How Cloud Router works
Cloud Router is an API abstraction implemented by multiple and redundant BGPtasks, a dynamic route control plane, and Virtual Private Cloud (VPC) networkcontrol and data planes. Understanding how these three software components worktogether helps you understand Cloud Router operations and howlearned-route-best-path-selection options work.
Software components of Cloud Router
There are several software components within Cloud Router andVPC:
- Cloud Router BGP task
- Cloud Router BGP tasks are grouped together within a region. EachBGP task communicates with a dynamic route control plane for its region andgroup. BGP tasks don't handle packet data processing. Instead, BGP tasks manageBGP sessions to send and receive BGP prefixes.
- Dynamic route control plane
- Each region contains a dynamic route control plane that communicates withBGP tasks for its region and group. In global dynamic routing mode, dynamicroute control planes in one region also communicate with dynamic route controlplanes in other regions. Each dynamic route control plane sends messages to theVPC network control plane.
- VPC network control and data planes
Google Cloud uses theAndromeda network virtualization stack (PDFdownload)as the distributed control and data plane for VPC networking, andincludes the following components:
- VPC network control plane
- Each region contains a VPC network control plane thatreceives information from the groups of dynamic route control planes intheir own region. Each VPC network control plane programsdynamic routes in receiving VPC networks. VPCnetwork control planes also enforce dynamic route quotas.
- VPC network data plane
- Each region contains a VPC network data plane thatevaluates and implements dynamic routes using information from theVPC network control plane. The VPC networkdata plane performs packet forwarding.
Cloud Router BGP tasks
The following table shows how many BGP tasks a Cloud Router uses forcommon scenarios:
| Example scenario | Number of BGP tasks used to implement the Cloud Router |
|---|---|
| One or more interfaces, each connected to a Classic VPN tunnel. | One BGP task |
| One or more interfaces, each connected to a VLAN attachment, where the VLAN attachments are in the same edge availability domain. | One BGP task |
Any number of interfaces, each connected to an HA VPN tunnel, where the tunnels are all connected to the same interface number on one or more HA VPN gateways—for example, two tunnels, each connected tointerface 0 on different HA VPN gateways. | One BGP task |
| At least two interfaces, one connected to a VLAN attachment in a single edge availability domain, and another connected to a single HA VPN tunnel, where the edge availability domain and VPN gateway interface numbers are the same—for example, the first edge availability domain in a pair of edge availability domains and the first VPN gateway interface. | One BGP task |
At least two interfaces, each connected to a Router appliance instance, where one of the interfaces is configured as a redundant interface. To create a redundant interface, use theredundant-interface flag (Google Cloud CLI) or theredundantInterface field (Compute Engine API). Router appliance is part of Network Connectivity Center. | Two BGP tasks |
| At least two interfaces, each connected to a VLAN attachment, where the VLAN attachments are in different edge availability domains. | Two BGP tasks |
At least two interfaces, each connected to an HA VPN tunnel, where each tunnel is connected to different HA VPN gateway interface numbers—for example, one tunnel connected tointerface 0 of an HA VPN gateway and another tunnel connected tointerface 1 of the same gateway or a different gateway. | Two BGP tasks |
A Cloud Router with at least the following:
| Three BGP tasks |
Software maintenance
Cloud Router maintenance events release new features and improvereliability. During maintenance, new BGP tasks take over as BGP speakers andresponders. Before maintenance, the last BGP task notifies its peer router inone of the following ways:
If the peer router supports graceful restart, Cloud Router sends agraceful restart notification (a TCP
FINpacket).If the peer routerdoesn't support graceful restart, Cloud Routersends a BGP
CEASEnotification to the peer router to terminate the BGPsession.
Cloud Router maintenance events aren't announced in advance becausemaintenance events are automatic and not disruptive, as long as the peerrouter supports graceful restart. Maintenance events are designed to complete inless than 120 seconds—thus, Cloud Router uses a120 secondgraceful restarttimer. Forinformation about how to find completed maintenance events, seeIdentify routermaintenance events.
If the peer router supports graceful restart, the peer router logs a gracefulrestart event during Cloud Router maintenance. In accordance withSection 4.2 of RFC4724, the peerrouter must honor the 120 second Cloud Router graceful restart timer,preserving learned routes and continuing to advertise routes, in the event that:
Cloud Router stops sending BGP keepalive packets.
Applicable only when BFD is configured: Cloud Router stops sending BFD packets. Consequently, the peer routermust honor the BFD control plane independent bit value of
0because Cloud Router uses a control planedependent BFD implementation. For more information, seegraceful restart and BFD.
If the peer routerdoesn't support graceful restart or if a peer router hasgraceful restart disabled, Cloud Router sends a BGPCEASEnotification followingSection 4.5 of RFC4271. After theCEASE notification, the BGP session remains down until Cloud Routerreplaces the BGP task. Making adjustments to the Cloud Router holdtimer or the peer router hold timer doesn't prevent the BGP session fromterminating.
Planned Cloud Interconnect maintenance
Forplanned Cloud Interconnectmaintenance,Cloud Router sends a BGPCEASE notification that terminates the BGPsession, removing the session's learned and advertised routes. Neither thegraceful restart timer nor the negotiated BGP hold timer apply during plannedmaintenance events.
Unexpected BGP task failures
Cloud Router uses multiple BGP tasks so that HA VPNtunnel pairs, Router appliances, and VLAN attachments that meet aCloud Interconnect SLA don't depend on a single BGP task. For moreinformation, see theCloud Router BGP tasks section ofthis document. If a Cloud Router BGP task fails unexpectedly,Cloud Router isn't able to send one of the notifications that itnormally sends during software maintenance. However, both learned and advertisedroutes remain for the duration of the negotiatedholdtimer.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-18 UTC.