The following figure depicts the branch-to-branch connectivity across regions:

In the above diagram, “ncc-west2-pri” is the hub VPC that is associated to the Network Connectivity Center hub where two subnets are created. The subnet 192.168.190.0/24 is associated to the “us-west2” region and the subnet 192.168.191.0/24 is associated to the “us-east1” region. The “host1” is located on the West coast of the United States, while the “host2” is located on the East coast. You must connect “host1” to “host2” over Google’s network.

Complete the following steps to create SD-WAN virtual Edge instances and cloud router in the “us-east1” region:

Procedure

  1. Create two SD-WAN virtual Edge instances. For instructions, refer to Google Cloud Platform Virtual Edge Deployment Guide.
  2. Log in to the VMware SD-WAN Orchestrator as an Enterprise user, and then add the two SD-WAN virtual Edge instances into a cluster. For instructions, refer to the “Configure Edge Clustering” section in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.
  3. From the Google Cloud Console, enable the VPC network global routing mode for the VPC “ncc-west2-pri”. For instructions, refer to Setting the VPC network dynamic routing mode.
  4. Allow relevant inbound traffic in the VPC “ncc-west2-pri”. For instructions, refer to Using firewall rules.
  5. From the Google Cloud shell, run the following command to create your Network Connectivity Center hub:
    gcloud alpha network-connectivity hubs create hub_name
  6. Run the following command to verify that the Network Connectivity Center hub is created successfully:
    gcloud alpha network-connectivity hubs list

    Following is the output you get when the hub is created successfully:

    [
      {
        "createTime": "2021-01-06T23:46:32.477781456Z",
        "description": "My first hub",
        "name": "projects/cloud-254004/locations/global/hubs/Hub1",
        "uniqueId": "0eed5bbe-758b-498a-b908-9c6c07c407c5",
        "updateTime": "2021-01-06T23:46:32.885414708Z"
      }
    ]
    
  7. Run the following command to verify that the two SD-WAN virtual Edge instances that you created in step 1 is running in the “us-east1” region:
    gcloud compute instances list
    gcloud compute instances list --filter=”name~’instance_name’”
    

    Following table lists the variable and its description:

    Variable Description Variable Name from Use Case
    instance_name Name of the SD-WAN virtual Edge instances that you created in step 1.
    • sdwan-edge1-east-vm
    • sdwan-edge2-east-vm

    Following is the output you get when the two SD-WAN virtual Edge instances are running in the “us-east1” region:

    NAME        ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP                                EXTERNAL_IP                   STATUS
    sdwan-edge1-east-vm  us-east1-b  n1-standard-4               192.168.158.3,192.168.159.3,192.168.191.2  198.51.100.0, 198.51.100.255  RUNNING
    sdwan-edge2-east-vm  us-east1-c  n1-standard-4               192.168.158.4,192.168.160.3,192.168.191.3  198.51.100.50, 198.51.100.75  RUNNING
    
  8. Run the following command to create your cloud router:
    gcloud beta compute routers create cloud_router_name --region my_region --network my_network --asn asn_value

    Following table lists the variable and its description:

    Variable Description Variable Name from Use Case
    cloud_router_name Name of your cloud router. CloudRouter4
    my_region Region that contains your cloud router. us-east1
    my_network Name of the VPC that contains your cloud router. ncc-west2-pri
    asn_value Autonomous System Number assigned to your cloud router. 65200
  9. Create two interfaces for your cloud router to configure High Availability.
    1. Run the following command to create the primary interface for your cloud router:
      gcloud beta compute routers add-interface cloud_router_name interface-name=interface1_name --subnetwork=subnet --region= my_region --ip-address=interface1_ip_address
    2. Run the following command to create the secondary interface for your cloud router:
      gcloud beta compute routers add-interface cloud_router_name interface-name=interface2_name --redundant-interface=interface1_name --subnetwork=subnet --region= my_region --ip-address=interface2_ip_address

      Following table lists the variable and its description:

