Policy
Policy-based Routes are more powerful routes that route L4 network traffic based on not just destination IP, but also source IP, protocol and more. A Policy-based Route always take precedence when it conflicts with other types of routes. To get more information about PolicyBasedRoute, see:
How-to Guides
Example Usage
Network Connectivity Policy Based Route Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const myNetwork = new gcp.compute.Network("my_network", {
name: "my-network",
autoCreateSubnetworks: false,
});
const _default = new gcp.networkconnectivity.PolicyBasedRoute("default", {
name: "my-pbr",
network: myNetwork.id,
filter: {
protocolVersion: "IPV4",
},
nextHopOtherRoutes: "DEFAULT_ROUTING",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
my_network = gcp.compute.Network("my_network",
name="my-network",
auto_create_subnetworks=False)
default = gcp.networkconnectivity.PolicyBasedRoute("default",
name="my-pbr",
network=my_network.id,
filter={
"protocol_version": "IPV4",
},
next_hop_other_routes="DEFAULT_ROUTING")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var myNetwork = new Gcp.Compute.Network("my_network", new()
{
Name = "my-network",
AutoCreateSubnetworks = false,
});
var @default = new Gcp.NetworkConnectivity.PolicyBasedRoute("default", new()
{
Name = "my-pbr",
Network = myNetwork.Id,
Filter = new Gcp.NetworkConnectivity.Inputs.PolicyBasedRouteFilterArgs
{
ProtocolVersion = "IPV4",
},
NextHopOtherRoutes = "DEFAULT_ROUTING",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networkconnectivity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myNetwork, err := compute.NewNetwork(ctx, "my_network", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = networkconnectivity.NewPolicyBasedRoute(ctx, "default", &networkconnectivity.PolicyBasedRouteArgs{
Name: pulumi.String("my-pbr"),
Network: myNetwork.ID(),
Filter: &networkconnectivity.PolicyBasedRouteFilterArgs{
ProtocolVersion: pulumi.String("IPV4"),
},
NextHopOtherRoutes: pulumi.String("DEFAULT_ROUTING"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.networkconnectivity.PolicyBasedRoute;
import com.pulumi.gcp.networkconnectivity.PolicyBasedRouteArgs;
import com.pulumi.gcp.networkconnectivity.inputs.PolicyBasedRouteFilterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myNetwork = new Network("myNetwork", NetworkArgs.builder()
.name("my-network")
.autoCreateSubnetworks(false)
.build());
var default_ = new PolicyBasedRoute("default", PolicyBasedRouteArgs.builder()
.name("my-pbr")
.network(myNetwork.id())
.filter(PolicyBasedRouteFilterArgs.builder()
.protocolVersion("IPV4")
.build())
.nextHopOtherRoutes("DEFAULT_ROUTING")
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networkconnectivity:PolicyBasedRoute
properties:
name: my-pbr
network: ${myNetwork.id}
filter:
protocolVersion: IPV4
nextHopOtherRoutes: DEFAULT_ROUTING
myNetwork:
type: gcp:compute:Network
name: my_network
properties:
name: my-network
autoCreateSubnetworks: falseContent copied to clipboard
Network Connectivity Policy Based Route Full
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const myNetwork = new gcp.compute.Network("my_network", {
name: "my-network",
autoCreateSubnetworks: false,
});
// This example substitutes an arbitrary internal IP for an internal network
// load balancer for brevity. Consult https://cloud.google.com/load-balancing/docs/internal
// to set one up.
const ilb = new gcp.compute.GlobalAddress("ilb", {name: "my-ilb"});
const _default = new gcp.networkconnectivity.PolicyBasedRoute("default", {
name: "my-pbr",
description: "My routing policy",
network: myNetwork.id,
priority: 2302,
filter: {
protocolVersion: "IPV4",
ipProtocol: "UDP",
srcRange: "10.0.0.0/24",
destRange: "0.0.0.0/0",
},
nextHopIlbIp: ilb.address,
virtualMachine: {
tags: ["restricted"],
},
labels: {
env: "default",
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
my_network = gcp.compute.Network("my_network",
name="my-network",
auto_create_subnetworks=False)
# This example substitutes an arbitrary internal IP for an internal network
# load balancer for brevity. Consult https://cloud.google.com/load-balancing/docs/internal
# to set one up.
ilb = gcp.compute.GlobalAddress("ilb", name="my-ilb")
default = gcp.networkconnectivity.PolicyBasedRoute("default",
name="my-pbr",
description="My routing policy",
network=my_network.id,
priority=2302,
filter={
"protocol_version": "IPV4",
"ip_protocol": "UDP",
"src_range": "10.0.0.0/24",
"dest_range": "0.0.0.0/0",
},
next_hop_ilb_ip=ilb.address,
virtual_machine={
"tags": ["restricted"],
},
labels={
"env": "default",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var myNetwork = new Gcp.Compute.Network("my_network", new()
{
Name = "my-network",
AutoCreateSubnetworks = false,
});
// This example substitutes an arbitrary internal IP for an internal network
// load balancer for brevity. Consult https://cloud.google.com/load-balancing/docs/internal
// to set one up.
var ilb = new Gcp.Compute.GlobalAddress("ilb", new()
{
Name = "my-ilb",
});
var @default = new Gcp.NetworkConnectivity.PolicyBasedRoute("default", new()
{
Name = "my-pbr",
Description = "My routing policy",
Network = myNetwork.Id,
Priority = 2302,
Filter = new Gcp.NetworkConnectivity.Inputs.PolicyBasedRouteFilterArgs
{
ProtocolVersion = "IPV4",
IpProtocol = "UDP",
SrcRange = "10.0.0.0/24",
DestRange = "0.0.0.0/0",
},
NextHopIlbIp = ilb.Address,
VirtualMachine = new Gcp.NetworkConnectivity.Inputs.PolicyBasedRouteVirtualMachineArgs
{
Tags = new[]
{
"restricted",
},
},
Labels =
{
{ "env", "default" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networkconnectivity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myNetwork, err := compute.NewNetwork(ctx, "my_network", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
// This example substitutes an arbitrary internal IP for an internal network
// load balancer for brevity. Consult https://cloud.google.com/load-balancing/docs/internal
// to set one up.
