Master GCP Networking and VPC: The Ultimate Guide for Cloud Engineers
In this blog, join me🚀 as I walk you through the basics of setting up a virtual private cloud (VPC) on the Google Cloud Platform (GCP). I’ll show you how to configure subnets, firewall rules, and other essential components to get started. Wanna know how? 🤷♀️
🎯 If you would like to see the VPC concepts in action! Watch our YouTube video for a demonstration of how to set up a VPC with all the necessary networking components and get a better understanding of how they work together
What is a Virtual Private Cloud? VPC network is a logically isolated network on GCP. You can think of a VPC network the same way as a physical one, except that it is virtualized within Google Cloud.
What is a Subnet?
Subnets are regional resources and have IP address ranges associated with them. Subnets should not have an overlapping IP address range. Make sure you carefully select the subnet range. If you would like to know more about calculating Ips in a subnet range and what a subnet mask is, feel free to check out the video I published. If IPs in a subnet are later exhausted, we can extend the subnet range by editing it.
Significance of Subnet
When you provision a compute engine instance, you select the zone in which it must be provisioned. Selecting the zone implicitly selects its region, and the region you select for a resource determines the subnets it can use. So, In this example, when you provision two GCE instances in zone us-west-1A, it determines that its region is in US_WEST1 and will provision it in the subnet that is part of US-WEST1.
Similarly, when you provision instances in US-EAST-1A, they will be provisioned in the Region US-EAST-1 and part of subnet2 and subnet3. A zone is a collection of data centers in a geographical location, and a region is a collection of multiple zones located miles apart. You deploy your workload in multiple zones and regions for high availability and fault tolerance.
What are Firewall rules, and why are they important?
After you create a network, you can create firewall rules to allow or deny traffic between resources in the network, such as communication between VM instances. You also use firewall rules to control what traffic leaves or enters the VPC network to or from the internet.
A Sample Firewall rule below allows ingress for ICMP and SSH traffic from all sources.
- Type states whether it's an Ingress(Inbound) rule or an Egress(Outbound) rule.
- Rule priority defines which rule should be evaluated first. The lower the number, the higher the priority. For instance, a Firewall rule with priority 1000 will be evaluated before the rule with priority 65535.
- The target defines whether the rule is applied to a single instance, multiple instances, or all the instances in the network. Network tags can be used here to select multiple instances.
- Source signifies the inbound source CIDR range from where the traffic is allowed/denied.
- The destination is populated in case of an Egress rule and signifies the destination CIDR range.
- Protocols and Ports define the port for which the traffic is allowed/denied e.g. Port 22 for SSH, port 80 for HTTP, and so on.
- Action is either Allow or Deny.
🙏Thank you for following along with the tutorial so far. If you found this blog helpful, please don’t forget to give it a clap or two. If you want to stay updated on my future content, follow me and consider subscribing to my YouTube channel. Good luck 👍 on your journey with GCP learning and certifications, and don’t hesitate to reach out if you have any questions or need additional support.