      Variable Description Variable Name from Use Case
      cloud_router_name Name of your cloud router that you created in step 8. CloudRouter4
      interface1_name Name of the primary interface for your cloud router. ra-1-0
      interface2_name Name of the secondary interface for your cloud router. ra-1-1
      subnet Name of the subnet on which the cloud router is created. ncc-east1-pri-sub
      my_region Region that contains your cloud router. us-east1
      interface1_ip_address Internal IP address for the primary interface. 192.168.191.10
      interface2_ip_address Internal IP address for the secondary interface. 192.168.191.11
      Following are the sample commands:
      • For primary interface:
        gcloud beta compute routers add-interface cloudrouter4 --interface-name=ra-1-0 --subnetwork=ncc-east1-pri-sub --region=us-east1 –-ip-address=192.168.191.10
      • For secondary interface:
        gcloud beta compute routers add-interface cloudrouter4 --interface-name=ra-1-1 --redundant-interface=ra-1-0 --subnetwork=ncc-east1-pri-sub --region=us-east1 –-ip-address=192.168.191.11
  10. Create BGP peers on your cloud router. As you have created two interfaces for your cloud router, you must establish two BGP peering relationship for each of the SD-WAN virtual Edge instances that are running in the “us-east1” region.
    Run the following command to create BGP peers for your SD-WAN virtual Edge instances:
    gcloud beta compute routers add-bgp-peer cloud_router_name --peer-name peer_name --interface=interface_name --peer-ip-address=peer_ip_address --peer-asn=peer_asn --instance=instance_name --instance-zone=zone --region=region

    Following table lists the variable and its description:

    Variable Description Variable Name from Use Case
    cloud_router_name Name of your cloud router that you created in step 8. CloudRouter4
    peer_name Names of the BGP peering sessions.
    • ra-1-0-peer0
    • ra-1-1-peer0
    • ra-1-0-peer1
    • ra-1-1-peer1
    interface_name Name of the interfaces you created in step 9.
    • ra-1-0
    • ra-1-1
    peer_ip_address The IP address of the SD-WAN virtual Edge interface.
    • 192.168.191.2 (for sdwan-edge1-east-vm)
    • 192.168.191.3 (for sdwan-edge2-east-vm)
    peer_asn The peer Autonomous System Number assigned to your cloud router.
    • 65210 (for sdwan-edge1-east-vm)
    • 65211 (for sdwan-edge2-east-vm)
    instance_name The name of your SD-WAN virtual Edge instance.
    • sdwan-edge1-east-vm
    • sdwan-edge2-east-vm
    zone The zone where your SD-WAN virtual Edge instances are deployed.
    • us-east1-b (for sdwan-edge1-east-vm)
    • us-east1-c (for sdwan-edge2-east-vm)
    region The region where your SD-WAN virtual Edge instances are deployed. us-east-1
    Following are the BGP sessions that must be established:
    • One BGP session from the primary interface, ra-1-0 to the first SD-WAN virtual Edge instance, sdwan-edge1-east-vm.
      Sample command:
      gcloud beta compute routers add-bgp-peer cloudrouter4 --peer-name ra-1-0-peer0 --interface=ra-1-0 --peer-ip-address=192.168.191.2 --peer-asn=65210 --instance=sdwan-edge1-east-vm --instance-zone=us-east1-b --region=us-east1
    • One BGP session from the secondary interface, ra-1-1 to the first SD-WAN virtual Edge instance, sdwan-edge1-east-vm.
      Sample command:
      gcloud beta compute routers add-bgp-peer cloudrouter4 --peer-name ra-1-1-peer0 --interface=ra-1-1 --peer-ip-address=192.168.191.2 --peer-asn=65210 --instance=sdwan-edge1-east-vm --instance-zone=us-east1-b --region=us-east1
    • One BGP session from the primary interface, ra-1-0 to the second SD-WAN virtual Edge instance, sdwan-edge2-east-vm.
      Sample command:
      gcloud beta compute routers add-bgp-peer cloudrouter4 --peer-name ra-1-0-peer1 --interface=ra-1-0 --peer-ip-address=192.168.191.3 --peer-asn=65211 --instance=sdwan-edge2-east-vm --instance-zone=us-east1-c --region=us-east1
    • One BGP session from the secondary interface, ra-1-1 to the second SD-WAN virtual Edge instance, sdwan-edge2-east-vm.
      Sample command:
      gcloud beta compute routers add-bgp-peer cloudrouter4 --peer-name ra-1-1-peer1 --interface=ra-1-1 --peer-ip-address=192.168.191.3 --peer-asn=65211 --instance=sdwan-edge2-east-vm --instance-zone=us-east1-c --region=us-east1
  11. Add the SD-WAN Virtual Edge instances as spokes to the Network Connectivity Center Hub.
    1. Run the following command to collect the Universal Resource Identifier (URI) of the Network Connectivity Center Hub:
      gcloud alpha network-connectivity hubs list

