Build Cloud Router configurations with BGP peering, custom route advertisements, and BFD settings.
Last verified: May 2026
Build Cloud Router configurations with BGP peering, custom route advertisements, and BFD settings.
Required Fields
nameregionnetworkbgp.asnbgpPeersOutput will appear here...Your team has on-prem connected to GCP via dual VPN tunnels (active/standby). The builder generates: a Cloud Router with global dynamic routing, two BGP peer configs — one with priority 100 (active), one with priority 200 (standby), BFD enabled on both with 1000ms detection multiplier 3 = 3-second detection. Custom advertised routes only including the production VPC subnets (not the dev/test subnets). Failover behavior: active tunnel fails → BFD detects within 3 seconds → BGP withdraws active routes → traffic shifts to standby tunnel → users experience ~5 seconds of disruption.
Cloud Router is the backbone of dynamic routing in Google Cloud, managing BGP sessions for Cloud VPN, Cloud Interconnect, and Cloud NAT. It automatically learns and distributes routes between your VPC and connected networks, eliminating the need for static route maintenance. This builder helps you configure Cloud Routers with custom ASN assignments, BGP peer configurations, advertised route policies, and NAT gateway settings, generating deployment-ready gcloud commands or Terraform resources.
The builder constructs Cloud Router configurations: Router resource (region, network, ASN — typically 64512-65534 private range, dynamic routing mode: REGIONAL or GLOBAL), BGP peer configurations per peer (peer ASN, peer IP, advertised route priority, MED, BFD config), advertised route IP ranges (custom or default to all subnets), and NAT gateway settings if used. Output is generated as gcloud compute routers commands and Terraform google_compute_router + google_compute_router_peer resources.
Global dynamic routing mode is the right default for multi-region VPCs. Without it, an on-prem route learned in us-central1 isn't reachable from europe-west1, breaking cross-region hybrid workloads. The downside (asymmetric routing risk) is manageable with proper route priorities.
Always enable BFD on production BGP sessions. Default BGP failover takes 30-90 seconds (3 keepalives missed at 30s default interval). BFD failover is sub-second. Configuration is trivial; the operational impact during a tunnel failure is enormous.
Use MED (Multi-Exit Discriminator) values to control inbound traffic preferences in active/passive setups. Lower MED = preferred path. For active/standby VPN tunnels, set the standby's advertised MED higher so it only receives traffic when the active fails. Without MED, both tunnels load-balance, defeating the active/passive model.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.