Networking in Google Cloud — Things to check out to catch up -’24 edition (monthly updates)

Updates every month for ‘24
— — — — — — — — — — — — — —
2024 will be a very active year, I mean across the spectrum of services and the continued growth of AI. A lot of things have improved/changed/are changing. I’ve looked at a lot of material out there and it’s good to a certain point, it gets you there but it’s not where it should be. Last year I brought you the article 10+ DevOps & SRE resources everyone should check out.

So here are things you should catch up on for networking in Google Cloud.
(I’ll update new stuff every month for ‘24)

___________ _ _ _
August— 24 ☀️☀️

— — — — — — — — — — — — —

# 1 —Access Anthropic Claude 3.5 on Vertex AI. — Config lab with pPC,GCE, Vertex and DNS
Blog — https://medium.com/google-cloud/access-anthropic-claude-3-5-sonnet-on-google-vertex-ai-via-python-sdk-8bea11c479e0

# 2 —Network Connectivity Center — Preset topologies available
Documentation- https://cloud.google.com/network-connectivity/docs/network-connectivity-center/concepts/vpc-spokes-overview#preset-topologies

# 3 —Cloud load balancing — Regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS)
Documentation—https://cloud.google.com/load-balancing/docs/mtls

# 4 — NGFWs and Cloud NAT — Demo videos
Blog with links — https://cloud.google.com/blog/products/networking/cloud-nat-and-cloud-ngfw-demos

# 5 —Media CDN origin offload— Helpful blog
Blog — https://cloud.google.com/blog/products/networking/media-cdn-origin-offload-does-trick-for-warner-bros-discovery

#6 — Private Servce connect labs for PSC 66 and PSC 64
Lab PSC 66 — https://codelabs.developers.google.com/psc-psc66?hl=en
Lab PSC 64— https://codelabs.developers.google.com/psc-psc64?hl=en

Product release notes: Checkout out all release notes for GA and preview feature

___________ _ _ _
July — 24 ☀️☀️

— — — — — — — — — — — — —

# 1 — VPC firewall rules migration tool. — Migrate VPC firewall rules to global network firewall policy.
Demo video — https://www.youtube.com/watch?v=Seb5qF3IR9M
Docs — https://cloud.google.com/firewall/docs/migrate-vpc-firewall-rules-overview

# 2 — Cloud NAT and NGFW video — Learn about enhancement in Cloud NAT.
Demo video — https://www.youtube.com/watch?v=SYDGjqZyk-M
Blog- https://www.googlecloudcommunity.com/gc/Community-Blogs/Securing-network-access-using-Cloud-NAT-and-cloud-based/ba-p/784153

# 3 — Distributed application with CCN Architecture — Four part Architecture design set for Cross-Cloud Network designing distributed applications.
Blog:
— https://cloud.google.com/blog/products/networking/network-distributed-applications-at-global-scale

# 4 — AlloyDB for PostgreSQL — Support for public IP
-Document s — #1 https://cloud.google.com/alloydb/docs/connect-public-ip
#2 https://cloud.google.com/alloydb/docs/org-policy

# 5 — Cloud Armor — Granular models for Cloud Armor Adaptive Protection
Documentation — https://cloud.google.com/armor/docs/adaptive-protection-overview#granular-models

# 6 — Network Intelligence Center — The GKE Enterprise view of Network Topology is generally available
Documentation — https://cloud.google.com/network-intelligence-center/docs/network-topology/concepts/overview

#7 — Deploy NVIDIA DGC on VM- Learn how to quickly deploy an NVIDIA optimized VM and access a pytorch notebook.
Blog/lab — https://medium.com/google-cloud/deploy-nvidia-ngc-on-google-cloud-config-lab-run-your-ai-workloads-b8f860fcd6aa
Demo Video-https://www.youtube.com/watch?v=Xe-IHdZc8A4

Product release notes: Checkout out all release notes for GA and preview features

___________ _ _ _
June— 24 ☀️☀️

— — — — — — — — — — — — —

# 1 — Cross-Cloud Networking Innovation Workshop— Open for sign up. This is for enterprise customer and will be held at Google locations.
Registration — https://inthecloud.withgoogle.com/cross-cloud-network-innovation-workshop/register.html

# 2 — Exploring Google Cloud networking enhancements for generative AI applications — This is a must read blog to get an idea of the innovation to support AI workloads.
Blog- https://cloud.google.com/blog/products/networking/networking-capabilities-optimize-traffic-for-generative-ai-apps
Demo video —https://www.youtube.com/watch?v=UNsh1SWtozI

# 3 — Service-Centric Cross-Cloud Network— Demo setting up distributed apps across different cloud providers.
Demo Video:
— https://www.youtube.com/watch?v=3sZq3xpsDKA