      Following is the output that appears when you run the above command:

      [
        {
          "createTime": "2021-01-06T23:46:32.477781456Z",
          "description": "My first hub",
          "name": "projects/cloud-254004/locations/global/hubs/ Hub1",
          "uniqueId": "0eed5bbe-758b-498a-b908-9c6c07c407c5",
          "updateTime": "2021-01-06T23:46:32.885414708Z"
        }
      ]
      
    2. Run the following command to collect the URI of the SD-WAN virtual Edge instances:
      gcloud compute instances list --uri --filter="name~'sdwan'"

      Following is the output that appears when you run the above command:

      https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-b/instances/sdwan-edge1-east-vm
      https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-c/instances/sdwan-edge2-east-vm
      
    3. Run the following command to create Spokes for the SD-WAN virtual Edge instances:
      gcloud alpha network-connectivity spokes create instance_name --hub=hub_URI --router-appliance=instance=”instance_URI”,ip=”instance_interface_ip” --region=region

      Following table lists the variable and its description:

      Variable Description Variable Name from Use Case
      instance_name The name of your SD-WAN virtual Edge instance.
      • sdwan-edge1-east-vm
      • sdwan-edge2-east-vm
      hub_URI The URI of the Network Connectivity Center Hub that you collected in step 11 (a). https://networkconnectivity.googleapis.com/compute/v1/projects/cloud-254004/locations/global/hubs/Hub1
      interface_URI The URI of the SD-WAN virtual Edge instances that you collected in step 11 (b).
      • https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-b/instances/sdwan-edge1-east-vm
      • https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-c/instances/sdwan-edge2-east-vm
      instance_interface_ip The IP address of the SD-WAN virtual Edge instances.
      • 192.168.191.2 (for sdwan-edge1-east-vm)
      • 192.168.191.3 (for sdwan-edge2-east-vm)
      region The region where your SD-WAN virtual Edge instances are deployed. us-east-1
      Following are the sample commands:
      • For sdwan-edge1-east-vm:
        gcloud alpha network-connectivity spokes create sdwan-edge1-east-vm --hub=https://networkconnectivity.googleapis.com/v1/projects/cloud-254004/locations/global/hubs/Hub1 --router-appliance=instance=”https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-b/instances/sdwan-edge1-east-vm”,ip=”192.168.191.2” --region=us-east1
      • For sdwan-edge2-east-vm:
        gcloud alpha network-connectivity spokes create sdwan-edge2-east-vm --hub=https:// networkconnectivity.googleapis.com/v1/projects/cloud-254004/locations/global/hubs/Hub1 --router-appliance=instance=”https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-c/instances/sdwan-edge2-east-vm”,ip=”192.168.191.3” --region=us-east1
  12. Configure BGP on SD-WAN virtual Edge instances, sdwan-edge1-east-vm and sdwan-edge2-east-vm.
    Note: It is recommended that you configure a static internal IP address for your SD-WAN virtual Edge instance so that the IP address does not change every time you reboot the instance. For instructions, refer to Reserving a static internal IP address.
    1. From the Google Cloud Console, retrieve the private interface IP address of SD-WAN virtual Edge instances.
    2. Log in to the SD-WAN Orchestrator as an Enterprise user, and then assign the private interface IP address that you retrieved from the Google Cloud Console to the SD-WAN virtual Edge instances, sdwan-edge1-east-vm and sdwan-edge2-east-vm. For instructions, refer to the “Configure Interface Settings” section in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.
    3. Configure BGP for SD-WAN virtual Edge instances, sdwan-edge1-east-vm and sdwan-edge2-east-vm. For instructions, refer to the “Configure BGP” section in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.
  13. Verify that the four BGP sessions that you configured in step 10 are established in the SD-WAN Orchestrator. For instructions, refer to the “Monitor BGP Edge Neighbor State” section in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.
  14. Repeat steps 1-13 to create SD-WAN virtual Edge instances and cloud router in the “us-west2” region.

What to do next

Run a ping test to verify the connection between the SD-WAN virtual Edge instances and cloud routers across the two regions—“us-east1” and “us-west2”. For instructions, refer to the “Ping Test” section in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.