Scribd
Upload
24 views

02.VPC

The document provides an overview of Google Cloud Platform (GCP) Network Services, detailing components such as VPC, subnets, firewall, routes, and VPC peering. It explains the specifications and functionalities of VPC networks, including their global nature and the regional aspect of subnets, as well as the importance of DNS resolution and routing. Additionally, it covers Shared VPC, which allows resource sharing across projects, and highlights network pricing and common design strategies for enhanced availability and isolation.

Uploaded by

Shubham Dalvi
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
24 views

02.VPC

The document provides an overview of Google Cloud Platform (GCP) Network Services, detailing components such as VPC, subnets, firewall, routes, and VPC peering. It explains the specifications and functionalities of VPC networks, including their global nature and the regional aspect of subnets, as well as the importance of DNS resolution and routing. Additionally, it covers Shared VPC, which allows resource sharing across projects, and highlights network pricing and common design strategies for enhanced availability and isolation.

Uploaded by

Shubham Dalvi
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 26

Network services

Shubham R. Dalvi
GCP Network Services

1.VPC

2.Subnets

3. Firewall

4.Routes

5. VPC peering

6.Shared VPC
VPC Network
A Virtual Private Cloud network, sometimes just called a
"network," is a virtual version of a physical network, like a data
center network.

It provides connectivity for your Compute Engine virtual machine


(VM) instances, Kubernetes Engine clusters, App Engine Flex
instances, and other resources in your project.

1. Default
2. Auto
3. Custom
VPC network types
VPC Specifications

VPC is Global service.

VPC components -

Subnets , Load balancers, NAT, Firewall, Routers, DNS,


VPC peering etc.

Default quota is 5 VPC per project.


Subnet

Subnet is associated with region.

A network must have at least one subnet before you can use it.
Auto mode networks create subnets in each region automatically.

Custom mode networks start with no subnets, giving you full


control over subnet creation. You can create more than one
subnet per region.

Resources must be placed inside subnet.


Subnet Specification

● Cannot overlap with other


subnets

● Must be inside the RFC 1918


address spaces

● Can expand but not shrink

● Auto mode can be expanded


from /20 to /16

● Avoid large subnets


VPC and Subnet Representation

VPC networks are global and subnets are regional


Network Isolation
Hybrid Connectivity
IP addresses
DNS resolution for internal addresses

Each instance has a hostname that can be resolved to an internal IP


address:
● The hostname is the same as the instance name.
● FQDN is [hostname].[zone].c.[project-id].internal
Example: my-server.us-central1-a.c.guestbook-151617.internal

Name resolution is handled by internal DNS resolver:


● Provided as part of Compute Engine (169.254.169.254).
● Configured for use on instance via DHCP.
● Provides answer for internal and external addresses
Host DNS zones using Cloud DNS

● Google's DNS service

● Translate domain names into IP


address

● Low latency

● High availability (100% uptime SLA)

● Create and update millions of DNS


records

● UI, command line, or API


Routes

Indicates the way to go outside of network (next hop).

Internal routing inside VPC is by default enabled.

Routes are automatically added whenever new gateway is added.

Custom routes can be added.


Routes

● Apply to traffic egressing a VM.

● Forward traffic to most specific route.

● Are created when a subnet is created.

● Enable VMs on same network to


communicate.

● Destination is in CIDR notation.

● Traffic is delivered only if it also


matches a firewall rule.
Instance routing tables
Firewall

Control inbound and outbound rule.

Ability allow or deny.

Working based on network tags.

Tags are associated with instances.

Every rule have a priority (0-65535)


Firewall Parameters
Network pricing (subject to change)
Shared VPC

Shared VPC allows an organization to connect resources from


multiple projects to a common VPC network, so that they can
communicate with each other securely and efficiently using internal
IPs from that network.

When you use Shared VPC, you designate a project as a host


project and attach one or more other service projects to it.

The VPC networks in the host project are called Shared VPC
networks.
VPC Peering

Google Cloud Platform (GCP) Virtual Private Cloud (VPC) Network


Peering allows private RFC 1918 connectivity across two VPC
networks regardless of whether or not they belong to the same
project or the same organization.

Traffic stays within Google's network and doesn't traverse the


public internet.
Network Tiers

Premium Tier

Standard Tier
http://2.bp.blogspot.com/-Za3HWtGbQK8/WZ3TuWoVxzI/AAAAAAAAETc/bkqmGj9TBXYGTMO6naL3t_pRh_LIz7XtACK4BGAYY
Cw/s1600/image2.gif
Common
network
designs
Increased availability with multiple zones
Project Globalization with multiple regions
Instance isolation with bastion host

You might also like