Build Network Connectivity Center hub and spoke configurations for multi-region and hybrid connectivity.
Last verified: May 2026
Build Network Connectivity Center hub and spoke configurations for multi-region and hybrid connectivity.
Required Fields
hub.namehub.routingVpcsspokesOutput will appear here...Your team is connecting 8 VPCs across 4 regions for a globally distributed application. Without NCC, you'd need 28 VPC peering connections (full mesh) — each requiring careful CIDR coordination. The builder generates an NCC hub with 8 VPC spokes; each VPC peers with the hub instead of each other. Routes are automatically distributed transitively. Adding a new VPC means adding 1 spoke instead of 8 new peerings. Operational complexity drops dramatically while maintaining the same connectivity model.
Network Connectivity Center is Google Cloud's hub-and-spoke architecture for connecting VPC networks, on-premises sites, and remote branches through a centralized management plane. It supports hybrid spokes (Cloud VPN, Cloud Interconnect, Router appliances) and VPC spokes for network-to-network connectivity. This builder helps you design hub topologies, configure spoke attachments, set up route exchange policies, and generate the Terraform or gcloud configurations needed for deployment.
The builder constructs Network Connectivity Center configurations: hub resource (with description and presets), spokes (VPC spokes referencing target VPC networks, hybrid spokes referencing VPN tunnels / Interconnect attachments / Router appliances), route exchange policies (auto-accept routes from hub, controlled export/import filters), and route table attachments. Output is generated as gcloud network-connectivity commands and Terraform google_network_connectivity_hub + google_network_connectivity_spoke resources.
Network Connectivity Center is the right answer for transitive routing across many VPCs. VPC peering is non-transitive (A peers B, B peers C, but A can't reach C through B). NCC's hub-and-spoke gives you transitive routing with central management — dramatically simpler than building peering meshes manually.
VPC spokes connect VPCs to the hub for transitive routing. Hybrid spokes connect on-prem networks via VPN/Interconnect/Router appliance. Mixing both types lets you build a single hub that connects all your VPCs AND your on-prem networks, with route advertisement filtering for security boundaries.
Route advertisement filters are the access control mechanism. A spoke can be configured to import all routes from the hub but export none — useful for 'isolated' spokes that need access to shared services but shouldn't be reachable from other spokes. Plan the export/import policy per-spoke based on your trust model.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.