Google Cloud Platform

flexiWAN Integration with Google Network Connectivity Center

Follow this guide to sucessfully deploy flexiWAN on GCP with its Network Connectivity Center. To find out more about Google Network Connectivity Center click here. Documentation is structured so it follows GCP deployment flow, covering initial VM instance configuration and flexiWAN deployment. After sucessfully completing flexiWAN deployment, follow the guide to configure BGP peering in GCP and flexiWAN.

Prerequisites

To follow this guide make sure to have the following ready:

  • an account with flexiWAN, see here for details.

  • an account with Google Cloud Platform. Open a new account here.

Deploying a VM instance

The following section covers how to create WAN and LAN VPC networks and deploy a VM with both VPC networks attached on GCP. This is handled via VPC networks section in Google Cloud. It is recommended to remove the default VPC network before continuing.

Creating WAN network

Navigate to VPC networks section and from it click on Create VPC Network. This section will not appear if the default network is not removed, however a new VPC network can be added still.

WAN

Name the VPC network as wan and set subnet creation mode to automatic.

WAN

Under firewall rules enable as shown on the screenshot. Click Create to complete WAN VPC creation.

WAN

That’s it, now the WAN VPC network is ready.

Creating a LAN network

After creating WAN VPC network, next step is to create LAN network. Again, click on Create VPC Network. This time name it lan and set Subnet creation mode to custom.

LAN

Under New subnet section pick a region and add a IP range not used anywhere else. In this case 10.0.1.0/24. Optionally, set Private Google Access to On.

LAN

That’s it, now both WAN and LAN networks are ready. Proceed to next section to create a new VM instance with both of these networks attached.

Creating a new VM

After creating a WAN and LAN networks, navigate to the main dashboard and click on Create a VM shortcut

Create a VM

Name the instance, pick appropriate region and under the Machine configuration select E2-medium machine which has 2 vCPU’s and 4GB of RAM.

Create a VM 2

While still on the same page scroll to the Boot disk section and click on Change.

Create a VM 3

In the Boot disk section select Ubuntu as a OS and 18.04 LTS x86/64 version. Make sure to select AMD64 one and not ARM. Enter 20GB for the disk size and click on Select to close the screen.

Create a VM 4

Continue to the Networking section under Advanced options and make sure IP forwarding is enabled and VirtIO is selected as a Network Interface card.

Create a VM

Navigate to Network interfaces. Make sure wan interace is already present, click on Add Network Interface to add LAN interface.

Create a VM

In the next section define a previously configured network for LAN interface. Make sure external IPv4 address is set to none.

Create a VM

Confirm both WAN and LAN network interfaces are selected and click on Create at the bottom of the page.

Create a VM

That’s it, a VM instance should be deployed in a few moments.

gcloud CLI

In order to deploy VM from the gcloud command line, use the following command:

gcloud compute instances create flexiwan-01 --project=flexiedgetest --zone=us-central1-a --machine-type=e2-medium --network-interface=network-tier=PREMIUM,nic-type=VIRTIO_NET,subnet=wan --network-interface=nic-type=VIRTIO_NET,subnet=lan,no-address --can-ip-forward --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=626012385667[email protected] --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/trace.append --create-disk=auto-delete=yes,boot=yes,device-name=flexiwan-01,image=projects/ubuntu-os-cloud/global/images/ubuntu-1804-bionic-v20220810,mode=rw,size=20,type=projects/flexiedgetest/zones/us-central1-a/diskTypes/pd-balanced --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --reservation-affinity=any

Installing flexiWAN

After a new VM instance is deployed and running, click on SSH button to connect to it via browser.

flexiWAN install

A pop-up window will open with direct access to the device. Run the following commands:

  1. sudo su - to elevate privileges

  2. sudo curl -sL https://deb.flexiwan.com/setup | sudo bash - - this step adds the flexiWAN respository.

flexiWAN install

Enter the following command to install flexiWAN on the GCP VM:

apt install flexiwan-router

flexiWAN install

After flexiWAN installation is complete, run fwsystem_checker command to prepare the VM for flexiWAN operation. Select option 2 for quick and silent configuration, exit afterwards with 0. Follow the next section to complete flexiWAN configuration.

flexiWAN install

Configuring flexiWAN

From flexiManage navigate to Inventory > Devices > Token and copy an existing token or create a new one.

flexiWAN install

From there return to the SSH session and paste the token into /etc/flexiwan/agent/token.txt. For example use the following two steps with nano:

  1. nano /etc/flexiwan/agent/token.txt

  2. exit nano with CTRL+X and save the file.

