Set up Google Cloud to work with your Bare Metal Solution environment
When your Bare Metal Solution environment is ready, you are notified by Google Cloud. The notification includes the internal IP addresses of your new servers.
These instructions show you how to do the following tasks that are required to connect to your Bare Metal Solution environment:
- Create redundant VLAN attachments to the Bare Metal Solution environment.
- Create a jump host VM instance in your VPC network.
- Use SSH or RDP to log in to your Bare Metal Solution servers from the jump host VM instance.
After you are connected to your servers, validate the configuration of your Bare Metal Solution order.
Before you begin
To connect to and configure your Bare Metal Solution environment, you need:
- A Google Cloud project with billing enabled. You can create a project on the project selector page in the Google Cloud console.
- A Virtual Private Cloud (VPC) network. This is the VPC network that you named when you placed your order for Bare Metal Solution. If you need to create the VPC network, see Using VPC networks.
- The following information that is provided to you by Google Cloud
when your Bare Metal Solution is ready:
- The IP addresses of your bare-metal servers.
- The temporary passwords for each of your bare-metal servers.
 
Create the VLAN attachments for the Cloud Interconnect connection
To access your Bare Metal Solution server, you need to create and set up
VLAN attachments (also known as InterconnectAttachments) in the same
region as your server. A VLAN attachment is a logical object in
Cloud Interconnect that is used to connect your Bare Metal Solution
environment to Google Cloud.
We recommend creating VLAN attachments in redundant pairs for high availability. The primary VLAN attachment and the secondary VLAN attachment of a pair are each provisioned in a separate EAD (Edge Availability Domain) in separate hardware and physical racks. This ensures high availability during events, such as maintenance.
 
A single VLAN attachment supports a maximum speed of 10 Gbps. A pair of VLAN attachments (that is, the primary and the secondary VLAN attachments) can support a maximum speed of 20 Gbps. To achieve higher throughput between your Bare Metal Solution environment and VPC network, you can configure multiple VLAN attachment pairs.
To make one VLAN attachment preferable over others, you can update the base route priority on the Cloud Router.
After creating the VLAN attachments, you need to pre-activate them and add them to your Bare Metal Solution VRF. To create and set up your VLAN attachments, follow these steps:
Console
- If you don't already have a Cloud Router in your Bare Metal Solution network and region, create a Cloud Router to connect your Bare Metal Solution environment with your VPC network. - You can use a single Cloud Router for the both VLAN attachments or separate Cloud Routers for each VLAN attachment. - For peering with Bare Metal Solution, use Google Public ASN ( - 16550) when creating the router.- For instructions, see Create Cloud Routers. 
- In the Google Cloud console, go to the Cloud Interconnect VLAN attachments page. 
- Click Create VLAN attachments. 
- Select Partner Interconnect, and then click Continue. 
- Select I already have a service provider. 
- Select Create a redundant pair of VLAN attachments. - Both VLAN attachments can serve traffic, and you can route the traffic to load-balance between them. If one attachment goes down (for example, during scheduled maintenance), then the other attachment continues to serve traffic. For more information, see Redundancy and SLA. 
- In the Network field, select your VPC network. 
- In the Region field, select the Google Cloud region. 
- Specify the following details for the both VLAN attachments. - Cloud Router — A Cloud Router to associate
with this VLAN attachment. You can only choose a Cloud Router that
has an ASN of 16550and is in your VPC network and region.
- VLAN attachment name — A name for each attachment. For
example, my-attachment-1andmy-attachment-2.
- Description — Information about each VLAN attachment.
- Maximum transmission unit (MTU) — The maximum packet size
for network transmission. The default size is 1440.
You can choose between following MTUs when 
creating your VLAN attachments.
- 1440
- 1460
- 1500
- 8896
 
