Cloud VPN

Google Cloud VPN securely connects your on-premises network or another cloud network to your GCP VPC network through an IPsec VPN tunnel. All traffic is encrypted using IKE (Internet Key Exchange) protocol.

VPN Types:

1. HA VPN (High Availability VPN) - Provides 99.99% SLA with two tunnels across two interfaces. Supports dynamic routing with Cloud Router (BGP).

2. Classic VPN - Legacy option with 99.9% SLA. Supports static and dynamic routing.

Key Features:

1. IPsec encryption - All traffic encrypted using IKEv1 or IKEv2.

2. 99.99% SLA - HA VPN with redundant tunnels ensures high availability.

3. Dynamic routing - Works with Cloud Router for automatic route propagation via BGP.

4. Throughput - Up to 3 Gbps per tunnel; use multiple tunnels for higher bandwidth.

The below example shows how to create an HA VPN gateway and tunnel using gcloud.

It gives the following output,

NAME      REGION       GATEWAY     STATUS
tunnel-1  us-central1  my-ha-vpn   Established
tunnel-2  us-central1  my-ha-vpn   Established

Cloud VPN vs Cloud Interconnect:

Cloud VPN - Cost-effective, quick to deploy, travels over the public internet encrypted. Up to 3 Gbps per tunnel. Best for moderate bandwidth and dev/test connectivity.

Cloud Interconnect - Dedicated physical connection. Higher bandwidth (10 - 100 Gbps), lower latency, cheaper egress. Best for production workloads with large data transfer needs.