GCP: Functions - Connectivity, Security, Visibility with Aviatrix

in Cloud

Table of Contents

Description

A customer recently asked me about extending his existing Aviatrix environment from Azure to GCP.
This came with a small caveat.

In GCP he is using Functions.
One of those functions needs to:

  • reach a backend in Azure
  • be accessed from the Internet
  • be accessed by customers landing over Site2Cloud connections on Spokes

My initial lab setup for this scenario looked similar to this

Can you see the challenge here?
Wherever I would deploy a GCP function, it would just live outside the VPC by default.
I would NOT be able to control where traffic flows.
NOT able to easily apply various layers of security to it.
Have NO straightforward and consistent way to monitor what happens in real time and take measures in case I need to troubleshoot and fix its functionality.
I would be walking blind in the dark and get annoyed with the whole process.

For any challenge there is a solution :)
That’s the reason I chose to be a techie.

Continue reading

Author's picture

Mihai Tanasescu

All Rounder and Jack of all trades (master of none? :) ).
Sailing the Cloud world with my fantastic team@Aviatrix, former Network, Systems Engineer (Cisco, Juniper, Linux, Openshift, Openstack).
A flavor of Security added to the mix (Offensive Security OSCE).
If there’s anything new and cool, then I like to learn about it. I’m also a fan of deep diving under the hood of a product to see what makes it tick as well as what breaks it.

Solutions Architect @ Aviatrix

Switzerland