loading...

Google Cloud Platform – VPC networks

install phpMyAdmin On CentOS 8

VPC—a Google virtual network that acts and behaves just like a physical network in a data center. VPC provides the connectivity for your virtual machine instances in the compute engine, your Kubernetes engine clusters, and other resources that you may have. Every project that you create gets a default virtual network, which has one subnet assigned to each region, and you can create more virtual networks depending on your needs. This is how the VPC network logo looks:

When you create a VPC network, its scope is global, that is, VPC networks are not tied down or associated to a specific zone or a region. While the VPC network, all routes and associated firewall rules are global, the subnetworks (subnets) created are limited to the region. All resources created within a VPC can talk to each other using the internal private IP addresses, provided they are not blocked by firewall rules. Your instances can also talk to Google’s API by using private IP addresses if you enable Private Google access to them.

Private Google access allows an instance to communicate with Google’s APIs over internal private IP addressing, instead of a public IP address.

It is important to note that VPC networks only support IPv4 unicast traffic. Multicast, broadcast or IPv6 traffic is not supported by VPC networks. You can, however, use IPv6 addresses to reach resources in a VPC network. For example, if your server needs a database, you can deploy the server in a datacenter that supports IPv6 while the database can be deployed in GCP. The server can communicate with the database that is configured with a IPv4 address.

Core networking concepts such as routing and subnets are outside the scope of this book.

You can further divide a VPC into subnets that are partitions in a network. These subnets are associated with a particular region and more than one subnet can be created in a region. It is important to note that there are two types of VPC networks—auto mode and custom mode. When an auto mode VPC is created, one subnet is automatically created inside each region using predefined IP ranges that fit within a 10.128.0.0/9 block. In a custom mode VPC network, no subnets are created and it is up to you to create your own subnets in the IP ranges that best suit your needs. You will have complete control over the subnets in a custom mode VPC network. The default in each project is auto mode VPC networks and these can be converted to a custom mode VPC network but this action cannot be reversed.

When creating an instance, you select a zone, a network, and a subnet. The subnets you will see here are restricted to the region where you are deploying that instance. These allocations are subject to resource quota limits applicable to VPC networks. These limits cannot be increased:

Item

Quota or limit

Amount

VPC Networks per project

Quota

5

VM Instances per VPC network

Limit

7,000

VM Instances per subnet

No separate limit

 

 

Let’s look at an example to create a VPC network called vpc-network1:

  1. Log in to your Google Cloud console and click on VPC Network in the side menu. You will see a default VPC network. This default network does count against your quota so you can delete it and create a new one.
  1. Click on Create a VPC network:
  1. Here, selecting Automatic subnet creation will automatically assign an IP address range in all the regions. When you deploy resources in any of these regions, Google will assign that resource an IP address from this predefined range.
  1. If you want to create a custom subnet, click on the Custom tab to select a Region and define your own subnet range:
  1. You can enable Private Google access, which gives you access to Google APIs from your internal IP address without the need to have public access. You can also add multiple custom subnets as needed.
  2. You can select any firewall rules that apply to your environment. These rules are readily available to create your environment in a secure way.
  1. Next, select Dynamic routing mode, where the Regional option allows cloud routers to learn routes in the region they are created, and the Global option allows you to dynamically learn routes from all regions over a single VPN. The routing option here only applies when a cloud router is deployed and is in use.
  2. Click Create when done to create your VPC network. (We selected the Automatic subnet creation mode.):

I also went ahead and created another VPC network called vpc-network2 with two custom subnets, one is us-central1 region and the other is europe-west1 region:

Let’s briefly look at some of the other networking features:

External IP addresses allows you to Reserve a static address in a region and attach it to a virtual machine instance or a load balancer instance:

Let’s explore the rest of the menu as we learn more about each one of these features.

Comments are closed.

loading...