Configuring a Static Route for Policy-Based Routing with gcloud | PCNE Exam | Google

Choosing the Next Hop for Configuring Static Routes - PCNE Exam | Google

Prev Question Next Question

Question

You need to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command.

Which next hop should you choose?

Answers

A. The default internet gateway

B. The IP address of the Cloud VPN gateway

C. The name and region of the Cloud VPN tunnel

D. The IP address of the instance on the remote side of the VPN tunnel.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://cloud.google.com/vpn/docs/how-to/creating-static-vpns

If you want to configure a static route to an on-premises resource behind a Cloud VPN gateway that is configured for policy-based routing using the gcloud command, you should choose the IP address of the instance on the remote side of the VPN tunnel as the next hop. This is because policy-based routing allows you to route traffic based on policies that are defined using attributes such as source IP address, destination IP address, protocol, or port number.

Here are the reasons why the other answer options are not correct:

A. The default internet gateway is used to route traffic to destinations outside your VPC network, but it is not applicable in this scenario where you want to route traffic to an on-premises resource behind the VPN gateway.

B. The IP address of the Cloud VPN gateway is the local endpoint of the VPN tunnel and not the remote endpoint where the on-premises resource is located. Therefore, choosing this as the next hop will not route traffic to the intended destination.

C. The name and region of the Cloud VPN tunnel is used to identify the VPN tunnel, but it is not a valid next hop option for routing traffic.

D. The IP address of the instance on the remote side of the VPN tunnel is the correct choice for the next hop because it is the endpoint where the on-premises resource is located. Choosing this as the next hop will route traffic to the intended destination.

To configure a static route to an on-premises resource behind a Cloud VPN gateway using the gcloud command, you can use the following command:

lua
gcloud compute routes create <ROUTE_NAME> \ --network <VPC_NETWORK_NAME> \ --destination-range <DESTINATION_CIDR> \ --next-hop-instance <INSTANCE_NAME> \ --next-hop-instance-zone <INSTANCE_ZONE> \ --tags <TAGS> \ --priority <PRIORITY>

Replace the placeholders with the following values:

<ROUTE_NAME>: a name for the static route
<VPC_NETWORK_NAME>: the name of the VPC network where the Cloud VPN gateway is located
<DESTINATION_CIDR>: the CIDR range for the on-premises resource that you want to reach
<INSTANCE_NAME>: the name of the instance on the remote side of the VPN tunnel where the on-premises resource is located
<INSTANCE_ZONE>: the zone where the instance is located
<TAGS>: any network tags that you want to apply to the route (optional)
<PRIORITY>: a priority for the route (optional)

For example, the following command creates a static route named onprem-route that routes traffic to the on-premises resource with CIDR range 192.168.1.0/24 through the instance named onprem-instance in zone us-central1-a:

css
gcloud compute routes create onprem-route \ --network my-vpc \ --destination-range 192.168.1.0/24 \ --next-hop-instance onprem-instance \ --next-hop-instance-zone us-central1-a \ --priority 1000

I hope this helps!

Prev Question Next Question