Complete the following steps using Google's Command Line Interface (CLI) and VMware SD-WAN Orchestrator to create SD-WAN virtual Edge instances and cloud router in the “us-east1” region:

Procedure

  1. Create two SD-WAN virtual Edge instances. For instructions, refer to Google Cloud Platform Virtual Edge Deployment Guide.
  2. Log in to the SD-WAN Orchestrator as an Enterprise user, and then add the two SD-WAN virtual Edge instances into a cluster. For instructions, refer to the Configure Edge Clustering topic in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.
  3. From the Google Cloud Console, activate the VPC network global routing mode for the VPC “ncc-west2-pri”. For instructions, refer to Setting the VPC network dynamic routing mode.
  4. Allow relevant inbound traffic in the VPC “ncc-west2-pri”. For instructions, refer to Using firewall rules.
  5. From the Google Cloud shell, run the following command to create your Network Connectivity Center hub: 
    gcloud network-connectivity hubs create hub_name
  6. Run the following command to verify that the two SD-WAN virtual Edge instances that you created in step 1 are running in the “us-east1” region: 
    gcloud compute instances list
gcloud compute instances list --filter=”name~’instance_name’”

    Following table lists the variable and its description:

    Variable Description Variable Name from Use Case
    instance_name Name of the SD-WAN virtual Edge instances that you created in step 1.
    • sdwan-edge1-east-vm
    • sdwan-edge2-east-vm

    Following is the output you get when the two SD-WAN virtual Edge instances are running in the “us-east1” region:

    NAME        ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP                                EXTERNAL_IP                   STATUS
sdwan-edge1-east-vm  us-east1-b  n1-standard-4               192.168.158.3,192.168.159.3,192.168.191.2  198.51.100.0, 198.51.100.255  RUNNING
sdwan-edge2-east-vm  us-east1-c  n1-standard-4               192.168.158.4,192.168.160.3,192.168.191.3  198.51.100.50, 198.51.100.75  RUNNING
  7. Add the SD-WAN Virtual Edge instances as spokes to the Network Connectivity Center Hub.
    1. Run the following command to collect the Universal Resource Identifier (URI) of the Network Connectivity Center Hub: 
      gcloud network-connectivity hubs describe <hub_name>

      Following is the output that appears when you run the above command:

      [
  {
    "createTime": "2021-01-06T23:46:32.477781456Z",
    "description": "My first hub",
    "name": "projects/cloud-254004/locations/global/hubs/ncc-hub",
    "uniqueId": "0eed5bbe-758b-498a-b908-9c6c07c407c5",
    "updateTime": "2021-01-06T23:46:32.885414708Z"
  }
]
    2. Run the following command to collect the URI of the SD-WAN virtual Edge instances: 
      gcloud compute instances list --uri --filter="name~'sdwan'"

      Following is the output that appears when you run the above command:

      https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-b/instances/sdwan-edge1-east-vm
https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-c/instances/sdwan-edge2-east-vm
    3. Run the following command to create Spokes for the SD-WAN virtual Edge instances: 
      gcloud network-connectivity spokes linked-router-appliances create instance_name --hub=hub_URI --router-appliance=instance=”instance_URI”,ip=”instance_interface_ip” --region=region --site-to-site-data-transfer

      Following table lists the variable and its description:

