Dedicated Interconnect update (#210)

* add candidate_subnets variable to interconnect

* move interconnect code to separated file in each module

* Update interconnect README

* add vlan_tag8021q variable and filter by parent to find the interconnect project

* add note about setting variables to null to get auto generated values

* remove peer_ip_address from interconnect

Author: daniel-cit

3-networks/README.md

@@ -14,6 +14,14 @@ The purpose of this step is to :
 
 ## Usage
 
+### Using Dedicated Interconnect
+
+If you have the prerequisites listed in the [Dedicated Interconnect README](./modules/dedicated_interconnect/README.md) follow this steps to enable Dedicated Interconnect to access onprem.
+
+1. Rename `interconnect.tf.example` to `interconnect.tf` in each environment folder in `3-networks/envs/<ENV>`
+1. Update the file `interconnect.tf` with values that are valid for your environment for the interconnects, locations, candidate subnetworks, vlan_tag8021q and peer info.
+1. The candidate subnetworks and vlan_tag8021q variables can be set to `null` to allow the interconnect module to auto generate these values.
+
 ### OPTIONAL - Using High Availability VPN
 
 If you are not able to use dedicated interconnect, you can also use an HA VPN to access onprem.

3-networks/envs/development/interconnect.tf.example

@@ -0,0 +1,99 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "shared_restricted_interconnect" {
+  source = "../../modules/dedicated_interconnect"
+
+  org_id        = var.org_id
+  parent_folder = var.parent_folder
+  vpc_name      = "${local.environment_code}-shared-restricted"
+
+  region1                                 = var.default_region1
+  region1_router1_name                    = module.restricted_shared_vpc.region1_router1.router.name
+  region1_interconnect1_candidate_subnets = ["169.254.0.160/29"]
+  region1_interconnect1_vlan_tag8021q     = "3901"
+  region1_interconnect1                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-1"
+  region1_interconnect1_location          = "las-zone1-770"
+  region1_router2_name                    = module.restricted_shared_vpc.region1_router2.router.name
+  region1_interconnect2_candidate_subnets = ["169.254.0.168/29"]
+  region1_interconnect2_vlan_tag8021q     = "3902"
+  region1_interconnect2                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-2"
+  region1_interconnect2_location          = "las-zone1-770"
+
+  region2                                 = var.default_region2
+  region2_router1_name                    = module.restricted_shared_vpc.region2_router1.router.name
+  region2_interconnect1_candidate_subnets = ["169.254.0.176/29"]
+  region2_interconnect1_vlan_tag8021q     = "3903"
+  region2_interconnect1                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-3"
+  region2_interconnect1_location          = "lax-zone2-19"
+  region2_router2_name                    = module.restricted_shared_vpc.region2_router2.router.name
+  region2_interconnect2_candidate_subnets = ["169.254.0.184/29"]
+  region2_interconnect2_vlan_tag8021q     = "3904"
+  region2_interconnect2                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-4"
+  region2_interconnect2_location          = "lax-zone1-403"
+
+  peer_asn  = "64515"
+  peer_name = "interconnect-peer"
+
+  cloud_router_labels = {
+    vlan_1 = "cr5",
+    vlan_2 = "cr6",
+    vlan_3 = "cr7",
+    vlan_4 = "cr8"
+  }
+}
+
+module "shared_base_interconnect" {
+  source = "../../modules/dedicated_interconnect"
+
+  org_id        = var.org_id
+  parent_folder = var.parent_folder
+  vpc_name      = "${local.environment_code}-shared-base"
+
+  region1                                 = var.default_region1
+  region1_router1_name                    = module.base_shared_vpc.region1_router1.router.name
+  region1_interconnect1_candidate_subnets = ["169.254.0.192/29"]
+  region1_interconnect1_vlan_tag8021q     = "3905"
+  region1_interconnect1                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-1"
+  region1_interconnect1_location          = "las-zone1-770"
+  region1_router2_name                    = module.base_shared_vpc.region1_router2.router.name
+  region1_interconnect2_candidate_subnets = ["169.254.0.200/29"]
+  region1_interconnect2_vlan_tag8021q     = "3906"
+  region1_interconnect2                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-2"
+  region1_interconnect2_location          = "las-zone1-770"
+
+  region2                                 = var.default_region2
+  region2_router1_name                    = module.base_shared_vpc.region2_router1.router.name
+  region2_interconnect1_candidate_subnets = ["169.254.0.208/29"]
+  region2_interconnect1_vlan_tag8021q     = "3907"
+  region2_interconnect1                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-3"
+  region2_interconnect1_location          = "lax-zone2-19"
+  region2_router2_name                    = module.base_shared_vpc.region2_router2.router.name
+  region2_interconnect2_candidate_subnets = ["169.254.0.216/29"]
+  region2_interconnect2_vlan_tag8021q     = "3908"
+  region2_interconnect2                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-4"
+  region2_interconnect2_location          = "lax-zone1-403"
+
+  peer_asn  = "64515"
+  peer_name = "interconnect-peer"
+
+  cloud_router_labels = {
+    vlan_1 = "cr1",
+    vlan_2 = "cr2",
+    vlan_3 = "cr3",
+    vlan_4 = "cr4"
+  }
+}