 
- Cloud Router — A Cloud Router to associate
with this VLAN attachment. You can only choose a Cloud Router that
has an ASN of 
- Click OK. - On the VLAN attachments page, the VLAN attachment status shows - waiting for service provider. Proceed to the next step.
- After Google Cloud notifies you that your Bare Metal Solution servers are ready, add your new VLAN attachments to a VRF by following these steps: - To add VLAN attachments to an existing VRF, follow the instructions in Add a VLAN attachment.
- To add VLAN attachments to a new VRF, follow the instructions in Create a VRF.
 
gcloud
- If you don't already have Cloud Router instances in the network and region that you are using with Bare Metal Solution, create one for each VLAN attachment. Use - 16550as the ASN number:- gcloud compute routers create router-name \ --network vpc-network-name \ --asn 16550 \ --region region - For more information, see Creating Cloud Routers. 
- Create an - InterconnectAttachmentof type- PARTNER, specifying the name of your Cloud Router and the edge availability domain (EAD) of the VLAN attachment. Also, add the- --admin-enabledflag to pre-activate the attachments and send traffic immediately after Google Cloud completes the Bare Metal Solution configuration.- gcloud compute interconnects attachments partner create first-attachment-name \ --region region \ --router first-router-name \ --edge-availability-domain availability-domain-1 \ --admin-enabled - gcloud compute interconnects attachments partner create second-attachment-name \ --region region \ --router second-router-name \ --edge-availability-domain availability-domain-2 \ --admin-enabled - Google Cloud automatically adds an interface and a BGP peer on the Cloud Router. - The following example creates redundant attachments, one in EAD - availability-domain-1and another in EAD- availability-domain-2. Each is associated with a separate Cloud Router,- my-router-1and- my-router-2, respectively. They are both in the- us-central1region.- gcloud compute interconnects attachments partner create my-attachment \ --region us-central1 \ --router my-router-1 \ --edge-availability-domain availability-domain-1 \ --admin-enabled - gcloud compute interconnects attachments partner create my-attachment \ --region us-central1 \ --router my-router-2 \ --edge-availability-domain availability-domain-2 \ --admin-enabled 
- Run the - gcloud compute interconnects attachments describecommand to view the details of the VLAN attachment.- gcloud compute interconnects attachments describe my-attachment \ --region us-central1 - adminEnabled: false edgeAvailabilityDomain: AVAILABILITY_DOMAIN_1 creationTimestamp: '2017-12-01T08:29:09.886-08:00' id: '7976913826166357434' kind: compute#interconnectAttachment labelFingerprint: 42WmSpB8rSM= name: my-attachment region: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1 router: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1/routers/my-router selfLink: https://www.googleapis.com/compute/v1/projects/customer-project/regions/us-central1/interconnectAttachments/my-attachment state: PENDING_PARTNER type: PARTNER - The state of the VLAN attachment is PENDING_PARTNERuntil Google Cloud completes your VLAN attachment configuration. Afterwards, the state of the attachment isINACTIVEorACTIVE, depending on whether you chose to pre-activate your attachments.
 - When you request connections from Google Cloud, you must select the same metro (city) for both attachments for them to be redundant. For more information, see the Redundancy section in the Partner Interconnect Overview page. 
- The state of the VLAN attachment is 
- If the VLAN attachments do not come up after Google Cloud completes your Bare Metal Solution order, activate each VLAN attachment: - gcloud compute interconnects attachments partner update attachment-name \ --region region \ --admin-enabled 
You can check the status of the Cloud Routers and your advertised routes in the Cloud console. For more information, see Viewing Router Status and Advertised Routes.
Set up routing between Bare Metal Solution and Google Cloud
As soon as your VLAN attachments are active, your BGP sessions come up and the routes from the Bare Metal Solution environment are received over the BGP sessions.
Add a custom advertised route for a default IP range to your BGP sessions
To set up routing for traffic from the Bare Metal Solution environment, the
recommendation is to add a custom advertised route of a default route,
such as 0.0.0.0/0,  on your BGP sessions to the Bare Metal Solution
environment.
To specify advertisements on an existing BGP session:
Console
- Go to the Cloud Router page in the Google Cloud console.
 Cloud Router list
- Select the Cloud Router that contains the BGP session to update.
- In the Cloud Router's detail page, select the BGP session to update.
- In the BGP session details page, select Edit.
- For the Routes, select Create custom routes.
- Select Add custom route to add an advertised route.
- Configure the route advertisement.
- Source — Select Custom IP range to specify a custom IP address range.
- IP address range — Specify the custom IP address range by using CIDR notation.
- Description — Add a description to help you identify the purpose of this custom advertised route.
 
