vpc_project_id data-network-project-id
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:one_arm> data_vpc_network_name data-network
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:one_arm> data_vpc_subnet_name data-subnet
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:one_arm> management_vpc_network_name management-network
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:one_arm> management_vpc_subnet_name management-subnet
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:one_arm> management_vpc_project_id management-vpc-project-id
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:one_arm> save
[admin:10-138-10-31]: cloud:gcp_configuration:network_config> save
[admin:10-138-10-31]: cloud:gcp_configuration> save
[admin:10-138-10-31]: cloud> save
+-----------------------------------+--------------------------------------------+
| Field                             | Value                                      |
+-----------------------------------+--------------------------------------------+
| uuid                              | cloud-d9e4f50b-eab8-40a1-be1f-b6a90e597ac8 |
| name                              | gcp-cloud-onearm                           |
| vtype                             | CLOUD_GCP                                  |
| apic_mode                         | False                                      |
| gcp_configuration                 |                                            |
|   region_name                     | us-central1                                |
|   zones[1]                        | us-central1-a                              |
|   zones[2]                        | us-central1-b                              |
|   se_project_id                   | service-engine-project                     |
|   network_config                  |                                            |
|     config                        | ONE_ARM_MODE                               |
|     one_arm                       |                                            |
|       data_vpc_subnet_name        | data-subnet                                |
|       data_vpc_project_id         | data-network-project-id                    |
|       management_vpc_subnet_name  | management-subnet                          |
|       data_vpc_network_name       | data-network                               |
|       management_vpc_network_name | management-network                         |
|       management_vpc_project_id   | management-vpc-project-id                  |
|   vip_allocation_strategy         |                                            |
|     mode                          | ROUTES                                     |
| dhcp_enabled                      | True                                       |
| mtu                               | 1500 bytes                                 |
| prefer_static_routes              | False                                      |
| enable_vip_static_routes          | False                                      |
| license_type                      | LIC_CORES                                  |
| state_based_dns_registration      | True                                       |
| ip6_autocfg_enabled               | False                                      |
| dns_resolution_on_se              | False                                      |
| enable_vip_on_all_interfaces      | False                                      |
| tenant_ref                        | admin                                      |
| license_tier                      | ENTERPRISE_18                              |
| autoscale_polling_interval        | 60 seconds                                 |
+-----------------------------------+--------------------------------------------+
[admin:10-138-10-31]: >   

Dedicated Data Network via UI

If you select Dedicated Data Network option in Network section, you need to specify the Data amd Management details:

  1. Data VPC Project ID
  2. Data VPC Network Name
  3. Data VPC Subnet Name
  4. Management VPC Project ID
  5. Management VPC Network Name
  6. Management VPC Subnet Name

dedicated-data-network

Two-Arm Mode with Dedicated Management

The following are the features of the two-arm mode with dedicated management:

  • The Service Engines will be connected to three VPC subnets, one each for the frontend data traffic, management traffic and backend data traffic.

  • Provides isolation between management, frontend data and backend data networks.

  • First interface of the SE will be connected to the frontend data network.

  • Prior to Avi Vantage version 20.1.6, shared VPC is supported only on first NIC, therefore only the frontend data NIC can be in a shared VPC.

  • Starting with Avi Vantage version 20.1.6, shared VPC is supported on multiple NICs. Therefore, all the three NICs can be from shared VPCs.

  • If the Service Engines and the Controller are in different projects, then management VPC needs to be peered with the other project VPC.

  • Third interface of the SE will be connected to the backend data network.

  • Needs minimum 4 vCPUs for the Service Engine virtual machine. Add a flavor having 4 or more vCPUs in the ServiceEngineGroup properties.

The following is the diagrammatic representation of two-arm mode with dedicated management:

Configuring GCP Cloud via CLI

Set the network_config field of gcp_configuration to two_arm_mode. The following fields need to be set in the two_arm object.

  • frontend_data_vpc_project_id — The VPC project ID of the frontend data network which needs to be attached to the Service Engine virtual machine. By default, Service Engine project ID will be used.

  • frontend_data_vpc_network_name — The VPC network name of the frontend data network which needs to be attached to the Service Engine virtual machine.

