1. Introduction to Cloud Router and Dynamic Routing Modes
Cloud Router is a fully distributed, managed service in GCP that uses Border Gateway Protocol (BGP) to exchange routes between your GCP VPC network and your on-premises networks (via Cloud VPN or Cloud Interconnect), or to other peered VPC networks.
Unlike static routes, dynamic routing automatically propagates network topology changes, making your hybrid network more resilient and easier to manage. Cloud Router operates in two primary dynamic routing modes: Regional and Global .
The dynamic routing mode is configured at the VPC Network level . All Cloud Routers within that VPC network will adhere to the selected mode.
# Setting the dynamic routing mode for a VPC network
gcloud compute networks update my-vpc --bgp-routing-mode=GLOBAL
# Checking the current routing mode
gcloud compute networks describe my-vpc --format="value(routingConfig.routingMode)"
2. Regional Dynamic Routing Mode
2.1. Definition
In Regional dynamic routing mode , a Cloud Router only advertises specific routes and learns specific routes related to the region in which it is deployed.
- Routes Advertised (from GCP to On-Prem/Peer): A Cloud Router advertises prefixes (subnets) only from the region it resides in . It does NOT advertise subnets from other regions within the same VPC network.
- Routes Learned (from On-Prem/Peer to GCP): A Cloud Router learns routes from your on-premises network (or peered network) and applies them only to instances residing in the same region as the Cloud Router . Instances in other regions of the same VPC will not learn these routes directly.
2.2. Traffic Flow and Implications
If an on-premises host needs to reach a VM in a different region of your VPC network, and you are using Regional dynamic routing mode, the traffic must "hairpin" through the GCP region where your Cloud Router (and corresponding Cloud Interconnect VLAN attachment or Cloud VPN tunnel) is located.
This means:
- On-premises traffic travels to Cloud Router in Region A.
- Cloud Router in Region A routes traffic into the VPC.
- Traffic then travels across Google's backbone *within* your VPC from Region A to Region B.
- Return traffic from Region B to on-premises will follow the reverse path back through Region A.
Regional Dynamic Routing Mode Flow
2.3. When to Choose Regional Mode
- Strict Data Residency: When specific regulatory requirements dictate that data or traffic must not logically cross regional boundaries unless explicitly managed.
- Regional-Only Deployments: For applications that are entirely contained within a single GCP region and whose on-premises connectivity only needs to reach that specific region.
- Simplicity for Small Scale: If your GCP deployment is simple, limited to one region for now, and complexity management is a primary driver.
- Cost Considerations for Egress: If you use Cloud VPN/Interconnect in Region A and have traffic going to/from Region B, the hairpinning in Regional mode means all traffic egressing to on-premises from Region B will transit through Region A first, potentially incurring additional regional network egress costs or inter-region data transfer costs depending on the specific product and scenario.
3. Global Dynamic Routing Mode
3.1. Definition
In Global dynamic routing mode , a Cloud Router advertises and learns routes for all subnets in the entire GCP VPC network, regardless of the region in which the Cloud Router is deployed.
- Routes Advertised (from GCP to On-Prem/Peer): A Cloud Router advertises prefixes (subnets) from all regions in the VPC network .
- Routes Learned (from On-Prem/Peer to GCP): A Cloud Router learns routes from your on-premises network (or peered network) and applies them to all instances across all regions of the VPC network .
3.2. Traffic Flow and Implications
If an on-premises host needs to reach a VM in a different region of your VPC network (e.g., Region B, having connected to Cloud Router in Region A), the traffic will traverse Google's low-latency, high-bandwidth global backbone *within* your VPC.
This means:
- On-premises traffic travels to Cloud Router in Region A.
- Cloud Router in Region A routes traffic into the VPC.
- Traffic is then directed across Google's backbone *directly* to the destination subnet in Region B. It does not hairpin.
- Return traffic from Region B to on-premises will likely follow a similar optimized path, directly from Region B through Google's backbone to the Cloud Router's origin PoP and then to on-premises.
