How to setup a VPN network using GCP/AWS backbone network?

0

1

We have two offices at Paris and Hong Kong; To connect with each other, the normal way would be setup vpn server on one side, and connect (VPN client) on antoher side; But the internet is not stable for such a long route. Ping is high, and packet loss rate is high, > 2%;

Could we leverage the backbone network of GCP or AWS, open two cloud instance at Paris and HK, then Paris office connects to a cloud instance at GCP/AWS Paris, and Hong Kong office connects to a cloud instance at GCP/AWS HK, and let the inter-state traffic go via Cloud backbone network; Can this setup work?

Are there some solutions, tutorials? Please recommend if there are any? Thank you in advance.

Best regards TiisCool

TiisCool

Posted 2019-07-11T04:19:38.603

Reputation: 29

Answers

0

Sure, it can work, and I'd expect it to work by default:

  1. Create two instances, one on each side.

  2. Create a site-to-site VPN between both instances. It depends on provider:

    • Note that both AWS and GCP want you to use their built-in networking functionality – e.g. AWS only guarantees that cross-region traffic will use its backbone if you use "Inter-Region VPC peering" (as mentioned in their FAQ), and the same goes for GCP as well.

    • Some providers don't have "VPC" features but nevertheless have a backbone network, e.g. both Linode and Digital Ocean simply send all cross-region traffic through their own backbone. In this case, you need to set up traditional site-to-site VPN software (IPsec, Wireguard, OpenVPN, whatever).

  3. Create a VPN between each office and its "local" GCP/AWS instance. (Ideally also site-to-site but it doesn't really matter.)

  4. Edit your cross-region VPN's routing table to allow both instances to reach the opposite side's office subnet.

user1686

Posted 2019-07-11T04:19:38.603

Reputation: 283 655

Thanks a lot, for step 3, is there any requiremnts for subnet range of VPN at each side? I am using openvpn to build local office to cloud instance vpn; If Paris office PC get a VPN IP 192.168.5.X, and HK office PC get a VPN IP 192.168.6.X; how could they talk to each other? I think I need build routing tables in this case as you mentioned in Step 4, right? – TiisCool – 2019-07-11T06:13:19.043

Yes – each subnet needs a different range, and different subnets talk to each other through routers by use of routing tables. (That's how the entire Internet works, really) – user1686 – 2019-07-11T06:22:07.400

Asked: 2019-07-11T04:19:38.603

Viewed: 213 times

Active: 2019-07-11T05:42:23.227