Contents
This collection of Terraform blueprints demonstrates different hub and spoke network patterns using the latest networking products and services. It features:
- Cloud NGFW firewall policies with layer 7 inspection
- Secure tags
- Secure web proxy
- Advanced hybrid Network Connectivity Centre configurations
In this lab:
- A hub and spoke architecure with two spokes.
- All north-south and east-west traffic are allowed via VPC firewall rules.
- Hybrid connectivity to simulated on-premises sites is achieved using IPsec and BGP on Vyos network virtual appliance (NVA) routers.
- Network Connectivity Center (NCC) is used to connect the on-premises sites together via the external Hub VPC.
- Other networking features such as Cloud DNS, PSC for Google APIs and load balancers are also deployed in this lab.
In this lab:
- A hub and spoke architecure with two spokes.
- All north-south and east-west traffic are allowed via VPC firewall rules.
- Hybrid connectivity to simulated on-premises sites is achieved using IPsec and BGP on Vyos network virtual appliance (NVA) routers.
- Network Connectivity Center (NCC) is used to connect the on-premises sites together via the external Hub VPC.
- Other networking features such as Cloud DNS, PSC for Google APIs and load balancers are also deployed in this lab.
In this lab:
- A hub and spoke architecure with two spokes.
- All north-south and east-west traffic are allowed via VPC firewall rules.
- Hybrid connectivity to simulated on-premises sites is achieved using HA VPN underlay and GRE overlay with BGP routing on Vyos network virtual appliances (NVA).
- Network Connectivity Center (NCC) is used to connect the on-premises sites together via the external Hub VPC.
- Other networking features such as Cloud DNS, PSC for Google APIs and load balancers are also deployed in this lab.
In this lab:
- A hub and spoke VPC peering architecure using network virtual appliances (NVA) to inspect traffic to spokes.
- NVA appliances are simulated using iptables on Linux instances.
- All north-south and east-west traffic are allowed via the NVA instances in this lab.
- Hybrid connectivity to simulated on-premises sites is achieved using HA VPN.
- Network Connectivity Center (NCC) is used to connect the on-premises sites together via the external Hub VPC.
- Other networking features such as Cloud DNS, PSC for Google APIs and load balancers are also deployed in this lab.
In this lab:
- A Shared VPC architecture using network virtual appliances (NVA) appliance for traffic inspection.
- NVA appliances are simulated using iptables on Linux instances.
- All north-south and east-west traffic are allowed via the NVA instances in this lab.
- Hybrid connectivity to simulated on-premises sites is achieved using HA VPN.
- Network Connectivity Center router appliances are used to connect the on-premises sites together via the external Hub VPC.
- Other networking features such as Cloud DNS, PSC for Google APIs and load balancers are also deployed in this lab.
In this lab:
- A hub VPC network with simple hybrid connectivity to two on-premises sites.
- All north-south and east-west traffic are allowed via VPC firewall rules.
- Hybrid connectivity to simulated on-premises sites is achieved using HA VPN.
- Network Connectivity Center (NCC) is used to connect the on-premises sites together via the external Hub VPC.
- Other networking features such as Cloud DNS, PSC for Google APIs and load balancers are also deployed in this lab.