  • frontend_data_vpc_subnet_name — The VPC subnet name from which the Service Engine frontend data interface IP will be allocated.

  • management_vpc_network_name — The VPC network name of the management network which needs to be attached to the Service Engine virtual machine.

  • management_vpc_subnet_name — The VPC subnet name from which the Service Engine management interface IP will be allocated.

  • backend_data_vpc_network_name — The VPC network name of the backend data network which needs to be attached to the Service Engine virtual machine.

  • backend_data_vpc_subnet_name — The VPC subnet name from which the Service Engine backend data interface IP will be allocated.

  • management_vpc_two-arm-mode-with-dedicated-management project_id (introduced in 20.1.6) — The project ID of the Service Engine management network. By default, Service Engine project ID will be used.

  • backend_data_vpc_project_id (introduced in 20.1.6) — The project ID of the Service Engine backend data network. By default, Service Engine project ID will be used.

Example


[admin:10-138-10-31]: > configure cloud gcp-cloud-twoarm

[admin:10-138-10-31]: cloud> vtype cloud_gcp
[admin:10-138-10-31]: cloud> gcp_configuration
[admin:10-138-10-31]: cloud:gcp_configuration> se_project_id service-engine-project
[admin:10-138-10-31]: cloud:gcp_configuration> region_name us-central1
[admin:10-138-10-31]: cloud:gcp_configuration> zones us-central1-a
[admin:10-138-10-31]: cloud:gcp_configuration> zones us-central1-b
[admin:10-138-10-31]: cloud:gcp_configuration> network_config config two_arm_mode
[admin:10-138-10-31]: cloud:gcp_configuration:network_config> two_arm
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> frontend_data_vpc_project_id frontend-data-network-project
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> frontend_data_vpc_network_name frontend-data-network-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> frontend_data_vpc_subnet_name frontend-data-subnet-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> management_vpc_network_name management-network-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> management_vpc_subnet_name management-subnet-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> management_vpc_project_id management-vpc-project-id
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> backend_data_pc_project_id backend-data-pc-project-id
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> backend_data_vpc_network_name backend-data-network-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> backend_data_vpc_subnet_name backend-data-subnet-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> save
[admin:10-138-10-31]: cloud:gcp_configuration:network_config> save
[admin:10-138-10-31]: cloud:gcp_configuration> save
[admin:10-138-10-31]: cloud> save
+--------------------------------------+--------------------------------------------+
| Field                                | Value                                      |
+--------------------------------------+--------------------------------------------+
| uuid                                 | cloud-500d70f5-0457-467c-b796-7652c701e2c7 |
| name                                 | gcp-cloud-twoarm                           |
| vtype                                | CLOUD_GCP                                  |
| apic_mode                            | False                                      |
| gcp_configuration                    |                                            |
|   region_name                        | us-central1                                |
|   zones[1]                           | us-central1-a                              |
|   zones[2]                           | us-central1-b                              |
|   se_project_id                      | service-engine-project                     |
|   network_config                     |                                            |
|     config                           | TWO_ARM_MODE                               |
|     two_arm                          |                                            |
|       frontend_data_vpc_subnet_name  | frontend-data-subnet-name                  |
|       frontend_data_vpc_project_id   | frontend-data-network-project              |
|       management_vpc_subnet_name     | management-subnet-name                     |
|       backend_data_vpc_subnet_name   | backend-data-subnet-name                   |
|       frontend_data_vpc_network_name | frontend-data-network-name                 |
|       management_vpc_network_name    | management-network-name                    |
|       management_vpc_project_id      | management-vpc-project-id                  |
|       backend_data_pc_project_id     | backend-data-pc-project-id                 |
|       backend_data_vpc_network_name  | backend-data-network-name                  |
|   vip_allocation_strategy            |                                            |
|     mode                             | ROUTES                                     |
| dhcp_enabled                         | True                                       |
| mtu                                  | 1500 bytes                                 |
| prefer_static_routes                 | False                                      |
| enable_vip_static_routes             | False                                      |
| license_type                         | LIC_CORES                                  |
| state_based_dns_registration         | True                                       |
| ip6_autocfg_enabled                  | False                                      |
| dns_resolution_on_se                 | False                                      |
| enable_vip_on_all_interfaces         | False                                      |
| tenant_ref                           | admin                                      |
| license_tier                         | ENTERPRISE_18                              |
| autoscale_polling_interval           | 60 seconds                                 |
+--------------------------------------+--------------------------------------------+
[admin:10-138-10-31]: >

