Fix typos in documentation (#2344)

* Fix typos in documentation

* use toc

---------

Co-authored-by: Alberto Geniola <geniola@google.com>
Co-authored-by: Ludo <ludomagno@google.com>

fast/stages/2-networking-a-simple/README.md

@@ -26,31 +26,46 @@ The following diagrams illustrate the high-level designs for the VPN and for the
 
 ## Table of contents
 
+<!-- BEGIN TOC -->
+- [Table of contents](#table-of-contents)
 - [Design overview and choices](#design-overview-and-choices)
   - [VPC design](#vpc-design)
   - [External connectivity](#external-connectivity)
   - [Internal connectivity](#internal-connectivity)
   - [IP ranges, subnetting, routing](#ip-ranges-subnetting-routing)
+    - [Peering specific routing setup](#peering-specific-routing-setup)
+    - [HA VPN specific routing setup](#ha-vpn-specific-routing-setup)
   - [Internet egress](#internet-egress)
   - [VPC and Hierarchical Firewall](#vpc-and-hierarchical-firewall)
   - [DNS](#dns)
 - [Stage structure and files layout](#stage-structure-and-files-layout)
   - [VPCs](#vpcs)
   - [VPNs](#vpns)
+    - [External](#external)
+    - [Internal](#internal)
   - [Routing and BGP](#routing-and-bgp)
   - [Firewall](#firewall)
   - [DNS architecture](#dns-architecture)
-  - [Private Google Access](#private-google-access)
+    - [Cloud environment](#cloud-environment)
+    - [Cloud to on-prem](#cloud-to-on-prem)
+    - [On-prem to cloud](#on-prem-to-cloud)
 - [How to run this stage](#how-to-run-this-stage)
   - [Provider and Terraform variables](#provider-and-terraform-variables)
   - [Impersonating the automation service account](#impersonating-the-automation-service-account)
   - [Variable configuration](#variable-configuration)
+  - [Choosing between peering and VPN](#choosing-between-peering-and-vpn)
+  - [Using delayed billing association for projects](#using-delayed-billing-association-for-projects)
   - [Running the stage](#running-the-stage)
   - [Post-deployment activities](#post-deployment-activities)
+    - [Private Google Access](#private-google-access)
 - [Customizations](#customizations)
   - [Changing default regions](#changing-default-regions)
   - [Configuring the VPN to on prem](#configuring-the-vpn-to-on-prem)
   - [Adding an environment](#adding-an-environment)
+- [Files](#files)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
 
 ## Design overview and choices
 
@@ -301,7 +316,7 @@ This configuration is possible but unsupported and only exists for development p
     `terraform apply -target 'module.landing-project.google_project.project[0]'`
   - untaint the project resource after applying, for example
     `terraform untaint 'module.landing-project.google_project.project[0]'`
-- go through the process to associate the billing account with the two projects
+- go through the process to associate the billing account with the three projects
 - switch `billing_account.id` back to the real billing account id
 - resume applying normally
 

fast/stages/2-networking-b-nva/README.md

@@ -14,7 +14,7 @@ It adopts the common “hub and spoke” reference design, which is well suited
 
 Connectivity between the hub and the spokes is established via [VPC network peerings](https://cloud.google.com/vpc/docs/vpc-peering), which offer uncapped bandwidth, lower latencies, at no additional costs and with a very low management overhead. Different ways of implementing connectivity, and related some pros and cons, are discussed below.
 
-The diagram shows the high-level designs of the two proposed flavors ("Simple NVA" and "NCC-RA") and it should be used as a reference throughout the following sections. 
+The diagram shows the high-level designs of the two proposed flavors ("Simple NVA" and "NCC-RA") and it should be used as a reference throughout the following sections.
 
 The final number of subnets, and their IP addressing will depend on the user-specific requirements. It can be easily changed via variables or external data files, without any need to edit the code.
 
@@ -28,50 +28,50 @@ The final number of subnets, and their IP addressing will depend on the user-spe
   </br>NCC-RA diagram
 </p>
 
