https://www.cloudskillsboost.google/focuses/59362?locale=ja&parent=catalog
-- 1. 前作業
gcloud init
gcloud auth list
gcloud --version
gcloud projects create project01-9999999 \
--name="project01"
gcloud config list
gcloud config set project project01-9999999
gcloud config set compute/region asia-northeast1 --quiet
gcloud config set compute/zone asia-northeast1-a --quiet
gcloud beta billing accounts list
gcloud beta billing projects link project01-9999999 --billing-account=111111-111111-111111
gcloud services enable compute.googleapis.com --project project01-9999999
gcloud components update
-- 2. vpc01 の作成
gcloud compute networks create vpc01 \
--subnet-mode custom
gcloud compute firewall-rules create fw01 \
--network vpc01 \
--allow tcp:22,tcp:5001,udp:5001,icmp
gcloud compute networks subnets create subnet01 \
--network vpc01 \
--range 10.0.1.0/24 \
--region us-west1
gcloud compute networks list
gcloud compute firewall-rules list
gcloud compute networks subnets list
-- 3. vpc02 の作成
gcloud compute networks create vpc02 \
--subnet-mode custom
gcloud compute firewall-rules create fw02 \
--network vpc02 \
--allow tcp:22,tcp:5001,udp:5001,icmp
gcloud compute networks subnets create subnet02 \
--network vpc02 \
--range 192.168.1.0/24 \
--region us-west2
gcloud compute networks list
gcloud compute firewall-rules list
gcloud compute networks subnets list
gcloud compute target-vpn-gateways create gw01 \
--network vpc01 \
--region us-west1
gcloud compute target-vpn-gateways create gw02 \
--network vpc02 \
--region us-west2
gcloud compute target-vpn-gateways list
-- 5. ローカル ネットワークと GCP ネットワーク間のルートベースの VPN トンネルの作成
gcloud compute addresses create address01 --region us-west1
gcloud compute addresses create address02 --region us-west2
gcloud compute addresses list
gwip01=$(gcloud compute addresses describe address01 \
--region us-west1 \
--format='value(address)')
gwip02=$(gcloud compute addresses describe address02 \
--region us-west2 \
--format='value(address)')
echo ${gwip01}
echo ${gwip02}
-- 5.2 転送ルールを作成
gcloud compute forwarding-rules create fr01-esp \
--ip-protocol ESP \
--address $gwip01 \
--target-vpn-gateway gw01 \
--region us-west1
gcloud compute forwarding-rules create fr01-udp500 \
--ip-protocol UDP \
--ports 500 \
--address $gwip01 \
--target-vpn-gateway gw01 \
--region us-west1
gcloud compute forwarding-rules create fr01-udp4500 \
--ip-protocol UDP \
--ports 4500 \
--address $gwip01 \
--target-vpn-gateway gw01 \
--region us-west1
gcloud compute forwarding-rules create fr02-esp \
--ip-protocol ESP \
--address $gwip02 \
--target-vpn-gateway gw02 \
--region us-west2
gcloud compute forwarding-rules create fr02-udp500 \
--ip-protocol UDP \
--ports 500 \
--address $gwip02 \
--target-vpn-gateway gw02 \
--region us-west2
gcloud compute forwarding-rules create fr02-udp4500 \
--ip-protocol UDP \
--ports 4500 \
--address $gwip02 \
--target-vpn-gateway gw02 \
--region us-west2
gcloud compute forwarding-rules list
-- 5.3 VPN トンネルを作成
gcloud compute vpn-tunnels create tunnel01 \
--peer-address $gwip02 \
--target-vpn-gateway gw01 \
--ike-version 2 \
--local-traffic-selector 0.0.0.0/0 \
--remote-traffic-selector 0.0.0.0/0 \
--shared-secret=secret01 \
--region us-west1
gcloud compute vpn-tunnels create tunnel02 \
--peer-address $gwip01 \
--target-vpn-gateway gw02 \
--ike-version 2 \
--local-traffic-selector 0.0.0.0/0 \
--remote-traffic-selector 0.0.0.0/0 \
--shared-secret=secret01 \
--region us-west2
gcloud compute vpn-tunnels list
-- 5.4 ルートを追加
gcloud compute routes create rt01 \
--destination-range 192.168.1.0/24 \
--network vpc01 \
--next-hop-vpn-tunnel tunnel01 \
--next-hop-vpn-tunnel-region us-west1
gcloud compute routes create rt02 \
--destination-range 10.0.1.0/24 \
--network vpc02 \
--next-hop-vpn-tunnel tunnel02 \
--next-hop-vpn-tunnel-region us-west2
gcloud compute routes list
-- 6.1 仮想マシンを作成
gcloud compute instances create vm01 \
--zone us-west1-a \
--machine-type e2-standard-4 \
--subnet subnet01 \
--image-family debian-11 \
--image-project debian-cloud \
--boot-disk-size 10 \
--boot-disk-type pd-standard \
--boot-disk-device-name vm01
gcloud compute instances create vm02 \
--zone us-west2-a \
--machine-type e2-standard-4 \
--subnet subnet02 \
--image-family debian-11 \
--image-project debian-cloud \
--boot-disk-size 10 \
--boot-disk-type pd-standard \
--boot-disk-device-name vm02
gcloud compute instances list
-- 6.2 コマンドインストール
gcloud compute ssh vm01 --zone us-west1-a
cat /etc/os-release
sudo apt-get install iperf
iperf -s -i 5
gcloud compute ssh vm02 --zone us-west2-a
cat /etc/os-release
sudo apt-get install iperf
iperf -s -i 5
-- 6.3 vm01 でiperfクライアント実行
gcloud compute ssh vm01 --zone us-west1-a
cat /etc/os-release
iperf -c 192.168.1.2 -P 20 -x C
-- 7. クリーンアップ
gcloud compute instances delete vm01 --zone us-west1-a --quiet
gcloud compute instances delete vm02 --zone us-west2-a --quiet
gcloud compute vpn-tunnels delete tunnel01 --region us-west1 --quiet
gcloud compute vpn-tunnels delete tunnel02 --region us-west2 --quiet
gcloud compute forwarding-rules delete fr01-esp --region us-west1 --quiet
gcloud compute forwarding-rules delete fr01-udp500 --region us-west1 --quiet
gcloud compute forwarding-rules delete fr01-udp4500 --region us-west1 --quiet
gcloud compute forwarding-rules delete fr02-esp --region us-west2 --quiet
gcloud compute forwarding-rules delete fr02-udp500 --region us-west2 --quiet
gcloud compute forwarding-rules delete fr02-udp4500 --region us-west2 --quiet
gcloud compute addresses delete address01 --region us-west1 --quiet
gcloud compute addresses delete address02 --region us-west2 --quiet
gcloud compute target-vpn-gateways delete gw01 --region us-west1 --quiet
gcloud compute target-vpn-gateways delete gw02 --region us-west2 --quiet
gcloud projects list
gcloud projects delete project01-9999999 --quiet