GCP Service VPC¶
For the Centralized deployment, Valtix Gateway is deployed in a new VPC. This VPC is called a Service VPC and peer with other Spoke (application) VPC to create a Hub-and-Spoke model as shown below:
Valtix orchestrates the creation of the Service VPC and the peering with the Spoke VPCs. Valtix also provides the ability to update the routing tables in Spoke VPCs to route traffic to Service VPC for inspection. For instructions on how to make routing changes with Valtix in Spoke VPC, see Manage Spoke VPC
Create Service VPC¶
- Click Manage -> Gateways -> Service VPCs/VNets.
- Click Create Service VPC/VNet.
- Input parameter values:
Parameter | Description |
---|---|
Name | Assign a name to the Service VPC. |
CSP Account | Select the GCP project to create the Service VPC. |
Region | GCP region to deploy the Service VPC. |
Datapath CIDR Block | The CIDR Block for the Valtix gateway datapath Service VPC. This CIDR block must not overlap with address ranges in your Spoke (application) VPCs. |
Management CIDR Block | The CIDR Block for the Valtix gateway management Service VPC. This CIDR block must not overlap with address ranges in your Spoke (application) VPCs. |
Availability Zones | Valtix recommends to select at least two (2) availability zones for resiliency. |
Tech Notes
- Service VPC consist of the following:
- Two (2) VPC - one for management and one for datapath
- Four (4) firewall rules - 2 for management and 2 for datapath (ingress and egress)
- Service VPC CIDR must not overlap with Spoke VPC