VPC Network
Last updated
Was this helpful?
Last updated
Was this helpful?
Default type is also the type of auto mode network
All the subnet fits within 10.128.0.0/9 CIDR block
When new Google Cloud regions become available, new subnets in those regions are automatically added to auto mode networks using the IP range from that block.
Network range cannot be overlapped within the same network
Custom mode cannot be changed to auto mode, but auto mode can be changed into custom mode
the first and second addresses in the range, .0 and .1, are reserved for the network and the subnet's gateway respectively. This makes the first and second available addresses .2 and .3 which are assigned to the VM instances. Other reserved addresses in every subnet are the second-to-last address in the range and the last address which are reserved as the broadcast address. every subnet has four reserved IP addresses in its primary IP range
Google Cloud VPCs that you increase the IP address space of any subnet without any workload shutdown or down time.
If all firewall rules in a network are deleted, there is still an implied deny all ingress rule and an implied allow all egress rule for the network.
Here is the explanation of the field on firewall set up
We can decide whether it is egress type or ingress, but also set up the condition that which port or protocol should be limited, whether the rule is blocking or allowing and the range of the vm within the network
Destination ranges is to protect from undesired connections initiated by a VM instance towards an external host
Source CIDR ranges can be used to protect an instance from undesired connections coming either from external networks or from GCP IP ranges.
Here is the default firewall rule when auto mode network is created
Cloud NAT lets you provision your application instances without public IP addresses, while also allowing them to access the internet in a controlled and efficient manner.
When using shared VPC, you designate a project as a host project and attach one or more other service projects to it. Subnets of the Shared VPC networks in the host project are accessible by Service Project Admins
In this case, the web application service project is the host project and the three other projects are the service projects.
VPC network peering in contrast, allows private RFC 1918 connectivity across two VPC networks, regardless of whether they belong to the same project or the same organization.
VPC network peering is a decentralized or distributed approach to multi project networking. each VPC network may remain under the control of separate administrator groups and maintains its own global firewall and routing tables.
DNS system is a database that store information including ip address, so that it can be used to convert human-readable name into ip address
The name server that containing domain information, such as ip
The ip address that the domain name points to (ip v4 format)
The other domain name that points to other domain name
Use case: share the same ip address to multiple different domain names
When using Cloud VPN is that the maximum transmission unit or MTU, for your on-premises VPN gateway cannot be greater than 1460 bytes.
In order to use dynamic routes you need to configure Cloud Routers
Cloud router can manage routes from a cloud VPN tunnel using Border Gateway Protocol or BGP to allows for routes to be updated and exchanged without changing the tunnel configuration.
Here is the decision tree
The frontend is where your application interacts with requests and forwards the traffic to the URL map.
The next component is the URL map, which has path-based routine configuration to send traffic to one or more backend services. A URL map can match parts or hosts in the request to send traffic to different backend services.
Cloud Run services can be a backend, as can other services on Google Cloud.
Shared VPC connects projects within the same . Linked projects can be in the same or different , but if they are in different folders the admin must have rights to both folders.
Cloud VPN securely connects your peer network to your through an connection. Traffic traveling between the two networks is encrypted by one VPN gateway and then decrypted by the other VPN gateway.
