Was this page helpful?
Configure Virtual Private Cloud (VPC) Peering with GCP¶
Scylla Cloud allows you to connect your application’s private network directly to the Scylla clusters’ private network by using GCP’s VPC peering. For more information on GCP’s VPC peering and its security advantages, please read the VPC Networking Overview.
If you are running Scylla Cloud on AWS, refer to these instructions.
Caution
VPC peering is set only at the cluster creation stage and cannot be configured on an existing cluster.
VPC peering is a mandatory setting for multi Data Center (DC) deployments.
Set up VPC Peering on Scylla Cloud with GCP¶
The procedure that follows includes instructions for setting up Virtual Private Cloud (VPC) peering to connect your Scylla Cluster to your application on Google Cloud Platform (GCP). This will require you to have access to your instances on GCP and to create a cluster with VPC peering in Scylla Cloud.
Before You Begin
Verify that you have access to your GCP Console, and your user has view/edit permissions for the VPC Peering settings.
Workflow
Launch a Scylla Cloud Cluster on GCP with VPC Peering Enabled¶
Procedure
Sign into Scylla Cloud. If you don’t have an account you can register here.
From the right-side menu, click Add New Cluster
In the Provider section, select Google Cloud.
In the Where to Deploy section, choose Scylla Account.
In the Details section, enter the following information:
Cluster Name - human-readable text to help you identify your cluster.
Allowed IPs - the list of IP addresses you want to allow to connect to your cluster (in CIDR format).
Select the Enable VPC Peering / Transit Gateway option under Network Types.
In the CIDR for ScyllaDB Cloud Network field, you can specify the desired IP range (in CIDR format). The default is 172.31.0.0/24. The allowed CIDR blocks are all ranges from RFC 1918:
10.0.0.0/8
172.16.0.0/12 – with the exception of 172.17.0.0/16 (reserved for the ScyllaDB Cloud infrastructure).
192.168.0.0/16
Scroll down the page and continue with the cluster creation process. Choose the type of instances you want to use, the number of nodes, the RF, and any other additional features you want to purchase.
When you’re finished choosing all the options you want, click Launch Cluster. It will take a few minutes for your cluster to launch.
Configure the VPC Details on Scylla Cloud¶
This procedure is done only after you have successfully launched a cluster as described in Launch a Scylla Cloud Cluster on GCP with VPC Peering Enabled.
Procedure
Click the CONFIGURE CONNECTION button displayed after your cluster is launched or manually navigate to the Connections tab.
Click the ADD VPC PEERING button to open the GCP Details page.
On the GCP Details page, fill in the fields as follows:
GCP Project ID - Enter your full unique GCP Project ID. You can copy your project ID from the Google Cloud Console.
VPC Network Name - Enter the network you would like to use under the same project.
VPC Network - Enter the network block of your VPC in CIDR format. It allows us to correctly route to your VPC. The allowed CIDR blocks are all ranges from RFC 1918:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
The block must not intersect with the block you’ve set when creating the cluster. If there are multiple CIDR blocks in your VPC, list them all separated by commas.
From the GCP Network, identify the CIDR subnets you would like to use under the chosen VPC subnets tab.
Click Submit VPC Peering Request.
Configure the VPC Peering Route¶
This procedure requires you to access the VPC Peering console on GCP and complete the Peering setup. You have 2 options to configure VPC Peering:
Manual Setup with a GCP Console¶
Procedure
Access the GCP VPC network peering console to open the VPC Network Peering> Create peering connection page.
Ensure that the right project is selected.
Click Continue to create a peering connection.
Note
Remember to use the same Project ID that you entered in Configure the VPC Details on Scylla Cloud.
Fill in all the required fields:
Peering connection name - Provide your VPC peering connection name.
Your VPC network - Choose your GCP Network from the drop-down menu.
Peered VPC network - Select the current project (In project <project name>) or specify another project.
Project ID - Enter the ScyllaDB Cloud GCP Project name: <Scylla_Project_Name>
VPC Network name - Specify the network name (you can find the VPC Network name in VPC network/VPC networks): <Scylla_Cluster_VPC_ID>.
Leave all other settings as they are.
Click Create.
Run the GCP CLI¶
Do not use this method if you already completed the Manual Setup with a GCP Console.
Procedure
An alternative way to Configure VPC Routing is to run the following GCP CLI with your values.
If you are connecting two VPCs from the same project:
gcloud compute networks peerings create [peering name] --network [your network name] --peer-network [URI] --project=[your project name]
If you are connecting VPC from different projects:
gcloud compute networks peerings create [peering name] --network [your network name] --peer-network [URI] --project=[your project name] --peer-project [Project_name]
To list projects accessible by your account, you can use the gcloud projects list command with
the --filter= flag. See the gcloud Reference
for details.
Confirm Connectivity¶
This procedure gives you some ways to test the VPC Peering between Scylla Cloud and your GCP instances
Test connectivity of your VPC: from a VM instance within the VPC network, try to connect to port 9042 with nc, telnet, or cqlsh (the required credentials are on the Cluster page):
For example, with nc:
nc -z 198.51.100.0 9042 && echo ok!
Using the telnet command, telnet to the IP address
telnet 198.51.100.0 9042