GCP 2 tier web Server with AWS - GCP004

Posted on Fri 14 June 2019 in quiz

Alt Text

Your website comprised of two tier. Frontend in GCP, and the backend is in AWS. It seems your frontend server is not able to communicate the backend server.

In this quiz, you can assume everything in AWS is setup correctly. Spot the misconfiguration in GCP.


VPC

vpc

VPC > Firewall

vpc-firewall

VPC > Routes

vpc-routes

VPC > External IP

vpc-eip

VPN > Tunnel

vpn-tunnels

VPN > Gateway

vpn-gateways

Compute Instances

compute-instance


terraform configuration file Download Terraform output


Answer
BGP neighbor AS is wrong.

In the vpn_routers result, you can see the BGP session having the problem. In GCP, the VPN status can be summarized as follows:
    VPN tunnel is established
    BGP peer starts communication - Initial TCP handshake
    BGP peer establishes the session to exchange the routing information

You can see the vpn status in VPN > Tunnel. It says "Tunnel is up and running", so no.1 is cleared.
And next in the same page, you can see "BGP session" and it shows "Established". It is confusing, but this means it establishes the TCP connection and not actual BGP session. But in this case we can confirm at least we have connectivity to the BGP neighbor.
And next in VPN > Router, it says it has errors its BGP Sessions. And since we confirm there is a TCP connection, we can assume there is something wrong with BGP neighborship configuration.

In this case, the problem was with AS number configured incorrectly, you can reconfigure BGP session in VPN > Tunnel. Once you changed the session configuration with correct AS number in AWS, you should be able to see the logs "peering is up".
answer-router