Your organization has a hybrid cloud environment with an on-premises data center connected to Google Cloud via Cloud VPN. The VPN tunnel uses BGP with Cloud Router for dynamic routing. You need to increase the throughput between on-premises and GCP to support a new batch processing workload that transfers 20 Gbps of data. The on-premises gateway hardware supports multiple IPsec tunnels and ECMP (Equal-Cost Multi-Path). You want to maximize throughput without changing the existing on-premises equipment or network topology. Which solution should you implement?
Adds more tunnels to increase bandwidth without hardware replacement.
Why this answer
Option D is correct because creating additional VPN tunnels to the same Cloud Router and enabling ECMP allows the on-premises gateway to distribute traffic across multiple IPsec tunnels, effectively aggregating bandwidth up to the supported limit (e.g., 3 Gbps per tunnel, with up to 4 tunnels for 12 Gbps, or more with higher limits). This leverages the existing on-premises hardware's support for multiple tunnels and ECMP without requiring topology changes, and Cloud Router automatically handles BGP multipath to load-balance traffic across the tunnels.
How to eliminate wrong answers
Option A is wrong because Dedicated Interconnect requires physical cross-connects and changes to on-premises equipment or topology, contradicting the requirement to not change existing equipment or topology. Option B is wrong because Cloud NAT provides outbound internet connectivity for private instances and does not affect VPN throughput or load balancing. Option C is wrong because Cloud VPN gateway size (e.g., Classic VPN vs.
HA VPN) does not have a 'larger size' option; HA VPN already supports up to 3 Gbps per tunnel, and scaling throughput requires multiple tunnels with ECMP, not a single gateway upgrade.