Control access to multicast domains
This page describes how to control access to multicast domains.
If you configured a multicast domain with the Network Connectivity Center (NCC) star topology, then you can control multicast consumer access by accepting or rejecting the VPC spoke that is associated with a multicast consumer network.
For more information, see Hub administration overview in the NCC documentation.
Grant users the ability to propose VPC spokes
To grant multicast consumer network administrators the ability to propose VPC spokes to the hub, see Manage access to create spokes in hubs across projects. You retain full control over which spokes are accepted into the hub. Spokes don't become active until you explicitly accept them.
Multicast consumer network administrators require the ability to propose spokes when they follow the procedure to Enable a VPC network to consume multicast traffic.
Review proposed VPC spokes
To review VPC spokes that multicast consumer network administrators have proposed from different projects, see View proposals pending review.
Accept a VPC spoke
To grant a multicast consumer VPC network access to the multicast domain, accept the VPC spoke that is associated with the consumer VPC network. To learn more, see Accept a spoke proposal.
You can also set up auto-accept projects for spoke groups in a hub. Auto-accept lets you automatically accept into the hub any spokes that are in auto-accept projects, without having to review each spoke proposal.
Reject a VPC spoke
To revoke a multicast consumer VPC network's access to the multicast domain, reject the VPC spoke that is associated with the multicast consumer VPC network. To learn more, see Reject a spoke proposal.
Rejecting a VPC spoke associated with a multicast consumer network does the following:
- The multicast consumer VPC network loses both unicast and multicast connectivity.
- If there are multicast consumer configurations between the multicast consumer
network and any domain that was created by using the NCC hub, then Google Cloud deactivates those multicast consumer resources and assigns them a status of
INACTIVE. The multicast consumer resources still exist in the multicast consumer project, but they are no longer usable.
If you want to restore access after rejection, you can accept the spoke again, which does the following:
- Restores unicast connectivity immediately.
- Lets the multicast consumer network administrator re-establish multicast connectivity after they do the following:
- Delete their existing multicast consumer configurations that are marked as
INACTIVE. - Create new multicast consumer configurations (both consumer associations and group consumer activations).
- Delete their existing multicast consumer configurations that are marked as