VPC Network

Network and Subnetworks

Default type is also the type of auto mode network
All the subnet fits within 10.128.0.0/9 CIDR block
When new Google Cloud regions become available, new subnets in those regions are automatically added to auto mode networks using the IP range from that block.
Network range cannot be overlapped within the same network
Custom mode cannot be changed to auto mode, but auto mode can be changed into custom mode
the first and second addresses in the range, .0 and .1, are reserved for the network and the subnet's gateway respectively. This makes the first and second available addresses .2 and .3 which are assigned to the VM instances. Other reserved addresses in every subnet are the second-to-last address in the range and the last address which are reserved as the broadcast address. every subnet has four reserved IP addresses in its primary IP range
Google Cloud VPCs that you increase the IP address space of any subnet without any workload shutdown or down time.

If all firewall rules in a network are deleted, there is still an implied deny all ingress rule and an implied allow all egress rule for the network.
Here is the explanation of the field on firewall set up

We can decide whether it is egress type or ingress, but also set up the condition that which port or protocol should be limited, whether the rule is blocking or allowing and the range of the vm within the network

Destination ranges is to protect from undesired connections initiated by a VM instance towards an external host

Source CIDR ranges can be used to protect an instance from undesired connections coming either from external networks or from GCP IP ranges.
Here is the default firewall rule when auto mode network is created

Cloud NAT lets you provision your application instances without public IP addresses, while also allowing them to access the internet in a controlled and efficient manner.

Shared VPC connects projects within the same organization. Linked projects can be in the same or different folders, but if they are in different folders the admin must have Shared VPC Admin rights to both folders.
When using shared VPC, you designate a project as a host project and attach one or more other service projects to it. Subnets of the Shared VPC networks in the host project are accessible by Service Project Admins
In this case, the web application service project is the host project and the three other projects are the service projects.

VPC network peering in contrast, allows private RFC 1918 connectivity across two VPC networks, regardless of whether they belong to the same project or the same organization.
VPC network peering is a decentralized or distributed approach to multi project networking. each VPC network may remain under the control of separate administrator groups and maintains its own global firewall and routing tables.

DNS system is a database that store information including ip address, so that it can be used to convert human-readable name into ip address

Cloud VPN securely connects your peer network to your Virtual Private Cloud (VPC) network through an IPsec VPN connection. Traffic traveling between the two networks is encrypted by one VPN gateway and then decrypted by the other VPN gateway.
When using Cloud VPN is that the maximum transmission unit or MTU, for your on-premises VPN gateway cannot be greater than 1460 bytes.

In order to use dynamic routes you need to configure Cloud Routers
Cloud router can manage routes from a cloud VPN tunnel using Border Gateway Protocol or BGP to allows for routes to be updated and exchanged without changing the tunnel configuration.

The frontend is where your application interacts with requests and forwards the traffic to the URL map.
The next component is the URL map, which has path-based routine configuration to send traffic to one or more backend services. A URL map can match parts or hosts in the request to send traffic to different backend services.
Cloud Run services can be a backend, as can other services on Google Cloud.

Last updated 1 year ago

Was this helpful?