Done and click a create button.

In the end, for the testing purpose, we need to open ICMP and for access to the VM instances, SSH  will be needed. Consequently, let’s create our Firewall rules.

We are very close to the cloud VPN creation steps. There is one more thing we have to create. VM instances. As you know it’s pretty simple.
Because of the test environment, I choose the F1-micro machine type and assign each vm-instance to the proper VPC network.

name — web-server-cloud
machine type — f1-micro
region — us1-west1
zone — us1-west1-b
network — google-cloud-vpc
subnetwork — web-server-subnet

name — application-server-on-prem
machine type — f1-micro
region — us1-east1
zone — us1-east1-b
network — equinix-data-center
subnetwork — application-server-subnet

For the testing purpose, if you ping from web-server to the application server’s internal IP address, you will observe a 100% packet loss.  Let’s test it.

It’s time to create a cloud VPN connectivity. Let’s do it step by step. From the dashboard go to the Networking ——> Hybrid Connectivity——> Cloud Routers and
Click the create router button.
Name — google-cloud-router
Network — google-cloud-vpc
Region — us-west1
Google Asn — 65001

Create an on-prem router.
Name — equinix-data-center-router
Network — equinix-data-center
Region — us-east1
Google Asn — 65002

For each router, we need a static IP address. For that reason let’s do some reservations. Go to the VPC networks and click on External IP addresses. On top of the page click on a reserve static address button and fill the required field.

Name — google-cloud-router-external
Region — us-west1
click a reserve button.

Name — equinix-data-center-router-external
Region — us-east1
click a reserve button.

Let’s take note of these public IP addresses because we are going to use them soon.

Now we can create a vpn connection. Go to the Networking —–> Hybrid Connectivity—->VPN and create a VPN connection. Hit a Classic VPN and continue.

Name — vpn-1-cloud
Network — google-cloud-vpc
Region — us-west1
Ip address — google-cloud-router-external (35.227.150.249)

Tunnels
name — vpn-1-tunnel-1-cloud
Remote peer IP address — 35.243.213.42
IKE pre-shared key — cloudvpn@
Routin options Dynamic BGP
Cloud Router — google-cloud-router

Click on a pencil icon right next to the BGP session.
Name — bgp-cloud-to-on-prem
Peer ASN — 65002

Let’s do the same configurations on-prem side.

Name — vpn-1-equinix-on-prem
Network — equinix-data-center
Region — us-east1
Ip address — equinix-data-center-router-external (35.243.213.42)

Tunnels
name — vpn-1-tunnel-1-on-prem
Remote peer IP address — 35.227.150.249
IKE pre-shared key — cloudvpn@
Routing options Dynamic BGP
Cloud Router — equinix-data-center-router

Click on a pencil icon right next to the BGP session.
Name — bgp-on-prem-to-cloud
Peer ASN — 65001

After we completed each side’s configuration, the BGP session and tunnel comes up.

In addition, from the vpc routes, if you check a dynamic section, web and app subnets are being exchanged and web and app can ping their internal ip addresses. Furthermore, if you create an additional vm instance on each side or one side, that new subnet automatically will be advertised via the BGP.

I hope this documentation will be helpful for you and thanks for reading.

Author-  Kamil Rasulov CCIE#53983