3-networks/envs/development/main.tf

@@ -96,45 +96,6 @@ module "restricted_shared_vpc" {
   }
 }
 
-/******************************************
- Interconnect for restricted shared VPC
-*****************************************/
-# uncommnet if you have done the requirement steps listed in ../../modules/dedicated_interconnect/README.md
-# update the interconnect, interconnect locations, and peer field with actual values.
-
-# module "shared_restricted_interconnect" {
-#   source = "../../modules/dedicated_interconnect"
-
-#   vpc_name = "${local.environment_code}-shared-restricted"
-
-#   region1                        = var.default_region1
-#   region1_router1_name           = module.restricted_shared_vpc.region1_router1.router.name
-#   region1_interconnect1          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-1"
-#   region1_interconnect1_location = "las-zone1-770"
-#   region1_router2_name           = module.restricted_shared_vpc.region1_router2.router.name
-#   region1_interconnect2          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-2"
-#   region1_interconnect2_location = "las-zone1-770"
-
-#   region2                        = var.default_region2
-#   region2_router1_name           = module.restricted_shared_vpc.region2_router1.router.name
-#   region2_interconnect1          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-3"
-#   region2_interconnect1_location = "lax-zone2-19"
-#   region2_router2_name           = module.restricted_shared_vpc.region2_router2.router.name
-#   region2_interconnect2          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-4"
-#   region2_interconnect2_location = "lax-zone1-403"
-
-#   peer_asn        = "64515"
-#   peer_ip_address = "8.8.8.8" # on-prem router ip address
-#   peer_name       = "interconnect-peer"
-
-#   cloud_router_labels = {
-#     vlan_1 = "cr5",
-#     vlan_2 = "cr6",
-#     vlan_3 = "cr7",
-#     vlan_4 = "cr8"
-#   }
-# }
-
 /******************************************
  Base shared VPC
 *****************************************/
@@ -183,43 +144,3 @@ module "base_shared_vpc" {
     ]
   }
 }
-
-/******************************************
- Interconnect for base shared VPC
-*****************************************/
-
-# uncommnet if you have done the requirement steps listed in ../../modules/dedicated_interconnect/README.md
-# update the interconnect, interconnect locations, and peer field with actual values.
-
-# module "shared_base_interconnect" {
-#   source = "../../modules/dedicated_interconnect"
-
-#   vpc_name = "${local.environment_code}-shared-base"
-
-#   region1                        = var.default_region1
-#   region1_router1_name           = module.base_shared_vpc.region1_router1.router.name
-#   region1_interconnect1          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-1"
-#   region1_interconnect1_location = "las-zone1-770"
-#   region1_router2_name           = module.base_shared_vpc.region1_router2.router.name
-#   region1_interconnect2          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-2"
-#   region1_interconnect2_location = "las-zone1-770"
-
-#   region2                        = var.default_region2
-#   region2_router1_name           = module.base_shared_vpc.region2_router1.router.name
-#   region2_interconnect1          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-3"
-#   region2_interconnect1_location = "lax-zone2-19"
-#   region2_router2_name           = module.base_shared_vpc.region2_router2.router.name
-#   region2_interconnect2          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-4"
-#   region2_interconnect2_location = "lax-zone1-403"
-
-#   peer_asn        = "64515"
-#   peer_ip_address = "8.8.8.8" # on-prem router ip address
-#   peer_name       = "interconnect-peer"
-
-#   cloud_router_labels = {
-#     vlan_1 = "cr1",
-#     vlan_2 = "cr2",
-#     vlan_3 = "cr3",
-#     vlan_4 = "cr4"
-#   }
-# }

