0

Can I have 2 subnets on the interface of VM in Google Cloud Platform ?

For example:

I have VPC vpc1 and it have 2 subnets: subnet1 - 10.1.1.0/24 and subnet2 - 192.168.1.0/24

Can I assign to interface eth1 of VM bastion 2 IP addresses 10.1.1.10 and 192.168.1.10 ? It is known as IP aliasing and can be done by commands

ip addr add 10.1.1.10/24 dev eth1
ip addr add 192.168.1.10/24 dev eth1

I aim to to have access to both subnets from one interface. If it is possible it will be great to have terraform example.

Thanks

ps: I do not want add several interfaces due to GCP interface-vcpu quota.

enter image description here

vlad
  • 844
  • 2
  • 6
  • 13
  • The documented interface maximum for most instance types is at least two. What limitation in the documentation is causing you problems? https://cloud.google.com/vpc/docs/create-use-multiple-interfaces – John Mahowald Mar 20 '19 at 15:44
  • Without proper IP aliasing (2+ subnets on the interface) I need 3 interfaces for my bastion host: ie: WAN, LAN1, LAN2 According to https://cloud.google.com/vpc/docs/create-use-multiple-interfaces#max-interfaces I need run VM with 4 vcpu (even number of vcpus) and it is too expensive for me :( – vlad Mar 20 '19 at 16:08
  • Please include a diagram of what you want to accomplish. GCP's firewall is capable of rules targeting instances regardless of subnet or CIDR range. You need firewall rules to deny the system-generated subnet routes anyway. – John Mahowald Mar 20 '19 at 18:22
  • I need 3 networks: 1 for WAN and 2 for LAN This diagram with 3 interfaces: https://i.imgur.com/q2P569l.png with vcpu-interfaces limitation. so I want to share LAN1 and LAN2 on eth1: https://i.imgur.com/WbQgEuc.png it is easily can be done with: ``` ip addr add 192.168.1.2/24 dev eth1; ip addr add 10.1.1.2/24 dev eth1 ``` on linux. but not in GCP reality – vlad Mar 20 '19 at 19:02

2 Answers2

0

Alias IP ranges are supported on GCP on the default NIC and here is how you can apply them.

However you will not be able to use multiple subnets on the same NIC unless you have multiple NICs.

Notauser
  • 295
  • 1
  • 9
  • As I understand it is incorrect. Mentioned IP aliases can be inside *one* subnet. But I need several subnets on the interface. – vlad Mar 20 '19 at 12:16
  • That's correct, I edited my answer to reflect the subnets limitation. For your use case I suggest to make use of containers that would be serving traffic from the 192 subnet as proper use of GCP IP Aliasing. – Notauser Mar 20 '19 at 18:08
  • You do not understand the question. Please re-read it. I need to share `eth1` with 2 subnetworks: https://i.imgur.com/WbQgEuc.png – vlad Mar 20 '19 at 19:03
0

The network interface can't be "shared", you can use Alias IP with one or more interfaces (your case being only one), setting a max of 10 Alias per interface, this is describe in the official doc.

As commented on the doc, you can run: 

gcloud compute instances network-interfaces update [INSTANCE_NAME] \
    --zone [ZONE] \
    [--network-interface [NETWORK_INTERFACE]; default="nic0"]
    --aliases "[RANGE_NAME]:[RANGE_CIDR];[[RANGE_NAME]:[RANGE_CIDR],...]"

to update an existing instance and add a new Alias IP from another subnet.

Cristian Sanchez
  • 25
  • 2
  • As I understand GCP "Alias IP" - it is like "add route for a sub-subnet" via the VM, is not it ? If so - that is can't help me. – vlad Mar 21 '19 at 16:51
  • 1
    You can't share a NIC, The only two ways are setting a second NIC, or using IP Alias, (this is not the best practice but, is the only thing available if you don't want to add a new NIC) In both option, you will need to do the route manually. – Cristian Sanchez Mar 28 '19 at 09:26