You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command. Which next hop should you choose?
A.
The default internet gateway
B.
The IP address of the Cloud VPN gateway
C.
The name and region of the Cloud VPN tunnel
D.
The IP address of the instance on the remote side of the VPN tunnel
Correct Answer is (C):
When you create a route based tunnel using the Cloud Console, Classic VPN performs both of the following tasks:
Sets the tunnel's local and remote traffic selectors to any IP address (0.0.0.0/0)
For each range in Remote network IP ranges, Google Cloud creates a custom static route whose destination (prefix) is the range's CIDR, and whose next hop is the tunnel.
https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-static-vpns
Option B is correct because in a policy-based VPN, routing is based on policies that are defined for each connection. These policies specify the source IP ranges, destination IP ranges, and protocols that are permitted for a connection. Because policy-based routing is used, traffic must be sent to the IP address of the Cloud VPN gateway so that the appropriate policy can be applied and the traffic can be forwarded to the on-premises resource. Therefore, the next hop for the static route should be the IP address of the Cloud VPN gateway.
Option A, choosing the default internet gateway, is incorrect because it would direct traffic to the public internet rather than the on-premises resource behind the VPN gateway.
Option C, choosing the name and region of the Cloud VPN tunnel, is also incorrect because it specifies the VPN tunnel itself rather than the next hop for traffic to reach the on-premises resource behind the VPN gateway.
Option D, choosing the IP address of the instance on the remote side of the VPN tunnel, is incorrect because it would not account for any policy-based routing or routing rules that may be in place on the VPN gateway. Additionally, it assumes that there is only one instance on the remote side of the VPN tunnel, which may not be the case.
I think C is correct.
We can use gcloud compute routes create command.
The options of this command can be used to achieve the objective.
https://cloud.google.com/sdk/gcloud/reference/compute/routes/create
Sets the tunnel's local and remote traffic selectors to any IP address (0.0.0.0/0).
For each range in Remote network IP ranges, Google Cloud creates a custom static route whose destination (prefix) is the range's CIDR and whose next hop is the tunnel.
Likely C. The gcloud certainly support that parameter. https://cloud.google.com/sdk/gcloud/reference/compute/routes/create
Worth to mention that this apply only for the "classic VPN" product that will be phased out in March 2022. HA VPN cannot be referenced that way ( they do not support static route, BGP only ).
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ESP_SAP
Highly Voted 3 years, 1 month agoKomal697
Highly Voted 8 months, 4 weeks agoKomal697
8 months, 4 weeks agoGurminderjit
Most Recent 1 week, 5 days agoYushiSato
2 weeks, 1 day agoPotatoGCP
2 months, 1 week agobus_karan19
2 months, 1 week agosierra1784
2 months, 4 weeks agohoai_nam_1512
3 months, 2 weeks agogcpengineer
3 months, 3 weeks agovishnuramac
4 months, 1 week agosamuelmorher
5 months agopk349
11 months, 2 weeks agoAzureDP900
1 year agoMr_MIXER007
1 year, 2 months agokumarp6
1 year, 11 months agoEranSolstice
2 years, 2 months agoVidyasagar
2 years, 9 months ago