Gen AI (Gemini) for Networking

Problem — If you are an application developer and do not have much experience working with Cloud networking , then you need a collaborator or in-built tools which can help you to deploy and configure cloud networking constructs such as VPC, subnets, GKE networking parameters etc.

Objective — This blog will help you learn how to use Gemini (earlier called Duet AI for GCP) for Google Cloud, an AI-powered collaborator tool in Google Cloud, to create and modify a Virtual Private Cloud (VPC) network, subnets etc. This blog is intended for network engineers of any experience level or developers who want to make use of Gemini in the GCP console to deploy networking constructs.

Introduction — Gemini is an always-on collaborator or buddy in Google Cloud console that offers generative AI-powered assistance to a wide range of users like network engineers , developers and data engineers. To provide an integrated assistance experience, Gemini is embedded in many Google Cloud products and can be used within the GCP console. Earlier it was called duet AI for GCP.

Make sure that Gemini is enabled in the GCP project, for that you need to enable “Cloud AI Companion API ‘’, and grant the “Cloud AI Companion User” and “Service Usage Consumer” IAM roles to users or service accounts. Please refer to this document for detailed step-by-step instructions.

https://cloud.google.com/gemini/docs/discover/set-up-gemini

Once Gemini is enabled in GCP console, you will see Gemini AI Chat icon at the top right of the console as show below in the screenshot (pointing red arrow),

If you click that Gemini chat icon, chat prompt will appear as shown below, you can ask any question related to GCP products or services or even gcloud commands as I will show you later in the blog.

Now, let’s create some GCP cloud networking related services using Gemini. All the screenshots presented in this blog are taken from my live GCP console while using Gemini. You can follow the same steps, and you will see the same result.

Creating VPC — Consider you want to create your first VPC using gcloud command but you don’t know the command. One way is to refer to documentation , but using Gemini you can know the exact command to deploy a VPC without leaving the GCP console.

Enter following in the prompt,

“What is the gcloud command to create a VPC network in Google Cloud?”

As you can see with such a simple prompt , you get the gcloud command to create VPC, but remember you still need to change the variables like in this example, NETWORK_NAME.

Now, enter the following in the prompt and see,

“What is the gcloud command to create VPC network name sample in Google Cloud?”

This time you see that, you do not even need to change the variable which is NETWORK_NAME in this case. Gemini is able to provide the exact command with the name of the network (sample in this case) which can be just copy and paste in the cloud shell or any other IDE environment you are using.

Creating subnets — now, let’s create subnets using Gemini.

Enter below in the prompt, and we don’t want to change any variable like subnet range etc

“What is the gcloud command to create a subnet with name sample-subnet in VPC network sample in region us-central1 with range 10.10.10.0/24 Google Cloud?”

As you can see above in the screenshot, Gemini has provided exact gcloud command along with VPC name, subnet name and subnet range. You can just copy and paste this command to create a subnet in VPC sample.

Creating dual-stack subnets for IPV4 and IPV6 — Now, let’s create dual-stack subnets with the help of Gemini.

Enter below in the Prompt,

“What is the gcloud single command to create a dual stack subnet with name sample-subnet in VPC network sample in region us-central1 with range 10.10.10.0/24 Google Cloud and IPv6 access type as External?”

Now, we should know that we can specify IPv4 range , but IPv6 range is automatically provided and configured by Google. One more thing, specifying IPV6 access as internal or external is mandatory if we want to deploy dual stack in single go.

As you can see in the screenshot above, Gemini has provided gcloud command to deploy dual stack subnet in single command as we asked in the prompt.

Creating GKE networking constructs -

While we on-board GKE, we need to know what should be the Pod subnet range required based on number of Nodes and number of pods per single node. Gemini can help to decide upon that as well.

Suppose I am creating a 100 node GKE cluster , with 110 pods per single node. Now, I want to know what should be my POD subnet range,

Enter below in the Gemini prompt,

“How large is the pod ip range I need with 100 total nodes and 110 pods per node?”

As you can see in the above screenshot taken from my project, Gemini is doing all the calculations like how many total pods will be required , and also providing subnet range required to accommodate such numbers of Pods. It also provided recommendations for pod ranges as can be seen below, in this case Gemini is recommending /14 mask subnet to accommodate 11000 pods.

Creating a GKE cluster and exposing it to internet via Load balancer -

Creating a GKE cluster requires a few steps like cluster onboarding, creating deployment, and creating a load balancer to expose the service to the internet or outside world. We will follow step by step process to create a simple web application with the help of Gemini.

Step-1 Enter the below in the Gemini prompt,

“What is the command to create a GKE Autopilot cluster in my current Project dinesh-environment named test in the us-central1 region using the gcloud CLI?’

As you can see in the above screenshot, the prompt, gcloud command provided by gemini , and exactly the same command is pasted into the cloud shell. It takes a few mins to create a GKE cluster with the name as ‘test’ as seen below, GKE cluster is successfully created and ready.

Step 2- next step is to create a deployment of public image. Enter the below prompt to create the same, we are using hello world public image from Google repository,

“What is the kubectl command to create a deployment called hello-server for the image us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0?”

As you see in the above screenshot, Gemini helped to come up with the exact kubectl command to create deployment , and deployment is successfully created in the cloud shell.

Step 3- Next and final step is to create a service of type load-balancer , so that we can expose the service to the internet to be accessible from the outside world.

Here is the prompt for that,

“What is the kubectl expose command to expose this deployment hello-server on port 80 with a load balancer?”

It provided the exact command required to run , to create and expose the service towards internet on port 80 as shown in the screenshot below,

kubectl expose deployment hello-server — type=LoadBalancer — port=80 — target-port=80

Whereas, if you remember, hello-server is the name of the deployment.

If we just copy and paste this command in a cloud shell, it will create a service exposed towards the internet with a public Ip address and also create a load balancer.

Also, as shown above , a network load balancer is created which will have a public IP address exposed towards the Internet.

Network Troubleshooting — using VPC flow logs

Gemini not only helps to create resources , but also helps to troubleshoot a network . For example, VPC flows can be visualized in flow analyzer but it requires SQL queries to generate desired output. That’s where Gemini can help translate NLP (plain english) to SQL queries and generate results.

A smart query button has been added in the flow analyzer which translates or converts NLP into complex SQL queries and produces results. See below the screenshot,

As an example, I am sending ICMP traffic between two VMs, and VPC flow logs are enabled for the subnet. Click add smart query, compose a simple query in NLP as,

“show me traffic between source Ip as 192.168.10.3 and destination ip as 192.168.20.2”

Click generate SQL, it will create SQL query, and then click open in flow analyzer.

As you can see, complete flow details are shown along with the graph. You can click show Details to see more granular details as well, screenshot below,

You can check source Ip , destination IP, protocol, total traffic , VPC network and subnet details in the details. This way, it can help to troubleshoot non-reachability or even traffic load issues using VPC flow analyzer without knowing complex SQL queries. Gemini or Gen AI here makes it easy for the user in translation from NLP to SQL.

Disclaimer: This is to inform readers that the views, thoughts, and opinions expressed in the text belong solely to the author, and not necessarily to the author’s employer, organization, committee or other group or individual.