3-networks/envs/non-production/interconnect.tf.example

@@ -0,0 +1,99 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "shared_restricted_interconnect" {
+  source = "../../modules/dedicated_interconnect"
+
+  org_id        = var.org_id
+  parent_folder = var.parent_folder
+  vpc_name      = "${local.environment_code}-shared-restricted"
+
+  region1                                 = var.default_region1
+  region1_router1_name                    = module.restricted_shared_vpc.region1_router1.router.name
+  region1_interconnect1_candidate_subnets = ["169.254.0.96/29"]
+  region1_interconnect1_vlan_tag8021q     = "3911"
+  region1_interconnect1                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-1"
+  region1_interconnect1_location          = "las-zone1-770"
+  region1_router2_name                    = module.restricted_shared_vpc.region1_router2.router.name
+  region1_interconnect2_candidate_subnets = ["169.254.0.104/29"]
+  region1_interconnect2_vlan_tag8021q     = "3912"
+  region1_interconnect2                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-2"
+  region1_interconnect2_location          = "las-zone1-770"
+
+  region2                                 = var.default_region2
+  region2_router1_name                    = module.restricted_shared_vpc.region2_router1.router.name
+  region2_interconnect1_candidate_subnets = ["169.254.0.112/29"]
+  region2_interconnect1_vlan_tag8021q     = "3913"
+  region2_interconnect1                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-3"
+  region2_interconnect1_location          = "lax-zone2-19"
+  region2_router2_name                    = module.restricted_shared_vpc.region2_router2.router.name
+  region2_interconnect2_candidate_subnets = ["169.254.0.120/29"]
+  region2_interconnect2_vlan_tag8021q     = "3914"
+  region2_interconnect2                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-4"
+  region2_interconnect2_location          = "lax-zone1-403"
+
+  peer_asn  = "64515"
+  peer_name = "interconnect-peer"
+
+  cloud_router_labels = {
+    vlan_1 = "cr5",
+    vlan_2 = "cr6",
+    vlan_3 = "cr7",
+    vlan_4 = "cr8"
+  }
+}
+
+module "shared_base_interconnect" {
+  source = "../../modules/dedicated_interconnect"
+
+  org_id        = var.org_id
+  parent_folder = var.parent_folder
+  vpc_name      = "${local.environment_code}-shared-base"
+
+  region1                                 = var.default_region1
+  region1_router1_name                    = module.base_shared_vpc.region1_router1.router.name
+  region1_interconnect1_candidate_subnets = ["169.254.0.128/29"]
+  region1_interconnect1_vlan_tag8021q     = "3915"
+  region1_interconnect1                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-1"
+  region1_interconnect1_location          = "las-zone1-770"
+  region1_router2_name                    = module.base_shared_vpc.region1_router2.router.name
+  region1_interconnect2_candidate_subnets = ["169.254.0.136/29"]
+  region1_interconnect2_vlan_tag8021q     = "3916"
+  region1_interconnect2                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-2"
+  region1_interconnect2_location          = "las-zone1-770"
+
+  region2                                 = var.default_region2
+  region2_router1_name                    = module.base_shared_vpc.region2_router1.router.name
+  region2_interconnect1_candidate_subnets = ["169.254.0.144/29"]
+  region2_interconnect1_vlan_tag8021q     = "3917"
+  region2_interconnect1                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-3"
+  region2_interconnect1_location          = "lax-zone2-19"
+  region2_router2_name                    = module.base_shared_vpc.region2_router2.router.name
+  region2_interconnect2_candidate_subnets = ["169.254.0.152/29"]
+  region2_interconnect2_vlan_tag8021q     = "3918"
+  region2_interconnect2                   = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-4"
+  region2_interconnect2_location          = "lax-zone1-403"
+
+  peer_asn  = "64515"
+  peer_name = "interconnect-peer"
+
+  cloud_router_labels = {
+    vlan_1 = "cr1",
+    vlan_2 = "cr2",
+    vlan_3 = "cr3",
+    vlan_4 = "cr4"
+  }
+}

