Rawpixel - Fotolia
Google Cloud Dedicated Interconnect offers VPN alternative
Google's Dedicated Interconnect enables an enterprise to privately connect its data center to the public cloud. Here's a breakdown of key features and the requirements to use it.
With the continued growth and use of hybrid cloud, strong and reliable network connections are critical.
Enterprises need high-bandwidth, low-latency links that can handle at least several Gbps of traffic. While some opt for traditional virtual private networks (VPNs), this approach has limitations around scalability and the number of bidirectional system dependencies.
One VPN alternative is a private, physical layer interconnect between private data centers and the cloud provider, such the Google Cloud Dedicated Interconnect service.
Key features and requirements
Google Cloud Dedicated Interconnect provides a physical connection with a private network and address space -- RFC 1918 class A, B or C -- to Google Cloud Platform (GCP). Google's service differs from that of its competitors in that it is a two-tiered connection structure and has requirements that effectively limit direct peering with Google to large organizations or service providers.
Google offers direct peering with links between private infrastructure and Google's network in chunks of 10 Gbps, up to eight circuits or 80 Gbps per link, to organizations that meet its peering requirements, such as a publicly routable address space and enough cloud traffic to justify a 10 Gbps link. For small and midsize enterprises that do not meet all the requirements or have the necessary network expertise, Google offers carrier peering through more than 20 service providers, including Equinix, CenturyLink and Verizon. In this scenario, the carrier or colocation provider establishes and manages the peering relationship with Google.
Google Cloud Dedicated Interconnect pricing
Direct peering connections have a flat fee for each 10 Gbps circuit and a variable rate for egress traffic, as follows:
- 10 Gbps interconnect: $1,700 per month;
- VLAN attachment: $72 per month each; and
- Egress traffic:
- $0.02 per GB for connections in North American and European regions
- $0.042 per GB for connections in Asia and Australia.
Connection fees for carrier peering vary by the provider, but Google charges egress traffic, as follows:
- North America: $0.04 per GB;
- Europe: $0.05 per GB; and
- Asia/Australia: $0.06 per GB.
Much like WAN connections, the private side of Google Cloud Dedicated Interconnect links terminate on an enterprise edge router to a single-mode fiber (1310 nm), 10GBASE-LR interface, while the Google side terminates on its virtual Cloud Router. The Cloud Router can direct traffic to multiple virtual private clouds (VPCs), which all run over the same physical connection. Virtual LAN attachments direct on-premises traffic to the correct VPC, and there's one VLAN per VPC.
Get started
The first step to use Google Cloud Dedicated Interconnect is to decide whether you need it and if you meet the technical requirements. If you do, follow these steps to provision the service:
- Order the circuit from Google.
- Send a Letter of Authority and Customer Facility Assignment, which Google provides, to your carrier or colocation provider. This details the demarcation points and provides other technical details to establish the physical connection.
- Test the connection using two automated scripts that Google provides; one tests the fiber link, and the other verifies the IP configuration.
- Create one or more VLANs on your private router and VLAN attachments that link to different VPCs.
- Establish a Border Gateway Protocol (BGP) session between the two routers to initiate traffic flow.
Unlike Azure ExpressRoute, a comparable service, Google Cloud Dedicated Interconnect does not provide redundancy; if either router interface goes down, all traffic stops. As a result, most organizations will want to provision two or more links using different on-premises and cloud routers, ideally in different locations on each end. Google offers documentation to help enterprises create a topology with 99.99% availability that uses four interconnections -- two each in two separate locations on the private side and two regions on the cloud side. With redundant paths for each VPC, traffic over each link is controlled via routing policy. Assuming that none of the paths is preferentially weighted, the cloud virtual router uses equal-cost, multipath routing to balance the egress traffic across connections.
Comparison to AWS and Azure
Amazon Web Services (AWS) Direct Connect and Azure ExpressRoute are both comparable services to Google Cloud Dedicated Interconnect. They all have similar physical requirements to establish a fiber connection to cloud infrastructure. Each has dozens of points of presence around the world, and many colocation and carrier partners for peering relationships. However, AWS and Azure offer a much wider range of connection speeds, from 50 Mbps to 10 Gbps.
AWS and Azure also have a two-tiered pricing structure with components for the port charge and egress traffic. Like Google, Azure charges a flat rate per month for the port, based on the connection capacity, while AWS uses an hourly rate.
Given the setup overhead and criticality of direct connections in a hybrid architecture, the vast majority of organizations will maintain the connection all month -- which we'll assume in the comparison below. Also, since Google only caters to high-traffic users, 10 Gbps is the only speed at which a comparison is possible. Here's how the respective costs look:
Azure's higher price per port is primarily because Azure ExpressRoute circuits consist of two connections to two Microsoft Enterprise edge routers with dual BGP connections. This provides built-in redundancy if you or your carrier uses redundant routers on the private side of the link.
Like Google, the AWS and Azure connections provide access to the full gamut of their native cloud services.