Dedicated FrontEnd and Backend via UI

If you select Dedicated FrontEnd and Backend Network option is selected, then you need to specify Frontend and Backend details:

  1. Frontend Data VPC Project ID
  2. Frontend Data VPC Network Name
  3. Frontend Data VPC Subnet Name
  4. Backend Data VPC Project ID
  5. Backend Data VPC Network Name
  6. Backend Data VPC Subnet Name

Configuring ServiceEngineGroup via CLI

You can set GCP n2-standard-4 machine type in the Service Engine group as follows:


[admin:10-138-10-31]: > configure serviceenginegroup Default-Group
[admin:10-138-10-31]: serviceenginegroup> instance_flavor n2-standard-4
[admin:10-138-10-31]: serviceenginegroup> save

Configuring Static Routes for Backend Servers Reachability

The static routes are required if the backend servers are in subnets other than the Service Engine backend data subnet configured in the cloud.

The static routes needs to be configured with:

  • The destination range as the backend servers subnet prefix.

  • The next hop as the gateway of GCP backend data subnet connected to the Service Engine.

Example:

In the below configuration, 10.152.134.192/26 is the subnet prefix of the servers subnet and 10.152.134.1 is the gateway of the subnet attached to the Service Engine in backend subnet VPC.


[admin:10-138-10-31]: > configure vrfcontext global
Multiple objects found for this query.
	[0]: vrfcontext-0390ab9e-510c-49ab-8906-7f6eb72ef7f9#global in tenant admin, Cloud Default-Cloud
	[1]: vrfcontext-ef6ae4f4-42c2-4225-9194-cec7ae294979#global in tenant admin, Cloud gcp-cloud-twoarm
Select one: 1
[admin:10-138-10-31]: vrfcontext> static_routes
New object being created
[admin:10-138-10-31]: vrfcontext:static_routes> prefix 10.152.134.192/26
[admin:10-138-10-31]: vrfcontext:static_routes> next_hop 10.152.134.1
[admin:10-138-10-31]: vrfcontext:static_routes> route_id 1
[admin:10-138-10-31]: vrfcontext:static_routes> save
[admin:10-138-10-31]: vrfcontext> save
+------------------+-------------------------------------------------+
| Field            | Value                                           |
+------------------+-------------------------------------------------+
| uuid             | vrfcontext-ef6ae4f4-42c2-4225-9194-cec7ae294979 |
| name             | global                                          |
| static_routes[1] |                                                 |
|   prefix         | 10.152.134.192/26                               |
|   next_hop       | 10.152.134.1                                    |
|   route_id       | 1                                               |
| system_default   | True                                            |
| tenant_ref       | admin                                           |
| cloud_ref        | gcp-cloud-twoarm                                |
+------------------+-------------------------------------------------+
[admin:10-138-10-31]: >

VIP on all Interfaces

You can configure the VIPs in GCP Cloud to list all the Service Engine data interfaces. Using this feature, you can access VIP from both frontend and backend data VPCs.

vips-in-gcp

This feature can be used only with following Avi cloud configuration:

  • vip_allocation_strategy is set to routes. The GCP routes for the VIP will be created in both the frontend data and backend data VPCs. Refer IPAM Provider (Google Cloud Platform) to know about different VIP allocation strategies in GCP.

  • network_config mode is two_arm

You can enable this feature by setting enable_vip_on_all_interfaces field in Avi cloud configuration. All the Service Engines in the Service Engine Groups will be listed on all the data interfaces.

You cannot change this field if the Virtual Services and the Service Engines already exists for the Avi cloud.

Note: Starting with Avi Vantage version 20.1.3, GCP IPAM on GCP is not supported.