      Variable Description Variable Name from Use Case
      instance_name The name of your SD-WAN virtual Edge instance.
      • sdwan-edge1-east-vm
      • sdwan-edge2-east-vm
      hub_URI The URI of the Network Connectivity Center Hub that you collected in step 7 (a). https://networkconnectivity.googleapis.com/compute/v1/projects/cloud-254004/locations/global/hubs/Hub1
      instance_URI The URI of the SD-WAN virtual Edge instances that you collected in step 7 (b).
      • https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-b/instances/sdwan-edge1-east-vm
      • https://www.googleapis.com/compute/v1/projects/cloud-254004/zones/us-east1-c/instances/sdwan-edge2-east-vm
      instance_interface_ip The IP address of the SD-WAN virtual Edge instances.
      • 192.168.191.2 (for sdwan-edge1-east-vm)
      • 192.168.191.3 (for sdwan-edge2-east-vm)
      region The region where your SD-WAN virtual Edge instances are deployed. us-east-1
      Following are the sample commands:
      • For sdwan-edge1-east-vm:
        gcloud network-connectivity spokes linked-router-appliances create sdwan-edge1-east-vm --hub=https://www.googleapis.com/networkconnectivity/v1/projects/cloud-254004/locations/global/hubs/ncc-hub --router-appliance=instance=https://www.googleapis.com/compute/v1/projects/multicloud-254004/zones/us-east1-b/instances/sdwan-edge1-east-vm,ip=192.168.191.2 --region=us-east1 --site-to-site-data-transfer
      • For sdwan-edge2-east-vm:
        gcloud network-connectivity spokes linked-router-appliances create sdwan-edge2-east-vm --hub=https://www.googleapis.com/networkconnectivity/v1/projects/cloud-254004/locations/global/hubs/ncc-hub --router-appliance=instance=https://www.googleapis.com/compute/v1/projects/multicloud-254004/zones/us-east1-c/instances/sdwan-edge2-east-vm,ip=192.168.191.3 --region=us-east1 --site-to-site-data-transfer
  8. Run the following command to create your cloud router: 
    gcloud compute routers create cloud_router_name --region=my_region --network=my_network --asn=asn_value --project=my_project

    Following table lists the variable and its description:

    Variable Description Variable Name from Use Case
    cloud_router_name Name of your cloud router. CloudRouter4
    my_region Region that contains your cloud router. us-east1
    my_network Name of the VPC that contains your cloud router. ncc-west2-pri
    asn_value Autonomous System Number assigned to your cloud router. 65200
    my_project The project ID for the cloud router. cloud-254004
  9. Create two interfaces for your cloud router to configure High Availability.
    1. Run the following command to create the primary interface for your cloud router: 
      gcloud compute routers add-interface cloud_router_name --interface-name=interface1_name --ip-address=interface1_ip_address --subnetwork=subnet --region=my_region --project=my_project
    2. Run the following command to create the secondary interface for your cloud router: 
      gcloud compute routers add-interface cloud_router_name --interface-name=interface2_name --ip-address=interface2_ip_address --redundant-interface=interface1_name --subnetwork=subnet --region=my_region --project=my_project

      Following table lists the variable and its description:

      Variable Description Variable Name from Use Case
      cloud_router_name Name of your cloud router that you created in step 8. CloudRouter4
      interface1_name Name of the primary interface for your cloud router. ra-1-0
      interface2_name Name of the secondary interface for your cloud router. ra-1-1
      subnet Name of the subnet on which the cloud router is created. ncc-east1-pri-sub
      my_region Region that contains your cloud router. us-east1
      interface1_ip_address Internal IP address for the primary interface. 192.168.191.10
      interface2_ip_address Internal IP address for the secondary interface. 192.168.191.11
      my_project The project ID for the cloud router. cloud-254004
      Following are the sample commands:
      • For primary interface:
        gcloud compute routers add-interface cloudrouter4 --interface-name=ra-1-0 –-ip-address=192.168.191.10 --subnetwork=ncc-east1-pri-sub --region=us-east1 --project=cloud-254004
      • For secondary interface:
        gcloud compute routers add-interface cloudrouter4 --interface-name=ra-1-1 –-ip-address=192.168.191.11 --subnetwork=ncc-east1-pri-sub --redundant-interface=ra-1-0 --region=us-east1 --project=cloud-254004
  10. Create BGP peers on your cloud router. As you have created two interfaces for your cloud router, you must establish two BGP peering relationship for each of the SD-WAN virtual Edge instances that are running in the “us-east1” region.
    Run the following command to create BGP peers for your SD-WAN virtual Edge instances: 
    gcloud compute routers add-bgp-peer cloud_router_name --peer-name=peer_name --interface=interface_name --peer-ip-address=peer_ip_address --peer-asn=peer_asn --instance=instance_name --instance-zone=zone --region=region

    Following table lists the variable and its description:

    Variable Description Variable Name from Use Case
    cloud_router_name Name of your cloud router that you created in step 8. CloudRouter4
    peer_name Names of the BGP peering sessions.
    • ra-1-0-peer0
    • ra-1-1-peer0
    • ra-1-0-peer1
    • ra-1-1-peer1
    interface_name Name of the interfaces you created in step 9.
    • ra-1-0
    • ra-1-1
    peer_ip_address The IP address of the SD-WAN virtual Edge interface.
    • 192.168.191.2 (for sdwan-edge1-east-vm)
    • 192.168.191.3 (for sdwan-edge2-east-vm)
    peer_asn The peer Autonomous System Number assigned to your cloud router.
    • 65210 (for sdwan-edge1-east-vm)
    • 65211 (for sdwan-edge2-east-vm)
    instance_name The name of your SD-WAN virtual Edge instance.
    • sdwan-edge1-east-vm
    • sdwan-edge2-east-vm
    zone The zone where your SD-WAN virtual Edge instances are deployed.
    • us-east1-b (for sdwan-edge1-east-vm)
    • us-east1-c (for sdwan-edge2-east-vm)
    region The region where your SD-WAN virtual Edge instances are deployed. us-east-1
    Following are the BGP sessions that must be established:
    • One BGP session from the primary interface, ra-1-0 to the first SD-WAN virtual Edge instance, sdwan-edge1-east-vm.
      Sample command: 
      gcloud compute routers add-bgp-peer cloudrouter4 --peer-name=ra-1-0-peer0 --interface=ra-1-0 --peer-ip-address=192.168.191.2 --peer-asn=65210 --instance=sdwan-edge1-east-vm --instance-zone=us-east1-b --region=us-east1
    • One BGP session from the secondary interface, ra-1-1 to the first SD-WAN virtual Edge instance, sdwan-edge1-east-vm.
      Sample command: 
      gcloud compute routers add-bgp-peer cloudrouter4 --peer-name=ra-1-1-peer0 --interface=ra-1-1 --peer-ip-address=192.168.191.2 --peer-asn=65210 --instance=sdwan-edge1-east-vm --instance-zone=us-east1-b --region=us-east1
    • One BGP session from the primary interface, ra-1-0 to the second SD-WAN virtual Edge instance, sdwan-edge2-east-vm.
      Sample command: 
      gcloud compute routers add-bgp-peer cloudrouter4 --peer-name=ra-1-0-peer1 --interface=ra-1-0 --peer-ip-address=192.168.191.3 --peer-asn=65211 --instance=sdwan-edge2-east-vm --instance-zone=us-east1-c --region=us-east1
    • One BGP session from the secondary interface, ra-1-1 to the second SD-WAN virtual Edge instance, sdwan-edge2-east-vm.
      Sample command: 
      gcloud compute routers add-bgp-peer cloudrouter4 --peer-name=ra-1-1-peer1 --interface=ra-1-1 --peer-ip-address=192.168.191.3 --peer-asn=65211 --instance=sdwan-edge2-east-vm --instance-zone=us-east1-c --region=us-east1
  11. Configure BGP on SD-WAN virtual Edge instances, sdwan-edge1-east-vm and sdwan-edge2-east-vm.
    Note: It is recommended that you configure a static internal IP address for your SD-WAN virtual Edge instance so that the IP address does not change every time you reboot the instance. For instructions, refer to Reserving a static internal IP address.
    1. From the Google Cloud Console, retrieve the private interface IP address of SD-WAN virtual Edge instances.
    2. Log in to the SD-WAN Orchestrator as an Enterprise user, and then assign the private interface IP address that you retrieved from the Google Cloud Console to the SD-WAN virtual Edge instances, sdwan-edge1-east-vm and sdwan-edge2-east-vm. For instructions, refer to the Configure Interface Settings topic in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.
    3. Configure BGP for SD-WAN virtual Edge instances, sdwan-edge1-east-vm and sdwan-edge2-east-vm. For instructions, refer to the Configure BGP topic in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.
  12. Verify that the four BGP sessions that you configured in step 10 are established in the SD-WAN Orchestrator. For instructions, refer to the Monitor BGP Edge Neighbor State section in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.
  13. Repeat steps 1-13 to create SD-WAN virtual Edge instances and cloud router in the “us-west2” region.

What to do next

Run a ping test to verify the connection between the SD-WAN virtual Edge instances and cloud routers across the two regions—“us-east1” and “us-west2”. For instructions, refer to the Ping Test topic in the VMware SD-WAN Administration Guide available at VMware SD-WAN Documentation.