This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Understanding HA VPN

Posted on 07-28-2023 04:04 AM
Thomasaw
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi,
I am training to understand HA VPN.

I guess HA VPN includes route-based but I could not find any descriptions on any documents.
Does someone know HA VPN is a route-based or policy-based?
Then please show me document links if you know.

■Documents
https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview#vpn-types

regards,

Solved Solved
1 10 1,450
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
kumards
Staff
Reply posted on --/--/---- --:-- AM

Hi @Thomasaw , HA VPN uses BGP for dynamic routing. You might find this documentation relevant/useful:  https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#routing-op....

View solution in original post

Jump to Solution
10 REPLIES 10

Posted on --/--/---- --:-- AM
kumards
Staff
Reply posted on --/--/---- --:-- AM

Hi @Thomasaw , HA VPN uses BGP for dynamic routing. You might find this documentation relevant/useful:  https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#routing-op....

Jump to Solution

Posted on --/--/---- --:-- AM
Thomasaw
Bronze 5
Bronze 5
In response to kumards
Reply posted on --/--/---- --:-- AM

Hi @kumards ,

Thank you for your reply.

 

I saw it and it helped me but I have some problems.

I know a concept between on-prem and HA VPN seems to be different.

 

Standing at GCP, I would not pay attention to create HA VPN,

But as well as on-prem, I think I should take care whether policy-based or route-based.

BGP would be clear that trouble?

 

Best regards,

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
alexmoore
Staff
In response to Thomasaw
Reply posted on --/--/---- --:-- AM

HA VPN requires your on premies VPN gateway device support BGP dynamic routing, there is a nice table that compares the options here:

https://cloud.google.com/network-connectivity/docs/vpn/concepts/choosing-networks-routing#ts-tun-rou...

Hope that helps.

Jump to Solution

Posted on --/--/---- --:-- AM
Thomasaw
Bronze 5
Bronze 5
In response to alexmoore
Reply posted on --/--/---- --:-- AM

Hi @alexmoore ,

Thanks for your an additional assist.

I understood that the table is all about the tunnel routing.

It also helps me a lot.

Best regards,

Jump to Solution

Posted on --/--/---- --:-- AM
kumards
Staff
Reply posted on --/--/---- --:-- AM

Hi @Thomasaw , I think yes, but I'll let a networking expert on this forum chime in to confirm.

Jump to Solution

Posted on --/--/---- --:-- AM
Thomasaw
Bronze 5
Bronze 5
In response to kumards
Reply posted on --/--/---- --:-- AM

Hi @kumards ,

Thank you for confirming it. How kind you are.

This is just my studying, but I am happy with your help.

Please let me know if you get another information.

 

Best regards,

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
jameshatt
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

HA VPN stands for High Availability Virtual Private Network. It is a type of virtual private network (VPN) setup that provides redundancy and ensures continuous connectivity between on-premises networks and cloud resources. HA VPN is typically used in cloud environments, like Google Cloud Platform (GCP), to create a secure and reliable connection between an organization's data center or on-premises network and resources hosted in the cloud.

Here are some key aspects of HA VPN:

  1. Redundancy: HA VPN is designed to be highly available and fault-tolerant. It achieves this by setting up redundant connections between the on-premises network and the cloud environment. If one connection fails, traffic automatically fails over to the backup connection, ensuring continuous connectivity.

  2. Load Balancing: HA VPN can leverage load balancing to distribute traffic across multiple VPN tunnels, optimizing performance and preventing overload on a single tunnel.

  3. VPN Tunnels: In HA VPN, multiple IPsec VPN tunnels are established between the on-premises VPN gateway and the cloud VPN gateway. Each tunnel is associated with a unique public IP address

Jump to Solution

Posted on --/--/---- --:-- AM
Thomasaw
Bronze 5
Bronze 5
In response to jameshatt
Reply posted on --/--/---- --:-- AM

Hi @jameshatt ,

Thank you for replying.

I made it clear BGP helps a redundancy of HA VPN and why HA VPN uses BGP.

It seems to be efficient to connect between cloud and on-prem.

 

Thank you again

Best regards,

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
In response to Thomasaw
Reply posted on --/--/---- --:-- AM

Hi @Thomasaw ,

In addition to @jameshatt answer, as HA VPN uses BGP,  it helps achieve a high level of reliability, scalability and automatic failover  in the VPN connection between on-premises networks and GCP. This also adds the following :

Scalability - With BGP, this is well suited for GCP's infrastructure to handle large and complex networks. HA VPN will also scare accordingly, making sure that VPN connectivity remains stable and reliable.

Interoperability - BGP's popularity in different networks and its support in HA VPN make it easy for organizations to connect their on-premises networks to GCP without complex configuration changes.

GCP's HA VPN with BGP provides a reliable and scalable network connection, ensuring automatic failover, load balancing, and easy integration with your on-premises network. It's an excellent choice for organizations seeking dependable VPN connectivity to GCP resources.

Jump to Solution

Posted on --/--/---- --:-- AM
Thomasaw
Bronze 5
Bronze 5
In response to Marvin_Lucero
Reply posted on --/--/---- --:-- AM

Hi @Marvin_Lucero ,

 

That is a brief and also helpful advice.

I appreciate that your kind reply.

 

Best regards,

Jump to Solution