After a few moments device will appear in flexiManage, waiting for approval.

flexiWAN install

Click on the newly appeared device to enter its name and click on Approved.

flexiWAN install

From the Interfaces tab assign the WAN and LAN interfaces. To do that, change the assigned status from no to yes.

flexiWAN install

In order for the SSH session to remain active, make sure to add firewall rule allowing SSH port 22 with TCP protocol. Click on Update device to apply the changes.

flexiWAN install

After a few moments device will be in synced status and ready to start. Finally click on start device to run flexiWAN vRouter..

flexiWAN install

That’s it, flexiWAN is now runing on GCP!

flexiWAN install

BGP peering

This section includes the required steps to deploy BGP cloud router in GCP and peer it with flexiWAN. Before continuing make sure to have VM instance with flexiWAN already running as documented in the above section.

Configuring BGP in GCP

To start, navigate to Network Connectivity Center. Create a new NCC Hub and click on Continue.

GCP BGP

Name and add a new spoke. Under Spoke type pick Router appliance and make sure to set Site-to-site data transfer to On. Finally pick the previously created VPC network of flexiWAN LAN side.

GCP BGP

Scroll to the bottom part of the page and add flexiWAN instance to the spoke. Click done afterwards.

GCP BGP

Confirm and click on Create.

GCP BGP

After creating the NCC hub and spokes, click on Spokes tab.

GCP BGP

Click on spoke to open its configuration settings.

GCP BGP

After opening Spoke settings click on first Configure BGP session. GCP requires creating two BGP sessions for redundancy.

GCP BGP

Configure a new Cloud Router, confirm its network is set to flexiWAN LAN network and add a ASN which this router will use. In this case ASN must be local / private. Keep the rest of setting as default. Click on Create & Continue.

GCP BGP

After creating a Cloud router, lets add two BGP sessions. Click on Edit BGP session to configure first session.

GCP BGP

Add a first BGP session name and enter peering ASN from flexiWAN, in this case 64513. Keep the rest of settings as default and click on Save and continue.

GCP BGP

Repeat the same for second BGP sessions.

GCP BGP

Finally once both BGP sessions are configured, click on Create.

GCP BGP

On the next screen, make note of Cloud router BGP IP’s, these will be BGP neighbours which need to be configured within flexiWAN.

GCP BGP

Configuring BGP in flexiWAN

Now that BGP is configured and running on GCP, lets configure flexiWAN to peer with GCP. Navigate to flexiWAN instance created in steps above.

GCP BGP

Open its settings and navigate to Routing tab, then click on BGP Configuration.

GCP BGP

Set BGP to be enabled and enter local ASN. Note, this ASN must match the peer ASN set in GCP, in this case 64513.

GCP BGP

Click on Add in the Neighbors section and add a first GCP BGP peer. For remote IP and remote ASN set the GCP IP’s, which can be found at the last step in previous section. Repeat the process for second one.

GCP BGP

Confirm both remote IP’s under Neighbors match the GCP peers as well as remote ASN. Click Save.

GCP BGP

Click on Update device to deploy BGP changes to flexiWAN.

GCP BGP

Now that BGP is enabled, navigate to Interfaces tab and under LAN routing change from OSPF to BGP. Make sure to not miss this step as peering will not occur otherwise.

GCP BGP

That’s it, BGP should be configured and enabled. Navigate to GCP console and open Cloud routers page. Confirm BGP sessions have green checkbox indicating peering is working.

GCP BGP

BGP neighbours can be also verified from flexiWAN side, navigate to flexiWAN device settigns and click on Update tab. Enter the following command vtysh -c "show bgp summary".

GCP BGP