Global Dynamic Routing Mode Flow
3.3. When to Choose Global Mode
- Multi-Region Deployments: Required for applications spanning multiple GCP regions that need low-latency, efficient communication with on-premises resources.
- Active/Active or Active/Passive DR: Essential for seamless routing during disaster recovery scenarios, where traffic needs to failover to a different GCP region.
- Distributed Applications: When components of an application are deployed across multiple regions and require fast inter-server and server-to-on-premises communication.
- Simplified Routing: Easier routing management as all remote Cloud Routers know about all subnets in the VPC.
4. Comparison Table: Regional vs. Global Dynamic Routing
| Feature | Regional Dynamic Routing | Global Dynamic Routing |
|---|---|---|
| Route Advertisement Scope (GCP to On-Prem) | Only subnets in the Cloud Router's local region. | All subnets in the entire VPC network (all regions). |
| Route Learning Scope (On-Prem to GCP) | Learned routes apply only to instances in the Cloud Router's local region. | Learned routes apply to instances across all regions of the VPC network. |
| Inter-Region Traffic Path (from On-Prem) | Hairpins through the Cloud Router's region. | Directed path within GCP's backbone to the destination region. |
| Latency for Inter-Region Traffic | Higher (due to hairpinning). | Lower, optimized (direct path through Google's backbone). |
| Complexity | Simpler to reason about for contained regional deployments. More complex for multi-region. | More complex initial routing table globally, but simpler for multi-region traffic flow. |
| Data Residency Control | Inherently limits route advertisement to specific regions. | Advertises all VPC routes globally, requiring additional filtering if residency is strict. |
| Primary Use Case | Single-region deployments, strict regional traffic containment needs. | Multi-region deployments, active/active or active/passive DR, distributed applications. |
5. Advanced Scenarios & Considerations
- Shared VPC: The dynamic routing mode is configured on the Shared VPC host project's network. All Cloud Routers within that shared VPC (whether in the host or service projects) will operate under that same mode. Global mode is almost always preferred for Shared VPCs supporting multi-region applications.
- VPC Network Peering: Cloud Router can exchange routes over VPC Network Peering connections. In Global mode, routes learned from a peered network are propagated throughout your entire VPC. In Regional mode, they only apply within the Cloud Router's region.
- Route Filtering/Advertised Routes: Regardless of the global/regional mode, you can still control which specific IP ranges Cloud Routers advertise to your on-premises network. This is useful for security or traffic engineering.
- ECMP: Equal-Cost Multi-Path routing works with both modes, allowing traffic distribution across multiple equal-cost paths (e.g., multiple Cloud VPN tunnels or Cloud Interconnect VLAN attachments).
- Cost Impact: Hairpinning in Regional mode might incur additional inter-region data transfer costs or egress costs if traffic has to leave and re-enter a region just to reach another region within your VPC. Global mode generally optimizes internal traffic path, potentially reducing such costs by taking advantage of Google's backbone.
6. GCP Network Professional Exam Tips
- Default is Regional: New VPC networks are created with Regional dynamic routing mode by default. Always remember to change it to Global if your use case requires multi-region communication or DR.
- "Hairpinning": Understand this concept for Regional mode. Traffic from on-premises to a different GCP region will traverse the Cloud Router's region first. This highlights increased latency and potential egress costs.
- Global is for Multi-Region/DR: If the scenario involves applications or services spanning multiple GCP regions requiring efficient on-premises connectivity, Global dynamic routing mode is almost always the answer.
- Shared VPC Implications: The mode is set at the host project level and affects all service projects.
- Impact on Learned Routes: For Regional mode, remember that routes learned from on-premises are only "known" to instances in the Cloud Router's local region. For Global, they are known throughout the entire VPC.
- BGP Functionality: Both modes rely on BGP for dynamic route exchange. Know that BFD speeds up failover, and ECMP enables multi-path routing.