3-networks/envs/non-production/main.tf

@@ -97,45 +97,6 @@ module "restricted_shared_vpc" {
   }
 }
 
-/******************************************
- Interconnect for restricted shared VPC
-*****************************************/
-# uncommnet if you have done the requirement steps listed in ../../modules/dedicated_interconnect/README.md
-# update the interconnect, interconnect locations, and peer field with actual values.
-
-# module "shared_restricted_interconnect" {
-#   source = "../../modules/dedicated_interconnect"
-
-#   vpc_name = "${local.environment_code}-shared-restricted"
-
-#   region1                        = var.default_region1
-#   region1_router1_name           = module.restricted_shared_vpc.region1_router1.router.name
-#   region1_interconnect1          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-1"
-#   region1_interconnect1_location = "las-zone1-770"
-#   region1_router2_name           = module.restricted_shared_vpc.region1_router2.router.name
-#   region1_interconnect2          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-2"
-#   region1_interconnect2_location = "las-zone1-770"
-
-#   region2                        = var.default_region2
-#   region2_router1_name           = module.restricted_shared_vpc.region2_router1.router.name
-#   region2_interconnect1          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-3"
-#   region2_interconnect1_location = "lax-zone2-19"
-#   region2_router2_name           = module.restricted_shared_vpc.region2_router2.router.name
-#   region2_interconnect2          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-4"
-#   region2_interconnect2_location = "lax-zone1-403"
-
-#   peer_asn        = "64515"
-#   peer_ip_address = "8.8.8.8" # on-prem router ip address
-#   peer_name       = "interconnect-peer"
-
-#   cloud_router_labels = {
-#     vlan_1 = "cr5",
-#     vlan_2 = "cr6",
-#     vlan_3 = "cr7",
-#     vlan_4 = "cr8"
-#   }
-# }
-
 /******************************************
  Private shared VPC
 *****************************************/
@@ -186,43 +147,3 @@ module "base_shared_vpc" {
     ]
   }
 }
-
-/******************************************
- Interconnect for base shared VPC
-*****************************************/
-
-# uncommnet if you have done the requirement steps listed in ../../modules/dedicated_interconnect/README.md
-# update the interconnect, interconnect locations, and peer field with actual values.
-
-# module "shared_base_interconnect" {
-#   source = "../../modules/dedicated_interconnect"
-
-#   vpc_name = "${local.environment_code}-shared-base"
-
-#   region1                        = var.default_region1
-#   region1_router1_name           = module.base_shared_vpc.region1_router1.router.name
-#   region1_interconnect1          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-1"
-#   region1_interconnect1_location = "las-zone1-770"
-#   region1_router2_name           = module.base_shared_vpc.region1_router2.router.name
-#   region1_interconnect2          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-2"
-#   region1_interconnect2_location = "las-zone1-770"
-
-#   region2                        = var.default_region2
-#   region2_router1_name           = module.base_shared_vpc.region2_router1.router.name
-#   region2_interconnect1          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-3"
-#   region2_interconnect1_location = "lax-zone2-19"
-#   region2_router2_name           = module.base_shared_vpc.region2_router2.router.name
-#   region2_interconnect2          = "https://www.googleapis.com/compute/v1/projects/example-interconnect-project/global/interconnects/example-interconnect-4"
-#   region2_interconnect2_location = "lax-zone1-403"
-
-#   peer_asn        = "64515"
-#   peer_ip_address = "8.8.8.8" # on-prem router ip address
-#   peer_name       = "interconnect-peer"
-
-#   cloud_router_labels = {
-#     vlan_1 = "cr1",
-#     vlan_2 = "cr2",
-#     vlan_3 = "cr3",
-#     vlan_4 = "cr4"
-#   }
-# }