ilb, err := compute.NewGlobalAddress(ctx, "ilb", &compute.GlobalAddressArgs{
Name: pulumi.String("my-ilb"),
})
if err != nil {
return err
}
_, err = networkconnectivity.NewPolicyBasedRoute(ctx, "default", &networkconnectivity.PolicyBasedRouteArgs{
Name: pulumi.String("my-pbr"),
Description: pulumi.String("My routing policy"),
Network: myNetwork.ID(),
Priority: pulumi.Int(2302),
Filter: &networkconnectivity.PolicyBasedRouteFilterArgs{
ProtocolVersion: pulumi.String("IPV4"),
IpProtocol: pulumi.String("UDP"),
SrcRange: pulumi.String("10.0.0.0/24"),
DestRange: pulumi.String("0.0.0.0/0"),
},
NextHopIlbIp: ilb.Address,
VirtualMachine: &networkconnectivity.PolicyBasedRouteVirtualMachineArgs{
Tags: pulumi.StringArray{
pulumi.String("restricted"),
},
},
Labels: pulumi.StringMap{
"env": pulumi.String("default"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.networkconnectivity.PolicyBasedRoute;
import com.pulumi.gcp.networkconnectivity.PolicyBasedRouteArgs;
import com.pulumi.gcp.networkconnectivity.inputs.PolicyBasedRouteFilterArgs;
import com.pulumi.gcp.networkconnectivity.inputs.PolicyBasedRouteVirtualMachineArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myNetwork = new Network("myNetwork", NetworkArgs.builder()
.name("my-network")
.autoCreateSubnetworks(false)
.build());
// This example substitutes an arbitrary internal IP for an internal network
// load balancer for brevity. Consult https://cloud.google.com/load-balancing/docs/internal
// to set one up.
var ilb = new GlobalAddress("ilb", GlobalAddressArgs.builder()
.name("my-ilb")
.build());
var default_ = new PolicyBasedRoute("default", PolicyBasedRouteArgs.builder()
.name("my-pbr")
.description("My routing policy")
.network(myNetwork.id())
.priority(2302)
.filter(PolicyBasedRouteFilterArgs.builder()
.protocolVersion("IPV4")
.ipProtocol("UDP")
.srcRange("10.0.0.0/24")
.destRange("0.0.0.0/0")
.build())
.nextHopIlbIp(ilb.address())
.virtualMachine(PolicyBasedRouteVirtualMachineArgs.builder()
.tags("restricted")
.build())
.labels(Map.of("env", "default"))
.build());
}
}Content copied to clipboard
resources:
default:
type: gcp:networkconnectivity:PolicyBasedRoute
properties:
name: my-pbr
description: My routing policy
network: ${myNetwork.id}
priority: 2302
filter:
protocolVersion: IPV4
ipProtocol: UDP
srcRange: 10.0.0.0/24
destRange: 0.0.0.0/0
nextHopIlbIp: ${ilb.address}
virtualMachine:
tags:
- restricted
labels:
env: default
myNetwork:
type: gcp:compute:Network
name: my_network
properties:
name: my-network
autoCreateSubnetworks: false
# This example substitutes an arbitrary internal IP for an internal network
# load balancer for brevity. Consult https://cloud.google.com/load-balancing/docs/internal
# to set one up.
ilb:
type: gcp:compute:GlobalAddress
properties:
name: my-ilbContent copied to clipboard
Import
PolicyBasedRoute can be imported using any of these accepted formats:
projects/{{project}}/locations/global/policyBasedRoutes/{{name}}{{project}}/{{name}}{{name}}When using thepulumi importcommand, PolicyBasedRoute can be imported using one of the formats above. For example:
$ pulumi import gcp:networkconnectivity/policyBasedRoute:PolicyBasedRoute default projects/{{project}}/locations/global/policyBasedRoutes/{{name}}Content copied to clipboard
$ pulumi import gcp:networkconnectivity/policyBasedRoute:PolicyBasedRoute default {{project}}/{{name}}Content copied to clipboard
$ pulumi import gcp:networkconnectivity/policyBasedRoute:PolicyBasedRoute default {{name}}Content copied to clipboard
Properties
Link copied to clipboard
Time when the policy-based route was created.
Link copied to clipboard
An optional description of this resource.
Link copied to clipboard
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Link copied to clipboard
The filter to match L4 traffic. Structure is documented below.
Link copied to clipboard
The interconnect attachments that this policy-based route applies to.
Link copied to clipboard
The IP address of a global-access-enabled L4 ILB that is the next hop for matching packets.
Link copied to clipboard
Other routes that will be referenced to determine the next hop of the packet. Possible values: "DEFAULT_ROUTING"
Link copied to clipboard
The priority of this policy-based route. Priority is used to break ties in cases where there are more than one matching policy-based routes found. In cases where multiple policy-based routes are matched, the one with the lowest-numbered priority value wins. The default value is 1000. The priority value must be from 1 to 65535, inclusive.
Link copied to clipboard
Link copied to clipboard
The combination of labels configured directly on the resource and default labels configured on the provider.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Time when the policy-based route was created.
Link copied to clipboard
VM instances to which this policy-based route applies to.
Link copied to clipboard
If potential misconfigurations are detected for this route, this field will be populated with warning messages. Structure is documented below.