Configuring via CLI

You can configure the VIPs via CLI as follows:


[admin:10-138-10-31]: > configure cloud gcp-cloud-twoarm-all-interfaces

[admin:10-138-10-31]: cloud> vtype cloud_gcp
[admin:10-138-10-31]: cloud> gcp_configuration
[admin:10-138-10-31]: cloud:gcp_configuration> se_project_id service-engine-project
[admin:10-138-10-31]: cloud:gcp_configuration> region_name us-central1
[admin:10-138-10-31]: cloud:gcp_configuration> zones us-central1-a
[admin:10-138-10-31]: cloud:gcp_configuration> zones us-central1-b
[admin:10-138-10-31]: cloud:gcp_configuration> network_config config two_arm_mode
[admin:10-138-10-31]: cloud:gcp_configuration:network_config> two_arm
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> frontend_data_vpc_project_id frontend-data-network-project
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> frontend_data_vpc_network_name frontend-data-network-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> frontend_data_vpc_subnet_name frontend-data-subnet-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> management_vpc_network_name management-network-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> management_vpc_subnet_name management-subnet-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> backend_data_vpc_network_name backend-data-network-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> backend_data_vpc_subnet_name backend-data-subnet-name
[admin:10-138-10-31]: cloud:gcp_configuration:network_config:two_arm> save
[admin:10-138-10-31]: cloud:gcp_configuration:network_config> save
[admin:10-138-10-31]: cloud:gcp_configuration> save
[admin:10-138-10-31]: cloud> enable_vip_on_all_interfaces
[admin:10-138-10-31]: cloud> save
+--------------------------------------+--------------------------------------------+
| Field                                | Value                                      |
+--------------------------------------+--------------------------------------------+
| uuid                                 | cloud-cd70e433-a85f-49db-bfbe-b9db6a938ba6 |
| name                                 | gcp-cloud-twoarm-all-interfaces            |
| vtype                                | CLOUD_GCP                                  |
| apic_mode                            | False                                      |
| gcp_configuration                    |                                            |
|   region_name                        | us-central1                                |
|   zones[1]                           | us-central1-a                              |
|   zones[2]                           | us-central1-b                              |
|   se_project_id                      | service-engine-project                     |
|   network_config                     |                                            |
|     config                           | TWO_ARM_MODE                               |
|     two_arm                          |                                            |
|       frontend_data_vpc_subnet_name  | frontend-data-subnet-name                  |
|       frontend_data_vpc_project_id   | frontend-data-network-project              |
|       management_vpc_subnet_name     | management-subnet-name                     |
|       backend_data_vpc_subnet_name   | backend-data-subnet-name                   |
|       frontend_data_vpc_network_name | frontend-data-network-name                 |
|       management_vpc_network_name    | management-network-name                    |
|       backend_data_vpc_network_name  | backend-data-network-name                  |
|   vip_allocation_strategy            |                                            |
|     mode                             | ROUTES                                     |
| dhcp_enabled                         | True                                       |
| mtu                                  | 1500 bytes                                 |
| prefer_static_routes                 | False                                      |
| enable_vip_static_routes             | False                                      |
| license_type                         | LIC_CORES                                  |
| state_based_dns_registration         | True                                       |
| ip6_autocfg_enabled                  | False                                      |
| dns_resolution_on_se                 | False                                      |
| enable_vip_on_all_interfaces         | True                                       |
| tenant_ref                           | admin                                      |
| license_tier                         | ENTERPRISE_18                              |
| autoscale_polling_interval           | 60 seconds                                 |
+--------------------------------------+--------------------------------------------+
[admin:10-138-10-31]: > 

Note:

GCP Service Account needs to have a role with following permissions in all the VPC Projects:

Refer to Roles and Permissions (GCP Full Access) for more details.

VIP Route Priority

Currently, you can create routes to VIP in GCP with a default priority of 2000. However, you can configure the route priority.

You can only modify VIP route priority when there are no virtual services in the cloud, or all the virtual services are in disabled state.

Route priority can only be set if you chose Routes under VIPAllocationMode. All the newly created routes will be created with the new value of route_priority.

Document Revision History

Date Change Summary
January 31, 2023 Added 'Configuring GCP Cloud via UI' section for 22.1.3 release