- After you're done adding routes, select Save.
gcloud
You can add to existing custom advertised routes or you can set a new custom advertised route, which replaces any existing custom advertised routes with the new one.
To set a new custom advertised route for a default IP range, use the
--set-advertisement-ranges flag:
gcloud compute routers update-bgp-peer router-name \ --peer-name bgp-session-name \ --advertisement-mode custom \ --set-advertisement-ranges 0.0.0.0/0
To append the default IP range to existing ones, use the
--add-advertisement-ranges flag. Note that this flag requires the
Cloud Router's advertisement mode to already be set to custom.
The following example, adds the 0.0.0.0/0 custom IP to the
Cloud Router's advertisements:
gcloud compute routers update-bgp-peer router-name \ --peer-name bgp-session-name \ --add-advertisement-ranges 0.0.0.0/0
Optionally, set the VPC Network Dynamic Routing Mode to global
If you have Bare Metal Solution servers in two different regions, consider enabling global routing mode on the VPC network to have your Bare Metal Solution regions talk to each other directly over the VPC network.
The global routing mode is also needed to enable communications between an on-premises environment that is connected to one Google Cloud region and a Bare Metal Solution environment in another Google Cloud region.
To set the global routing mode, see Set routing and best path selection modes.
VPC firewall setup
New VPC networks come with active default firewall rules that restrict most traffic in the VPC network.
To connect to your Bare Metal Solution environment, network traffic must be enabled between:
- Your Bare Metal Solution environment and network destinations on Google Cloud.
- Your local environment and your resources on Google Cloud, such as any jump host VM instance you might use to connect to your Bare Metal Solution environment.
Within your Bare Metal Solution environment, if you need to control network traffic between the bare-metal servers or between the servers and destinations not on Google Cloud, you need to implement a control mechanism yourself.
To create a firewall rule in your VPC network on Google Cloud:
Console
- Go to the Firewall rules page: 
- Click Create firewall rule. 
- Define the firewall rule. - Name the firewall rule.
- In the Network field, select the network where your VM is located.
- In the Targets field, specify either Specified target tags or Specified service account.
- Specify the target network tag or service account in the appropriate fields.
- In the Source filter field, specify IP ranges to allow incoming traffic from your Bare Metal Solution environment.
- In the Source IP ranges field, specify the IP addresses of the servers or devices in your Bare Metal Solution environment.
- In the Protocols and ports section, specify the protocols and ports that are required in your environment.
- Click Create.
 
gcloud
The following command creates a firewall rule that defines the source by using an IP range and the target by using the network tag of an instance. Modify the command for your environment as necessary.
gcloud compute firewall-rules create rule-name \ --project=your-project-id \ --direction=INGRESS \ --priority=1000 \ --network=your-network-name \ --action=ALLOW \ --rules=protocol:port \ --source-ranges=ip-range \ --target-tags=instance-network-tag
For more information about creating firewall rules, see Creating firewall rules.
Connecting to your bare-metal server
The servers in your Bare Metal Solution environment are not provisioned with external IP addresses.
After you have created a firewall rule to allow traffic into your VPC network from the Bare Metal Solution environment, you can connect to your server by using a jump host VM instance.
Create a jump host VM instance on Google Cloud
To quickly connect to your bare-metal servers, create a Compute Engine virtual machine (VM) to use as a jump host. Create the VM in the same Google Cloud region as your Bare Metal Solution environment.
If you need a more secure connection method, see Connect using a bastion host.
To create a jump host VM instance, choose the instructions below based on the operating system you are using in your Bare Metal Solution environment.
For more information about creating Compute Engine VM instances, see Creating and starting a VM instance.
Linux
Create a virtual machine instance
- In the Google Cloud console, go to the VM Instances page: 
- Click Create instance. 
- In the Name field, specify a name for the VM instance. 
- Under Region, select the region of your Bare Metal Solution environment. 
- In the Boot disk section, click Change. - In the Operating systems field, select an OS of your choice.
- In the Version field, select the OS version.
 