-
 ## Table of contents
 
-- [Networking with Network Virtual Appliance](#networking-with-network-virtual-appliance)
-  - [Table of contents](#table-of-contents)
-  - [Design overview and choices](#design-overview-and-choices)
-    - [Multi-regional deployment](#multi-regional-deployment)
-    - [VPC design](#vpc-design)
-      - [Simple NVA](#simple-nva)
-      - [NCC-RA](#ncc-ra)
-    - [External connectivity](#external-connectivity)
-    - [Internal connectivity](#internal-connectivity)
-    - [IP ranges, subnetting, routing](#ip-ranges-subnetting-routing)
-      - [Simple NVA](#simple-nva-1)
-      - [NCC-RA](#ncc-ra-1)
-    - [Internet egress](#internet-egress)
-    - [VPC and Hierarchical Firewall](#vpc-and-hierarchical-firewall)
-    - [DNS](#dns)
-  - [Stage structure and files layout](#stage-structure-and-files-layout)
-    - [VPCs](#vpcs)
-    - [VPNs](#vpns)
-    - [Routing and BGP](#routing-and-bgp)
-      - [Simple NVA](#simple-nva-2)
-      - [NCC-RA](#ncc-ra-2)
-    - [Firewall](#firewall)
-    - [DNS architecture](#dns-architecture)
-      - [Cloud environment](#cloud-environment)
-      - [Cloud to on-prem](#cloud-to-on-prem)
-      - [On-prem to cloud](#on-prem-to-cloud)
-  - [How to run this stage](#how-to-run-this-stage)
-    - [Provider and Terraform variables](#provider-and-terraform-variables)
-    - [Impersonating the automation service account](#impersonating-the-automation-service-account)
-    - [Variable configuration](#variable-configuration)
-    - [Using delayed billing association for projects](#using-delayed-billing-association-for-projects)
-    - [Running the stage](#running-the-stage)
-    - [Post-deployment activities](#post-deployment-activities)
-      - [Private Google Access](#private-google-access)
-  - [Customizations](#customizations)
-    - [Changing default regions](#changing-default-regions)
-    - [Configuring the VPNs to on prem](#configuring-the-vpns-to-on-prem)
-    - [Adding an environment](#adding-an-environment)
-  - [Files](#files)
-  - [Variables](#variables)
-  - [Outputs](#outputs)
+<!-- BEGIN TOC -->
+- [Table of contents](#table-of-contents)
+- [Design overview and choices](#design-overview-and-choices)
+  - [Multi-regional deployment](#multi-regional-deployment)
+  - [VPC design](#vpc-design)
+    - [Simple NVA](#simple-nva)
+    - [NCC-RA](#ncc-ra)
+  - [External connectivity](#external-connectivity)
+  - [Internal connectivity](#internal-connectivity)
+  - [IP ranges, subnetting, routing](#ip-ranges-subnetting-routing)
+    - [Simple NVA](#simple-nva)
+    - [NCC-RA](#ncc-ra)
+  - [Internet egress](#internet-egress)
+  - [VPC and Hierarchical Firewall](#vpc-and-hierarchical-firewall)
+  - [DNS](#dns)
+- [Stage structure and files layout](#stage-structure-and-files-layout)
+  - [VPCs](#vpcs)
+  - [VPNs](#vpns)
+  - [Routing and BGP](#routing-and-bgp)
+    - [Simple NVA](#simple-nva)
+    - [NCC-RA](#ncc-ra)
+  - [Firewall](#firewall)
+  - [DNS architecture](#dns-architecture)
+    - [Cloud environment](#cloud-environment)
+    - [Cloud to on-prem](#cloud-to-on-prem)
+    - [On-prem to cloud](#on-prem-to-cloud)
+- [How to run this stage](#how-to-run-this-stage)
+  - [Provider and Terraform variables](#provider-and-terraform-variables)
+  - [Impersonating the automation service account](#impersonating-the-automation-service-account)
+  - [Variable configuration](#variable-configuration)
+  - [Using delayed billing association for projects](#using-delayed-billing-association-for-projects)
+  - [Running the stage](#running-the-stage)
+  - [Post-deployment activities](#post-deployment-activities)
+    - [Private Google Access](#private-google-access)
+- [Customizations](#customizations)
+  - [Changing default regions](#changing-default-regions)
+  - [Configuring the VPNs to on prem](#configuring-the-vpns-to-on-prem)
+  - [Adding an environment](#adding-an-environment)
+- [Files](#files)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
 
 ## Design overview and choices
 
@@ -114,10 +114,12 @@ Users can easily extend the design to host additional environments, or adopt dif
 In multi-organization scenarios, where production and non-production resources use different Cloud Identity and GCP organizations, the hub/landing VPC is usually part of the production organization. It establishes connections with the production spokes within the same organization, and with non-production spokes in a different organization.
 
 #### Simple NVA
+
 The VPCs are connected with two sets of sample NVA machines, grouped in regional (multi-zone) [Managed Instance Groups (MIGs)](https://cloud.google.com/compute/docs/instance-groups). The appliances are plain Linux machines, performing simple routing/natting, leveraging some standard Linux features, such as *ip route* or *iptables*. The appliances are suited for demo purposes only and they should be replaced with enterprise-grade solutions before moving to production.
 The traffic destined to the VMs in each MIG is mediated through regional internal load balancers, both in the landing and in the dmz networks.
 
-#### NCC-RA 
+#### NCC-RA
+
 The VPCs connect through two sets of sample NVA machines: one per region, each containing two instances. The appliances run [Container-Optimized OS](https://cloud.google.com/container-optimized-os/docs) and a container with [FRRouting](https://frrouting.org/).
 
