How to build custom VPC in GCP

Lab Details:

  1. This lab walks you through GCP Virtual Private Cloud (VPC) creation using Custom subnet creation mode.

  2. Make sure, you have completed the previous lab about Building VPC using Auto subnet creation mode. This lab is in continuation of the previous lab. If you have not completed the previous lab, we recommend you complete the previous lab first. 

  3. In this lab, we will create and use Firewall rules manually.

  4. Duration: 45 minutes

Ways to create a VPC:

  • There are two ways to create Subnets, in this lab we will discuss Custom-mode.
  • Whenever any custom mode VPC network is created, no subnets are created automatically. This type of network setup helps you with customized settings over its subnets and IP ranges. You can decide the regions in which subnet has to be created and the range of IP Address.

Why you should choose Private Google Access?

  • VM instances that only have internal IP addresses and no external IP address, can use Private Google Access to reach the external IP address of Google services. Enabling Private Google Access helps you save your egress traffic costs. 

  • In case you have disabled the Private Google Access, now VM instances can no longer access Google services, they will be able to send traffic within the VPC network, if you still want to access Google services then you have to configure external IP Address.

  • Private Google Access has no impact on instances that have external IP addresses too. Instances with an external IP address will access the web. They do not need any explicit setup to send requests to the external IP address of Google Apis and services.

  • You can enable Private Google Access on a subnet by subnet basis, not on the whole network, it is a setting for subnets in a VPC network. 

Architecture Diagram:

  • A Firewall Rule has been created to allow egress to 0.0.0.0/0 mainly for Google APIs and services.

  • VM A1 located in the subnet-a can access the Google APIs and services because subnet-a has Private Google Access enabled and it has no external IP address which can be disabled while configuring Networking Interface for VM Instance, You can set the external IP address to None. By default, it is set to Ephemeral. 

  • VM B1 located in subnet-b cannot access Google APIs and services because it only has an internal IP address and Private Google Access is disabled for subnet-b.

  • VM A2 and VM B2 can both access Google APIs and services because they each have external IP addresses. Turning on Private Google Access will have no effect because both already have external IP addresses.

Lab Tasks:

  1. Login into GCP Console.

  2. Creating a VPC using the Custom mode.

  3. Choosing Private Google Access.

  4. Creating a VM Instance and Test.



Join Whizlabs_Hands-On to Read the Rest of this Lab..and More!

Step 1 : Login to My-Account
Step 2 : Click on "Access Now" to view the course you have purchased
Step 3 : You will be taken to our Learn Management Solution (LMS) to access your Labs,Quiz and Video courses