Creating GCP VPC Site

In this exercise we will deploy an GCP site from the F5 Distributed Cloud console.


Exercise 1: Add GCP site

  1. In Distributed Cloud Console and switch to the Cloud and Edge Sites context. It can be access either from the Home page or an internal page.

  2. Navigate to “Manage” -> “Site Management” -> “GCP VPC Sites”.

  3. Click “Add GCP VPC Site”. You will need to provide the following information:

    • Name: [unique name]-gcp

    • GCP Region: [preferred GCP region]

    • Select Ingress Gateway …: Ingress/Egress Gateway (Two Interface)

  4. After you select “Ingress/Egresss Gateway (Two Interface) click on “Configure”

    • GCP zone names (top middle): [Preferred GCP zone]

    • Number of nodes: 1

    • Select existing VPC network or create new VPC network: Existing VPC Network

    • GCP VPC Network Name (Inside Interface): [unique name]-internal

    • Select existing subnet or create new subnet: Existing Subnet

    • VPC Subnet Name: [unique name]-internal

    • GCP VPC Network Name (Outside Interface): [unique name]-external

    • Select existing subnet or create new subnet: Existing Subnet

    • VPC Subnet Name: [unique name]-external

  5. From the GCP Portal take note of the F5 Distributed Cloud gateway inside interface IP address. It will be on the 10.3.1.x network.

  6. Next you will configure routes to enable access to the “workload” VM in your GCP site.

  7. Under “Advanced Options” click on “Show Advanced Fields”.

    • Select Global Networks to Connect: Connect Global Networks

  8. Click on “Configure” (appears after changing to “Connect Global Networks”)

    • Select Network Connection Type: Site Local Inside to a Global Network (default)

    • Global Virtual Network: [unique name]-global

  9. Click on “Apply”

  10. Next you will configure static routes.

    • Manage Static Routes for Inside Network: Manage Static Routes

  11. Next you will configure static routes.

    • Manage Static Routes for Inside Network: Manage Static Routes

  12. You should now see new options.

    • Static Route Config Mode: Custom Static Route

  13. You should now see a “Configure” option under Static Route Config Mode

  14. Click on “Configure”.

    • Subnets: Click on “Add Item”

    • Version: IPv4 Subnet

    • Prefix: 10.3.2.0

    • Prefix Length: 24

  15. You will now configure the Nexthop section.

    • Type: User Configured

    • Version: IPv4 Address (default)

    • IPv4 Address: 10.3.1.1

    • Network Interface: [leave blank]

  16. Next you will configure “Attributes”

    • Install Host OS

    • Install Forwarding

  17. Click on “Apply”

  18. Under “Select Automatic or Assisted

    • Automatic Deployment: system/[unique name]-gcp (cloud credential created earlier)

  19. Click on “Save an Exit”

  20. Click on “Apply” for your newly created site.


Exercise 2: Configure Route table

In this next exercise we will update an GCP Route Table to direct traffic from the workload subnet to the F5 Distributed Cloud Gateway.

  1. From the Google Cloud Console go to VPC Networks -> Routes.

  2. Click on “Create Routes”.

    • Name: volterra-gateway

    • Network: [unique name]-internal

    • Destination IP Range: 0.0.0.0/0

    • Next hop: Specify IP address

    • Next hop IP address address: 10.3.1.X (use the IP address of the inside interface of the F5 Distributed Cloud gateway)

  3. Click on “Create”


Exercise 3: Test your connections

From UDF on the “Global Network Client” you should now be able to connect to http://10.3.2.2:8080/txt

ubuntu@ubuntu:~$ curl 10.3.2.2:8080/txt
================================================
 ___ ___   ___                    _
| __| __| |   \ ___ _ __  ___    /_\  _ __ _ __
| _||__ \ | |) / -_) '  \/ _ \  / _ \| '_ \ '_ \
|_| |___/ |___/\___|_|_|_\___/ /_/ \_\ .__/ .__/
                                      |_|  |_|
================================================

      Node Name: GCP Environment
     Short Name: workload

      Server IP: 10.3.2.2
    Server Port: 8080

      Client IP: 10.1.20.5
    Client Port: 36242

Client Protocol: HTTP
 Request Method: GET
    Request URI: /txt

    host_header: 10.3.2.2
     user-agent: curl/7.58.0

You should also be able to run ssh 10.3.2.2 from the “Global Network Client” host in UDF (the ssh key is installed on the Client already).

Once on that host you should be able to connect to http://10.1.20.5/txt (the Global Network Client in UDF)

================================================
 ___ ___   ___                    _
| __| __| |   \ ___ _ __  ___    /_\  _ __ _ __
| _||__ \ | |) / -_) '  \/ _ \  / _ \| '_ \ '_ \
|_| |___/ |___/\___|_|_|_\___/ /_/ \_\ .__/ .__/
                                      |_|  |_|
================================================

      Node Name: UDF Environment (demo app)
     Short Name: ubuntu

      Server IP: 10.1.20.5
    Server Port: 80

      Client IP: 10.3.2.2
    Client Port: 32860

Client Protocol: HTTP
 Request Method: GET
    Request URI: /txt

    host_header: 10.1.20.5
     user-agent: curl/7.58.0