Let’s look into routing within the GCP. As a reminder, this section does not cover the basics of network routing in general but talks about how routes are defined within the GCP environment. A route is a networking mapping of an IP range to its destination. Every network in GCP has routes in places that allow an instance to send traffic to each other or even across multiple subnets across different regions. Along with these routes, every network has a default route that directs traffic to outside the network. If you want to change the default route, you can do so by overriding it with a custom static route. If a route is in place, the only way to prevent an instance from talking to another instance is by using firewall rules. We will learn more about firewall rules in the next section.

When you create a VPC network, a default route for internet traffic (0/0) is created. For each subnet you create, one route is created for all local traffic and also for communication of instances between multiple subnets within a VPC network. If you create a static route for an IP address range that overlaps with the subnet’s IP address range, then such a static route is automatically disabled. GCP does this to protect inter-vm communication within a VPC network.

It is important to note that every route has a priority value associated with it. This priority value is used to break ties in cases where there is more than one matching route. A lower value is higher priority, so a priority of 100 gets precedence over a priority value of 200. The default priority value is 1,000.

For any packets that are being routed and sent to the internet, the instance must have a public IP address. If there is a route that routes all your private instance traffic to an internet gateway, such packets will be dropped because your instance does not have a public IP address.

Click on Routes to list all the current routes in place for your VPC network. You can click on Create a route to create a custom route for a specific network. This route can have its next hop, a default gateway, or even a VPN tunnel:

