Vous pouvez utiliser les exemples suivants pour déployer des passerelles VPN haute disponibilité.
Pour savoir comment appliquer ou supprimer une configuration Terraform, consultez la page Commandes Terraform de base.
Entre plusieurs VPC
Vous pouvez utiliser les ressources Terraform pour afficher un exemple de passerelle VPN haute disponibilité entre des réseaux Google Cloud . Pour en savoir plus sur cette configuration, consultez le guide de configuration principal.
resource "google_compute_ha_vpn_gateway" "ha_gateway1" { region = "us-central1" name = "ha-vpn-1" network = google_compute_network.network1.id } resource "google_compute_ha_vpn_gateway" "ha_gateway2" { region = "us-central1" name = "ha-vpn-2" network = google_compute_network.network2.id } resource "google_compute_network" "network1" { name = "network1" routing_mode = "GLOBAL" auto_create_subnetworks = false } resource "google_compute_network" "network2" { name = "network2" routing_mode = "GLOBAL" auto_create_subnetworks = false } resource "google_compute_subnetwork" "network1_subnet1" { name = "ha-vpn-subnet-1" ip_cidr_range = "10.0.1.0/24" region = "us-central1" network = google_compute_network.network1.id } resource "google_compute_subnetwork" "network1_subnet2" { name = "ha-vpn-subnet-2" ip_cidr_range = "10.0.2.0/24" region = "us-west1" network = google_compute_network.network1.id } resource "google_compute_subnetwork" "network2_subnet1" { name = "ha-vpn-subnet-3" ip_cidr_range = "192.168.1.0/24" region = "us-central1" network = google_compute_network.network2.id } resource "google_compute_subnetwork" "network2_subnet2" { name = "ha-vpn-subnet-4" ip_cidr_range = "192.168.2.0/24" region = "us-east1" network = google_compute_network.network2.id } resource "google_compute_router" "router1" { name = "ha-vpn-router1" region = "us-central1" network = google_compute_network.network1.name bgp { asn = 64514 } } resource "google_compute_router" "router2" { name = "ha-vpn-router2" region = "us-central1" network = google_compute_network.network2.name bgp { asn = 64515 } } resource "google_compute_vpn_tunnel" "tunnel1" { name = "ha-vpn-tunnel1" region = "us-central1" vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id shared_secret = "a secret message" router = google_compute_router.router1.id vpn_gateway_interface = 0 } resource "google_compute_vpn_tunnel" "tunnel2" { name = "ha-vpn-tunnel2" region = "us-central1" vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id shared_secret = "a secret message" router = google_compute_router.router1.id vpn_gateway_interface = 1 } resource "google_compute_vpn_tunnel" "tunnel3" { name = "ha-vpn-tunnel3" region = "us-central1" vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id shared_secret = "a secret message" router = google_compute_router.router2.id vpn_gateway_interface = 0 } resource "google_compute_vpn_tunnel" "tunnel4" { name = "ha-vpn-tunnel4" region = "us-central1" vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway2.id peer_gcp_gateway = google_compute_ha_vpn_gateway.ha_gateway1.id shared_secret = "a secret message" router = google_compute_router.router2.id vpn_gateway_interface = 1 } resource "google_compute_router_interface" "router1_interface1" { name = "router1-interface1" router = google_compute_router.router1.name region = "us-central1" ip_range = "169.254.0.1/30" vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name } resource "google_compute_router_peer" "router1_peer1" { name = "router1-peer1" router = google_compute_router.router1.name region = "us-central1" peer_ip_address = "169.254.0.2" peer_asn = 64515 advertised_route_priority = 100 interface = google_compute_router_interface.router1_interface1.name } resource "google_compute_router_interface" "router1_interface2" { name = "router1-interface2" router = google_compute_router.router1.name region = "us-central1" ip_range = "169.254.1.2/30" vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name } resource "google_compute_router_peer" "router1_peer2" { name = "router1-peer2" router = google_compute_router.router1.name region = "us-central1" peer_ip_address = "169.254.1.1" peer_asn = 64515 advertised_route_priority = 100 interface = google_compute_router_interface.router1_interface2.name } resource "google_compute_router_interface" "router2_interface1" { name = "router2-interface1" router = google_compute_router.router2.name region = "us-central1" ip_range = "169.254.0.2/30" vpn_tunnel = google_compute_vpn_tunnel.tunnel3.name } resource "google_compute_router_peer" "router2_peer1" { name = "router2-peer1" router = google_compute_router.router2.name region = "us-central1" peer_ip_address = "169.254.0.1" peer_asn = 64514 advertised_route_priority = 100 interface = google_compute_router_interface.router2_interface1.name } resource "google_compute_router_interface" "router2_interface2" { name = "router2-interface2" router = google_compute_router.router2.name region = "us-central1" ip_range = "169.254.1.1/30" vpn_tunnel = google_compute_vpn_tunnel.tunnel4.name } resource "google_compute_router_peer" "router2_peer2" { name = "router2-peer2" router = google_compute_router.router2.name region = "us-central1" peer_ip_address = "169.254.1.2" peer_asn = 64514 advertised_route_priority = 100 interface = google_compute_router_interface.router2_interface2.name }Vers un réseau pair externe
Vous pouvez utiliser les ressources Terraform pour afficher un exemple de passerelle VPN haute disponibilité vers un pair externe. Pour en savoir plus sur cette configuration, consultez le guide de configuration principal.
Pour obtenir des exemples illustrant les VPN haute disponibilité via Cloud Interconnect, consultez la page Exemples Terraform pour les VPN haute disponibilité via Cloud Interconnect.
resource "google_compute_ha_vpn_gateway" "ha_gateway" { region = "us-central1" name = "ha-vpn" network = google_compute_network.network.id } resource "google_compute_external_vpn_gateway" "external_gateway" { name = "external-gateway" redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" description = "An externally managed VPN gateway" interface { id = 0 ip_address = "8.8.8.8" } } resource "google_compute_network" "network" { name = "network-1" routing_mode = "GLOBAL" auto_create_subnetworks = false } resource "google_compute_subnetwork" "network_subnet1" { name = "ha-vpn-subnet-1" ip_cidr_range = "10.0.1.0/24" region = "us-central1" network = google_compute_network.network.id } resource "google_compute_subnetwork" "network_subnet2" { name = "ha-vpn-subnet-2" ip_cidr_range = "10.0.2.0/24" region = "us-west1" network = google_compute_network.network.id } resource "google_compute_router" "router1" { name = "ha-vpn-router1" network = google_compute_network.network.name bgp { asn = 64514 } } resource "google_compute_vpn_tunnel" "tunnel1" { name = "ha-vpn-tunnel1" region = "us-central1" vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.id peer_external_gateway = google_compute_external_vpn_gateway.external_gateway.id peer_external_gateway_interface = 0 shared_secret = "a secret message" router = google_compute_router.router1.id vpn_gateway_interface = 0 } resource "google_compute_vpn_tunnel" "tunnel2" { name = "ha-vpn-tunnel2" region = "us-central1" vpn_gateway = google_compute_ha_vpn_gateway.ha_gateway.id peer_external_gateway = google_compute_external_vpn_gateway.external_gateway.id peer_external_gateway_interface = 0 shared_secret = "a secret message" router = " ${google_compute_router.router1.id}" vpn_gateway_interface = 1 } resource "google_compute_router_interface" "router1_interface1" { name = "router1-interface1" router = google_compute_router.router1.name region = "us-central1" ip_range = "169.254.0.1/30" vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name } resource "google_compute_router_peer" "router1_peer1" { name = "router1-peer1" router = google_compute_router.router1.name region = "us-central1" peer_ip_address = "169.254.0.2" peer_asn = 64515 advertised_route_priority = 100 interface = google_compute_router_interface.router1_interface1.name } resource "google_compute_router_interface" "router1_interface2" { name = "router1-interface2" router = google_compute_router.router1.name region = "us-central1" ip_range = "169.254.1.1/30" vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name } resource "google_compute_router_peer" "router1_peer2" { name = "router1-peer2" router = google_compute_router.router1.name region = "us-central1" peer_ip_address = "169.254.1.2" peer_asn = 64515 advertised_route_priority = 100 interface = google_compute_router_interface.router1_interface2.name }