This lab walks you through GCP Virtual Private Cloud (VPC) creation using Auto subnet creation mode.
Duration: 45 minutes
VPC stands for Virtual Private Cloud.
A Virtual Private Cloud (VPC) network is a cloud version of a physical network, enforced within Google's network
Incoming and Outgoing Traffic from instances can be controlled using firewall rules that can be configured while creating VPC Network.
Resources in a VPC network can communicate with each other using internal i.e. Private IPv4 addresses, but firewall rules should be set accordingly.
Instances with internal IP addresses and no external IP address can communicate with external Google APIs and services using the Private Google Access option.
VPC networks can be connected easily to another VPC network in different projects or organizations by using VPC Network Peering.
VPC networks - Global
Routes - Global
Firewall rules - Global
Subnets - Regional
Generally, each network is divided into multiple useful IP range partitions called subnets (to avoid overhead and maintenance and to provide more security for different departments). VPC networks do not have IP addresses associated with them. IP address ranges are associated with the subnets only.
When you spin up any resource in the Google Cloud, you always choose a network and subnet. You have to choose a zone or a region also depending on the resource. By selecting a zone, it automatically picks up its parent region. Subnets are also regional resources and by selecting a region for your resources (like VMs), it will automatically pick what subnet it can use.
For example, the process of spinning up a VM instance involves selecting a name, machine type, zone, a network, and a subnet. After choosing the region, you will see you can select only available subnets are in that region. Google Cloud automatically assigns the IP address to that instance from the available addresses duly selecting the range from that subnet.
There are two ways to create Subnets, in this lab we will discuss Auto-mode.
Whenever a VPC network is created with auto mode, one subnet per region is created automatically within it and they always use a set of predefined IP address ranges that fit within the 10.128.0.0/9 CIDR block. Whenever any new region becomes available, the new subnets are added automatically to VPC networks in those regions by using an IP address range from the above CIDR block. In addition to these subnets, you can add more subnets manually in auto mode VPC networks in regions that you choose by using IP ranges outside of 10.128.0.0/9.
Each VPC network has an associated dynamic routing mode that controls the behavior of all of its Cloud Routers.
A Cloud Router is associated with a specific VPC network and region
In the Regional mode, routes learned by the Cloud Router only applies to the subnets existing in the same region in which Cloud Router exists.
For Global mode, Let's try to understand with the help of an example: You have your On-prem data center in the Mumbai region and your VM and Cloud Router are in the us-west1 region in GCP and both are able to communicate with each other and Dynamic Routing is regional by default and Dynamic Routing is configured at VPC level, not at Subnet level.
Now, you have a requirement to add a subnet in the us-central1 region and a VM in us-central1 region, if you try to communicate with your On-prem Data center, you will not be able to do so. The reason is you have chosen Region Dynamic Routing which means, if you create any new subnet in us-west1, it automatically adds routes to the On-prem data center but if you create a subnet in the us-central1 region, it won't add any routes in the On-prem data center.
Now you have to edit your VPC and change the dynamic routing to switch to Global. Your VM in us-central1 will now be able to communicate with the On-prem data center.
Login into GCP Console.
Creating a VPC using the auto mode.
Choosing Dynamic Routing.
Creating a VM Instance and testing SSH into Instance.