{GCP VPC} VPC ネットワーク ピアリングを使用する

GCP

 

Google Cloud VPC ネットワーク ピアリングでは、
2 つの Virtual Private Cloud(VPC)ネットワークが同じプロジェクトまたは同じ組織に属しているかにかかわらず、
内部 IP アドレス接続できます。


https://cloud.google.com/vpc/docs/using-vpc-peering?hl=ja#console

https://christina04.hatenablog.com/entry/gcp-vpc-peering


異なるプロジェクトにそれぞれVPCを作成し、疎通確認

 

-- 1. 前作業

gcloud init
gcloud auth list

gcloud --version

gcloud projects create project01-9999999 \
--name="project01"

gcloud config list
gcloud config set project project01-9999999
gcloud config set compute/region asia-northeast1 --quiet
gcloud config set compute/zone asia-northeast1-a --quiet

gcloud beta billing accounts list
gcloud beta billing projects link project01-9999999 --billing-account=111111-111111-111111

gcloud services enable compute.googleapis.com --project project01-9999999

gcloud components update

 


gcloud projects create project02-9999999 \
--name="project02"

gcloud beta billing projects link project02-9999999 --billing-account=111111-111111-111111
gcloud services enable compute.googleapis.com --project project02-9999999

gcloud projects list


-- 2. VPCとサブネット作成

 

gcloud compute networks create vpc01 \
--project=project01-9999999 \
--subnet-mode=custom \
--mtu=1460 \
--bgp-routing-mode=regional

gcloud compute networks create vpc02 \
--project=project02-9999999 \
--subnet-mode=custom \
--mtu=1460 \
--bgp-routing-mode=regional

gcloud compute networks list \
--project=project01-9999999

gcloud compute networks list \
--project=project02-9999999


gcloud compute networks subnets create subnet01 \
--project=project01-9999999 \
--range=10.0.1.0/24 \
--stack-type=IPV4_ONLY \
--network=vpc01 \
--region=asia-northeast1

gcloud compute networks subnets create subnet02 \
--project=project02-9999999 \
--range=10.0.2.0/24 \
--stack-type=IPV4_ONLY \
--network=vpc02 \
--region=asia-northeast1

gcloud compute networks subnets list \
--project=project01-9999999

gcloud compute networks subnets list \
--project=project02-9999999


-- 3. ファイアウォールルール作成

gcloud compute firewall-rules create fw01 \
--project=project01-9999999 \
--network vpc01 \
--allow tcp:22,tcp:3389,icmp

gcloud compute firewall-rules create fw02 \
--project=project02-9999999 \
--network vpc02 \
--allow tcp:22,tcp:3389,icmp


gcloud compute firewall-rules create fw11 \
--project=project01-9999999 \
--network vpc01 \
--allow icmp \
--source-ranges 10.0.2.0/24

gcloud compute firewall-rules create fw12 \
--project=project02-9999999 \
--network vpc02 \
--allow icmp \
--source-ranges 10.0.1.0/24


gcloud compute firewall-rules list \
--project=project01-9999999

gcloud compute firewall-rules list \
--project=project02-9999999

 

-- 4. vmインスタンス作成


gcloud compute instances create vm01 \
--project=project01-9999999 \
--machine-type=e2-micro \
--image-project=centos-cloud \
--image=centos-7-v20221004 \
--provisioning-model=SPOT \
--instance-termination-action=DELETE \
--network=vpc01 \
--subnet=subnet01 \
--zone=asia-northeast1-a

gcloud compute instances create vm02 \
--project=project02-9999999 \
--machine-type=e2-micro \
--image-project=centos-cloud \
--image=centos-7-v20221004 \
--provisioning-model=SPOT \
--instance-termination-action=DELETE \
--network=vpc02 \
--subnet=subnet02 \
--zone=asia-northeast1-a

gcloud compute instances list \
--project=project01-9999999

gcloud compute instances list \
--project=project02-9999999

 

-- 5. 動作確認(PCネットワークピアリング作成前)

ping通信できないことを確認

gcloud compute ssh vm01 \
--project=project01-9999999

gcloud compute ssh vm02 \
--project=project02-9999999

ping 10.0.2.2

ping 10.0.1.2


-- 6. VPCネットワークピアリング作成

両方向作成する必要あり


gcloud compute networks peerings create peer01to02 \
--project=project01-9999999 \
--network=vpc01 \
--peer-project project02-9999999 \
--peer-network vpc02 \
--import-custom-routes \
--export-custom-routes \
--import-subnet-routes-with-public-ip \
--export-subnet-routes-with-public-ip

gcloud compute networks peerings create peer02to01 \
--project=project02-9999999 \
--network=vpc02 \
--peer-project project01-9999999 \
--peer-network vpc01 \
--import-custom-routes \
--export-custom-routes \
--import-subnet-routes-with-public-ip \
--export-subnet-routes-with-public-ip

gcloud compute networks peerings list \
--project=project01-9999999

gcloud compute networks peerings list \
--project=project02-9999999

 

gcloud compute networks peerings list-routes peer01to02 \
--project=project01-9999999 \
--network=vpc01 \
--region=asia-northeast1 \
--direction=INCOMING

gcloud compute networks peerings list-routes peer01to02 \
--project=project01-9999999 \
--network=vpc01 \
--region=asia-northeast1 \
--direction=OUTGOING

gcloud compute networks peerings list-routes peer02to01 \
--project=project02-9999999 \
--network=vpc02 \
--region=asia-northeast1 \
--direction=INCOMING

gcloud compute networks peerings list-routes peer02to01 \
--project=project02-9999999 \
--network=vpc02 \
--region=asia-northeast1 \
--direction=OUTGOING

 


-- 7. 動作確認(PCネットワークピアリング作成後)


ping通信できることを確認


gcloud compute ssh vm01 \
--project=project01-9999999

gcloud compute ssh vm02 \
--project=project02-9999999

ping 10.0.2.2

ping 10.0.1.2


-- 8. クリーンアップ

gcloud projects list

gcloud projects delete project01-9999999

gcloud projects delete project02-9999999