Establish Connection Between Google Cloud Platform and MuleSoft Anypoint VPN Using BGP Routing (IPSec Tunneling)

In my last article, we have deep dive into the architecture of Anypoint VPC, VPN (IPSec Tunneling and VPC Peering). We are going to see how we can establish the connection between Anypoint platform and GCP using the VPN IPSec tunneling.

Prerequisite

• Anypoint Platform account with VPN
• Set up Anypoint VPC.
• GCP Account for creating VPN.

Lets understand how we can create or establish the connection between the Anypoint Cloudhub and GCP.

Step 1:  Create VPC in Anypoint Platform

Create the Anypoint VPC. For creating VPC, login in Anypoint platform and navigate to the Runtime Manager => VPC => Create VPC

Provide VPC Name, Region, CIDR Block, select Environments, Business Group. Once all the details have been provided, verify the details and click on Create VPC.

Now, whenever we deploy applications in the VPC region and environments, it will select the internal IP address from the CIDR mask that we have configured on the VPC.

Step 2:  Create Classic VPN in Google Cloud Platform

For creating VPN in GCP, navigate to Networking => Hybrid Connectivity => VPN => Create VPN connection.

Once you click on Create VPN connection, it will show various VPN options like High-availability (HA) VPN and Classic VPN. In this case, we will select Classic VPN and Continue.

Once you click on Continue, it will open the page where you can provide the Name, Description, select Region and IP Address.

Create an IP address and it will be a GCP VPN gateway remote IP address.

Once we click on Create IP address, it will open the form and provide Name and Description. Click Reserve.

Once we click on the Reserve, it will provide the GCP VPN Gateway IP Address.

This IP address will be required to configure in the AnyPoint VPN as Remote IP address.

Step 3: Create Anypoint VPN

Create the Anypoint VPN. For creating VPN, login in Anypoint platform and navigate to the Runtime Manager => VPN => Create VPN.

Provide the Name, select the Anypoint VPC, Routing type as BGP, Remote IP Address (i.e. GCP VPN gateway IP address that generated in Step 2). 

Configure the Remote ASN (Autonomous System Number), this is the GCP ASN and we will be using 65001.

Configure the Local ASN, this is the MuleSoft ASN and we will be using 64512.

Use Tunnel Configuration as Automatic. Create VPN.

Once VPN is created, you will get 2 tunnel configurations (Tunnel Config 0 and Tunnel Config 1). But VPN status will be Pending and Tunnel 1 and Tunnel 2 will be DOWN.

Step 4:  Configure Tunnel 1 in GCP

For configuring Tunnel 1 in GCP, Create the VPN Tunnel. Provide the Name and Description to the tunnel. Provide Remote Peer IP Address (i.e. Anypoint VPN Tunnel 0 Config Local External IP Address). 

Select the IKE version as a IKEv2. Fill the IKE pre-shared key (i.e. Anypoint VPN Tunnel 0 Config PSK).

Select the Routing options as BGP and configure Cloud Router.

Create the Router. Provide the Name, Description, Google ASN (i.e. 65001).

Create a BGP Session. Provide Name, Peer ASN (i.e. MulesSoft ASN 64512), Cloud Router BGP IP (i.e. Anypoint VPN Tunnel 0 Config Remote Point-To-Point IP Address) and BGP peer IP (i.e. Anypoint VPN Tunnel 0 Config Local Point-To-Point IP Address). Click on Save and continue.

Verify all the configurations and Click Create.

Once the tunnel is created, we will see Anypoint VPN Status to the Available and Tunnel 1 as UP and Tunnel 2 as DOWN. This is because we have configured Tunnel 1 in GCP but not Tunnel 2.

We will also see the VPN tunnel status as Established and  BGP session status as Established in the GCP.

Step 5:  Configure Tunnel 2 in GCP

We will be going to Set up Tunnel 2 in GCP and Click on Create VPN Tunnel. Select VPN Gateway that we have created in Step 2. Click on Continue.

Provide the Name and Description to the tunnel. Provide Remote Peer IP Address (i.e. Anypoint VPN Tunnel 1 Config Local External IP Address).  Select the IKE version as a IKEv2. Fill the IKE pre-shared key (i.e. Anypoint VPN Tunnel 1 Config PSK).

Select the Routing options as BGP and select the existing Cloud Router created in Step 4.

Create a BGP Session. Provide Name, Peer ASN (i.e. MulesSoft ASN 64512), Cloud Router BGP IP (i.e. Anypoint VPN Tunnel 1 Config Remote Point-To-Point IP Address) and BGP peer IP (i.e. Anypoint VPN Tunnel 1 Config Local Point-To-Point IP Address). Click on Save and continue.

Verify all the configurations and Click Create.

Once the tunnel is created, we will see Anypoint VPN Status to the Available and Tunnel 1 as UP and Tunnel 2 as UP.

We will also see the VPN tunnel status as Established and BGP session status as Established in the GCP for both the tunnels.

Now, you know how to establish the connection between Anypoint platform and GCP.