- Click Management, security, disks, networking, sole tenancy to expand the section. 
- Click Networking to display the networking options. - Optionally, under Network tags, define one or more network tags for the instance.
- Under Network interfaces, confirm that the proper VPC network is displayed.
 
- Click Create. 
Allow a short time for the instance to start. After the instance is ready, it is listed on the VM instances page with a green status icon.
Connect to your jump host VM instance
- If you need to create a firewall rule to allow access to your jump host VM instance, see Firewall setup. 
- In the Google Cloud console, go to the VM instances page: 
- In the list of VM instances, click SSH in the row that contains your jump host.   
You now have a terminal window with your jump host VM instance, from which you can connect to your bare-metal server by using SSH.
Logging in to a Bare Metal Solution server for the first time
Linux
- On the jump host VM instance, open a command-line terminal and confirm that you can reach your Bare Metal Solution server: - ping bare-metal-ip - If your ping is unsuccessful, check and correct the following: - Your VLAN attachments are active with a - Statusof- Up. See Create the VLAN attachments for the Cloud Interconnect connection.
- Your VLAN attachments include a custom advertised route of - 0.0.0.0/0. See Add a custom advertised route for a default IP range to your BGP sessions.
- Your VPC includes a firewall rule that allows access from the IP address range that you are using in the Bare Metal Solution environment for communication with the Google Cloud environment. See VPC firewall setup. 
 
- From the jump host VM instance, SSH into the Bare Metal Solution server by using the - customeradminuser ID and the IP address of the server:- ssh customeradmin@bare-metal-ip 
- When prompted, enter the password provided to you by Google Cloud. 
- On first login, you are required to change the password for your Bare Metal Solution server. 
- Set a new password and store it in a safe location. After resetting the password, the server logs you out automatically. 
- Log back into the Bare Metal Solution server using the - customeradminuser ID and your new password:- ssh customeradmin@bare-metal-ip 
- We recommend that you also change the root user password. Start by logging in as the root user: - sudo su - 
- To change the root password, issue the - passwdcommand and follow the prompts:- passwd 
- To return to the - customeradminuser prompt, exit the root user prompt:- exit 
- Remember to store your passwords in a safe place for recovery purposes. 
- Confirm that your server configuration matches your order. The things to check include: - The server configuration, including the number and type of CPUs, the sockets, and the memory.
- The operating system or hypervisor software, including vendor and version.
- The storage, including type and amount.
 
Set up access to the public internet
Bare Metal Solution doesn't come with access to the internet. You can choose from the following methods to set up access depending on various factors, including your business requirements and existing infrastructure:
- Access internet using a Compute Engine VM as a Proxy VM server.
- Routing traffic through a Compute Engine VM that serves as a proxy server. - You can use a Compute Engine VM in the following ways to route the traffic: - Method 1: Access internet using a Compute Engine VM and Cloud NAT.
- Method 2: Access internet using redundant Compute Engine VMs, Cloud NAT, internal passthrough Network Load Balancer, and policy-based routing.
- Method 3: Access internet using redundant Compute Engine VMs, Cloud NAT, internal passthrough Network Load Balancer, and policy-based routing in a separate VPC.
 