 We leverage NCC-RA to allow the NVAs to establish BGP sessions with Cloud Routers in the untrusted and in the trusted VPCs. This allows Cloud Routers to advertise routes to the NVAs, and the NVAs to announce routes to the Cloud Router, so it can program them in the VPC.
@@ -132,7 +134,6 @@ NVAs establish **extra BGP sessions with both cross-regional NVAs**. In this cas
 
 Following the majority of real-life deployments, **we assume appliances to be stateful and not able to synchronize sessions between multiple NVAs within the same regional cluster**. For this reason, within each regional cluster, NVAs announce the same routes with different MED costs (1 point of difference between the primary and the secondary). This will cause traffic to go deterministically through one applaiance at the time within each region. You can change this default behavior modifying the cost settings in the [NVAs BGP configuration file](./data/bgp-config.tftpl).
 
-
 ### External connectivity
 
 External connectivity to on-prem is implemented leveraging [Cloud HA VPN](https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies) (two tunnels per region). This is what users normally deploy as a final solution, or to validate routing and to transfer data, while waiting for [interconnects](https://cloud.google.com/network-connectivity/docs/interconnect) to be provisioned.
@@ -204,6 +205,7 @@ The Cloud Routers (connected to the VPN gateways in the landing VPC) are configu
 - for cross-environment (spokes) communications, and for connections to on-premises and to the Internet, the spokes leverage some default tagged routes that send the traffic of each region (whose machines are identified by a dedicated network tag, e.g. *ew1*) to a corresponding regional NVA in the landing VPC, through an ILB (whose VIP is set as the route next-hop)
 - the spokes are configured with backup default routes, so if the NVAs in the same region become unavailable, more routes to the NVAs in the other region are already available. Current routes are not able to understand if the next-hop ILBs become unhealthy. As such, in case of a regional failure, users will need to manually withdraw the primary default routes, so the secondaries will take over
 - the NVAs are configured with static routes that allow the communication with on-premises and between the GCP resources (including the cross-environment communication)
+
 #### NCC-RA
 
 - routes between multiple subnets within the same VPC are automatically exchanged by GCP
@@ -276,9 +278,11 @@ Each VPC network ([`net-vpc`](../../../modules/net-vpc)) manages a separate rout
 BGP sessions for landing to on-premises are configured through the variable `vpn_onprem_configs`.
 
 #### Simple NVA
+
 Static routes are defined in `vpc-*.tf` files in the `routes` section of each `net-vpc` module.
 
-#### NCC-RA 
+#### NCC-RA
+
 NCC/Cloud Router BGP settings are defined in `ncc.tf`.
 NVA BGP settings are defined in the [bpg-config.tftpl template file](./data/bgp-config.tftpl).
 The local `ncc_asn` allows to change the Autonomous System Number (ASN) assigned to the DMZ Cloud Routers, to the landing VPC Cloud Routers and to the NVAs.
@@ -379,7 +383,7 @@ This configuration is possible but unsupported and only exists for development p
     `terraform apply -target 'module.landing-project.google_project.project[0]'`
   - untaint the project resource after applying, for example
     `terraform untaint 'module.landing-project.google_project.project[0]'`
-- go through the process to associate the billing account with the two projects
+- go through the process to associate the billing account with the three projects
 - switch `billing_account.id` back to the real billing account id
 - resume applying normally
 

fast/stages/2-networking-c-separate-envs/README.md

@@ -16,6 +16,8 @@ The following diagram illustrates the high-level design, and should be used as a
 
 ## Table of contents
 
+<!-- BEGIN TOC -->
+- [Table of contents](#table-of-contents)
 - [Design overview and choices](#design-overview-and-choices)
   - [VPC design](#vpc-design)
   - [External connectivity](#external-connectivity)
@@ -29,16 +31,23 @@ The following diagram illustrates the high-level design, and should be used as a
   - [Routing and BGP](#routing-and-bgp)
   - [Firewall](#firewall)
   - [DNS architecture](#dns-architecture)
-  - [Private Google Access](#private-google-access)
+    - [Cloud to on-prem](#cloud-to-on-prem)
+    - [On-prem to cloud](#on-prem-to-cloud)
 - [How to run this stage](#how-to-run-this-stage)
   - [Provider and Terraform variables](#provider-and-terraform-variables)
   - [Impersonating the automation service account](#impersonating-the-automation-service-account)
   - [Variable configuration](#variable-configuration)
+  - [Using delayed billing association for projects](#using-delayed-billing-association-for-projects)
   - [Running the stage](#running-the-stage)
   - [Post-deployment activities](#post-deployment-activities)
+    - [Private Google Access](#private-google-access)
 - [Customizations](#customizations)
   - [Configuring the VPNs to on prem](#configuring-the-vpns-to-on-prem)
   - [Changing default regions](#changing-default-regions)
+- [Files](#files)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
 
 ## Design overview and choices