Stay organized with collectionsSave and categorize content based on your preferences.
To connect to a resource in an external network (an on-premises network or
another Virtual Private Cloud (VPC) network), the external network and
Cloud Data Fusion instance must be connected through the same
VPC network.
To connect an external network to the Cloud Data Fusion VPC
network using Cloud VPN tunnels with border gateway protocol (BGP) routing or
VLAN attachments, do the following:
Ensure the BGP sessions on the Cloud Router managing your
Cloud VPN tunnels or VLAN attachments have received specific
prefixes (destinations) from your external network. Default routes
(destination 0.0.0.0/0) cannot be imported into the Cloud Data Fusion
VPC network because that network has its own local default
route. Local routes for a destination are always used, even though the
Cloud Data Fusion peering is configured to import custom routes from
your VPC network.
Identify the peering connectionsproduced by the private services connection. Depending on the service, the
private services connection might create one or more of the following peering
connections, but not necessarily all of them:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eCloud Data Fusion instances must be connected through the same VPC network as the external network they are accessing.\u003c/p\u003e\n"],["\u003cp\u003eConnecting an external network requires using Cloud VPN tunnels or VLAN attachments, with the VPC network connected to the external network via these methods.\u003c/p\u003e\n"],["\u003cp\u003eBGP sessions managing Cloud VPN tunnels or VLAN attachments must receive specific prefixes from the external network, and default routes are not allowed.\u003c/p\u003e\n"],["\u003cp\u003ePeering connections generated by the private services connection must be identified and updated to allow the export of custom routes.\u003c/p\u003e\n"],["\u003cp\u003eA Cloud Router custom advertised route must be created for the allocated IP range on the Cloud Routers managing BGP sessions.\u003c/p\u003e\n"]]],[],null,["# Connect to an external network\n\nTo connect to a resource in an external network (an on-premises network or\nanother Virtual Private Cloud (VPC) network), the external network and\nCloud Data Fusion instance must be connected through the same\nVPC network.\n\nTo connect an external network to the Cloud Data Fusion VPC\nnetwork using Cloud VPN tunnels with border gateway protocol (BGP) routing or\nVLAN attachments, do the following:\n\n- Ensure your VPC network is connected to the external network using a [Cloud VPN tunnel](/network-connectivity/docs/vpn/concepts/overview) or a VLAN attachment for [Dedicated Interconnect](/network-connectivity/docs/interconnect/how-to/dedicated/provisioning-overview) or [Partner Interconnect](/network-connectivity/docs/interconnect/how-to/partner/provisioning-overview).\n- Ensure the BGP sessions on the Cloud Router managing your Cloud VPN tunnels or VLAN attachments have received specific prefixes (destinations) from your external network. Default routes (destination 0.0.0.0/0) cannot be imported into the Cloud Data Fusion VPC network because that network has its own local default route. Local routes for a destination are always used, even though the Cloud Data Fusion peering is configured to import custom routes from your VPC network.\n- [Identify the peering connections](/vpc/docs/configure-private-services-access#listing-connections) produced by the private services connection. Depending on the service, the private services connection might create one or more of the following peering connections, but not necessarily all of them:\n - `datafusion-googleapis-com`\n - `servicenetworking-googleapis-com`\n- [Update all of the peering connections](/vpc/docs/using-vpc-peering#update-peer-connection) to enable Export custom routes.\n- [Identify the allocated range](/vpc/docs/configure-private-services-access#listing_allocated_ip_address_ranges) used by the private services connection.\n- [Create a Cloud Router custom advertised route](/network-connectivity/docs/router/how-to/advertising-custom-ip) for the allocated range on the Cloud Routers managing BGP sessions for your Cloud VPN tunnels or VLAN attachments.\n\nWhat's next\n-----------\n\n- Learn how to [create a private instance in Cloud Data Fusion](/data-fusion/docs/how-to/create-private-ip)."]]