- Routing traffic through Cloud VPN or Dedicated Interconnect to on-premises gateways to the internet. 
Access internet using a Compute Engine VM and Cloud NAT
The following instructions set up a NAT gateway on a Compute Engine VM to connect the servers in a Bare Metal Solution environment to the internet for purposes such as receiving software updates.
The instructions use the default internet gateway of your VPC network to access the internet.
The Linux commands that are shown in the following instructions are for the Debian operating system. If you use a different operating system, the commands you need to use might also be different.
In the VPC network that you are using with your Bare Metal Solution environment, perform the following steps:
- Open the Cloud Shell: 
- Create and configure a Compute Engine VM to serve as a NAT gateway. - Create a VM: - gcloud compute instances create instance-name \ --machine-type=machine-type-name \ --network vpc-network-name \ --subnet=subnet-name \ --can-ip-forward \ --zone=your-zone \ --image-family=os-image-family-name \ --image-project=os-image-project \ --tags=natgw-network-tag \ --service-account=optional-service-account-email - In later steps, you use the network tag that you define in this step to route traffic to this VM. - If you don't specify a service account, remove the - --service-account=flag. Compute Engine uses the default service account of the project.
- Create a Cloud NAT for VM internet access - Instructions to create a Cloud NAT for the VM - HERE 
- SSH into the NAT gateway VM and configure the iptables: - $ sudo sysctl -w net.ipv4.ip_forward=1- $ sudo iptables -t nat -A POSTROUTING \ -o $(/bin/ip -o -4 route show to default | awk '{print $5}') -j MASQUERADE- The first sudo command tells the kernel that you want to allow IP forwarding. The second sudo command masquerades packets received from internal instances as if they were sent from the NAT gateway instance. 
- Check the iptables: - $ sudo iptables -v -L -t nat
- To retain your NAT gateway settings across a reboot, execute the following commands on the NAT gateway VM: - $ sudo -i- $ echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/70-natgw.conf- $ apt-get install iptables-persistent- $ exit
 
- In Cloud Shell, create a route to - 0.0.0.0/0with the default internet gateway as the next hop. Specify the network tag that you defined in the previous step on the- --tagsargument. Assign the route a higher priority than any other default route.- gcloud compute routes create default-internet-gateway-route-name \ --destination-range=0.0.0.0/0 \ --network=network-name \ --priority=default-igw-route-priority \ --tags=natgw-network-tag,default-igw-tags \ --next-hop-gateway=default-internet-gateway - natgw-network-tag should be the same tag as natgw-vm is tagged in step 2. Your natvm created in step 2 will be using the default internet gateway to access the internet.. 
- Add the network tag (default-igw-tags) that you just created to any existing VMs in your VPC network that need internet access, so that they can continue to access the internet after you create a new default route that your Bare Metal Solution servers can also use. 
- Optional: Remove routes to the internet that existed before the route you created in the previous step, including those created by default. 
- Confirm that any existing VMs in your network and the NAT gateway VM can access the internet by pinging an external IP address, such as 8.8.8.8, the Google DNS, from each VM. 
- Create a default route to - 0.0.0.0/0with the NAT gateway VM as the next hop. Give the route a lower priority than priority that you specified for the first route that you created.- gcloud compute routes create natgw-route-name \ --destination-range=0.0.0.0/0 \ --network=network-name \ --priority=natgw-route-priority \ --next-hop-instance=natgw-vm-name \ --next-hop-instance-zone=natgw-vm-zone 
- Log in to your Bare Metal Solution servers and ping an external IP address to confirm that they can access the internet. - If the ping is not successful, make sure that you have created a firewall rule that allows access from your Bare Metal Solution environment to your VPC network. 
Access internet using redundant Compute Engine VMs, Cloud NAT, internal passthrough Network Load Balancer, and policy-based routing
This section shows how to set up internal passthrough Network Load Balancer with Compute Engine VMs and Cloud NAT configured as the backend. Policy-based routing forwards the internet traffic to the frontend of the internal passthrough Network Load Balancer.
The following diagram shows this setup.
In the VPC network of your Bare Metal Solution environment, perform the following steps:
- Create and configure a Compute Engine VM and the Cloud NAT to serve as a NAT gateway. Complete the steps described in Method 1: Using a single Compute Engine VM and Cloud NAT. - A lightweight http server can be used to perform a health check for internal passthrough Network Load Balancer. - # Installing http server sudo yum install httpd sudo systemctl restart httpd # Testing curl http://127.0.0.1:80
- Create an instance group. - gcloud compute instance-groups unmanaged create INSTANCE_GROUP_NAME --project=PROJECT_ID --zone=ZONE- Replace the following: - INSTANCE_GROUP_NAME: the name of the instance group
- PROJECT_ID: the ID of the project
- ZONE: the zone in which to create the instance group
 
- Add the VM to the instance group. - gcloud compute instance-groups unmanaged add-instances INSTANCE_GROUP_NAME --project=PROJECT_ID --zone=ZONE --instances=VM_NAME- Replace the following: - INSTANCE_GROUP_NAME: the name of the instance group
- PROJECT_ID: the ID of the project
- ZONE: the zone in which to create the instance group
- VM_NAME: the name of the VM
 
- Create an internal passthrough Network Load Balancer: - Start your configuration- In the Google Cloud console, go to the Load balancing page. 
- Click Create load balancer.
- For Type of load balancer, select Network Load Balancer (TCP/UDP/SSL) and click Next.
- For Proxy or passthrough, select Passthrough load balancer and click Next.
- For Public facing or internal, select Internal and click Next.
- Click Configure.
 - Basic configuration- Set Load balancer name.
- Select a Region.
- Select a Network.
 - Configure the backend and frontend- Click Backend configuration and make the following changes: - To add backends, do the following:
- Under New Backend, to handle IPv4 traffic only, select the IP stack type as IPv4 (single-stack).
- Select your instance group and click Done.
 
- Select a health check. You can also create a health check, enter the following information, and click Save: - Name: Enter a name for the health check.
- Protocol: HTTP
- Port: 80
- Proxy protocol: NONE
- Request path: /
 
 
- To add backends, do the following:
- Click Frontend configuration. In the New Frontend IP and port section, make the following changes: - Ports: Choose All, and enter 80,8008,8080,8088for the Port number.
- Click Done.
 
- Ports: Choose All, and enter 
- Click Review and finalize. 
- Review your load balancer configuration settings. 
- Click Create. 
 
- Create a policy-based route for the internet. - gcloud network-connectivity policy-based-routes create ROUTE_NAME \ --source-range=SOURCE_RANGE \ --destination-range=0.0.0.0/0 \ --ip-protocol=ALL \ --network="projects/PROJECT_ID/global/networks/NETWORK" \ --next-hop-ilb-ip=NEXT_HOP \ --description="DESCRIPTION" \ --priority=PRIORITY \ --interconnect-attachment-region=REGION- Replace the following: - ROUTE_NAME: the name of the policy-based route
- SOURCE_RANGE: the source IP CIDR range. In this case, this is the Bare Metal Solution IP address.
- PROJECT_ID: the ID of the project
- NETWORK: the network to which the policy-based route is applied
- NEXT_HOP: the IPv4 address of the route's next hop. In this case, this is the IP address of the frontend of the internal passthrough Network Load Balancer.
- DESCRIPTION: a description of the route
- PRIORITY: the priority of the policy-based route compared to other policy-based routes
- REGION: the region of the VLAN attachment
 
- Create a policy-based route to skip the internet policy-based route for on-premises subnets and local subnets. - gcloud network-connectivity policy-based-routes create ROUTE_NAME \ --source-range=SOURCE_RANGE/32 \ --destination-range=DESTINATION_RANGE \ --ip-protocol=ALL \ --network="projects/PROJECT_ID/global/networks/VPC_NAME" \ --next-hop-other-routes="DEFAULT_ROUTING" \ --description="DESCRIPTION" \ --priority=PRIORITY \ --interconnect-attachment-region=REGION- Replace the following: - ROUTE_NAME: the name of the policy-based route
- SOURCE_RANGE: the source IP CIDR range. In this case, this is the Bare Metal Solution IP address.
- DESTINATION_RANGE: the destination IP CIDR range. In this case, this is the on-premise subnet or a local subnet.
- PROJECT_ID: the ID of the project
- VPC_NAME: the name of the VPC network
- DESCRIPTION: a description of the route
- PRIORITY: the priority of the policy-based route compared to other policy-based routes. The priority of this policy-based route must be less than or equal to the policy-based route for the internet.
- REGION: the region of the VLAN attachment
 
- Update the firewall to allow HTTP port 80 on the VM. - The health check might fail if you don't update the firewall. 
Access internet using redundant Compute Engine VMs, Cloud NAT, internal passthrough Network Load Balancer, and policy-based routing in a separate VPC
If you don't want to add policy-based routes for local subnets, you can use this method to access the internet. However, to use this method, you need to create a VLAN attachment and a VPC to connect the Bare Metal Solution.
The following diagram shows this setup.
Follow these steps:
- Create a VPC network for the internet. - gcloud compute networks create NETWORK --project=PROJECT_ID --subnet-mode=custom --mtu=MTU --bgp-routing-mode=regional- Replace the following: - NETWORK: the name for the VPC network.
- PROJECT_ID: the ID of the project
- MTU: the maximum transmission unit (MTU), which is the largest packet size of the network
 
- Create a subnet. - gcloud compute networks subnets create SUBNET_NAME --project=PROJECT_ID --range=RANGE --stack-type=IPV4_ONLY --network=NETWORK --region=REGION- Replace the following: - SUBNET_NAME: the name for the subnet
- PROJECT_ID: the ID of the project
- RANGE: the IP space allocated to this subnet in CIDR format
- NETWORK: the VPC network to which the subnet belongs
- REGION: the region of the subnet
 
- Create two Cloud Routers for the redundancy and advertisements. - gcloud compute routers create ROUTER_NAME --project=PROJECT_ID --region=REGION --network=NETWORK --advertisement-mode=custom --set-advertisement-ranges=0.0.0.0/0- Replace the following: - ROUTER_NAME: the name of the router
- PROJECT_ID: the ID of the project
- REGION: the region of the router
- NETWORK: the VPC network for this router
 
- Create four VLAN attachments, two for each Cloud Router. - For instructions, see Create VLAN attachments. 
- After the VLAN attachments are active, follow the steps in Method 2: Using redundant Compute Engine VMs, Cloud NAT, internal passthrough Network Load Balancer, and policy-based routing to configure the internet infrastructure. However, for this setup, don't configure the policy-based route for local traffic. Only create a policy-based route for the internet in a routing table of the VPC network. 
Set up access to Google Cloud APIs and services
Bare Metal Solution doesn't come with access to Google Cloud services. You can choose how to implement access depending on various factors, including your business requirements and existing infrastructure.
You can access Google Cloud APIs and services privately from your Bare Metal Solution environment.
You set up private access to the Google Cloud APIs and services from a Bare Metal Solution environment as you would for an on-premises environment.
Follow the instructions for on-premises environments in Configuring Private Google Access for on-premises hosts.
The instructions guide you through the following high-level steps:
- Configuring routes for the Google API traffic.
- Configuring your Bare Metal Solution DNS to resolve *.googleapis.comas aCNAMEtorestricted.googleapis.com.
What's next
After you have set up your Bare Metal Solution environment, you can install your workloads.
If you plan to run Oracle databases on the servers in your Bare Metal Solution environment, you can use the open source Toolkit for Bare Metal Solution to install your Oracle software.