# 4 — Service networking for distributed apps — Final architectural document.
-Document — https://cloud.google.com/architecture/ccn-distributed-apps-design/service-networking

# 5 — Edge services — Support IPv6 address peering
Cloud Armor — Cloud Armor support for Layer 7 filtering in globally scoped edge security policies for Media CDN is now Generally Available.
Media CDN -https://cloud.google.com/media-cdn/docs/security-policies#example-deny-incoming-requests-with-specific-header-content

# 6 — BYOIP IPv6 — Bring your own IPv6 address to Google Cloud.
Documentation— https://cloud.google.com/vpc/docs/bring-your-own-ip#comparison

# 7 — VPC service Controls — Allow access to protected resources from an internal IP address
Documentation — https://cloud.google.com/vpc-service-controls/docs/enable-internal-ip-access

Product release notes: Checkout out all release notes for GA and preview features

___________ _ _ _
May — 24 ☀️☀️

— — — — — — — — — — — — —

# 1 —Private network connectivity option to Vertex AI — Connect privately to vertex workload with private options.
Blog — https://cloud.google.com/blog/products/networking/private-connectivity-to-vertex-workloads
Documentation — https://cloud.google.com/vertex-ai/docs/general/netsec-overview#private-access

# 2 — Media CDN — Dual-token authentication now GA.
Documentation — https://cloud.google.com/media-cdn/docs/use-dual-token-authentication

# 3 — Partner Interconnect— Support for dual stack IPv4 and IPv6 now GA.
Documentation:
— https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview#ipv6-support

# 4 —Cloud load balancing— Some new updates.
-Blog — https://cloud.google.com/blog/products/networking/recent-enhancements-to-the-global-front-end-solution
-Download and read (Global Front End Solution Design Guide) https://services.google.com/fh/files/misc/cross_cloud_networking_for_global_front_end_solution_design_guide.pdf
-Download and read (Global Front End Solution Brief) — https://services.google.com/fh/files/misc/gfe_solution_brief.pdf

# 5 —Cloud router — Support IPv6 address peering
Documentation —https://cloud.google.com/network-connectivity/docs/router/concepts/overview#bgp-ips

# 6—Cloud NGFW labs— Hands-on codelabs to practice in your environment.
Lab — (without TLS inspection) -https://codelabs.developers.google.com/cloud-firewall-plus?hl=en#0

Lab -(with TLS inspection) — https://codelabs.developers.google.com/cloud-ngfw-enterprise-tls?hl=en#0

# 7— How to learn networking in Google Cloud — Step by step guide.
Blog — https://medium.com/google-cloud/how-to-learn-networking-on-google-cloud-techventurers-guide-351a724c87e9

# 8 — Private Service Connect & Service Directory- Hands-on Lab
Lab — https://www.cloudskillsboost.google/focuses/92818?catalog_rank=%7B%22rank%22%3A1%2C%22num_filters%22%3A0%2C%22has_search%22%3Atrue%7D&parent=catalog&search_id=32254530

___________ _ _ _
April— 24 🐥🐥❄

— — — — — — — — — — — — —

# 1 — What new in networking NEXT. — NEXT ’24 networking updates.
Blog — https://cloud.google.com/blog/products/networking/whats-new-for-networking-at-next24

# 2 — Cloud NGFW — IPS, with native integration with Palo Alto. Easy to use.
YouTube — https://www.youtube.com/watch?v=OCqnf2E6zn0
Blog- https://cloud.google.com/blog/products/identity-security/announcing-next-gen-firewall-enterprise-now-in-ga-next24

# 3 — Cross-Cloud Network (Distributed application) Architecture Documentation— Architecture doc these are must reads to elevate your skills.
Documentation set:
— https://cloud.google.com/architecture/ccn-distributed-apps-design
— https://cloud.google.com/architecture/ccn-distributed-apps-design/connectivity
— https://cloud.google.com/architecture/ccn-distributed-apps-design/security

# 4 — IDC white paper—Accelerating the Enterprise AI Journey with Cross-Cloud Network
Download — https://cloud.google.com/resources/accelerating-the-enterprise-ai-journey-with-cross-cloud-network-whitepaper?hl=en

# 5 — Dual-stack Load Balancer Services—You can now create a dual-stack GKE cluster and expose GKE Services using either IPv4, IPv6 or both
Documentation — https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer-parameters#ipv4ipv6_dual-stack_loadbalancer_service

# 6 — Verified Peering Provider. Read more — https://cloud.google.com/network-connectivity/docs/verified-peering-provider

# 7— Cloud load balancing — Internal passthrough Network Load Balancer now supports load-balancing for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE protocols.
Documentation - https://cloud.google.com/load-balancing/docs/internal/setting-up-ilb-multiple-protocols

#8- Network Intelligence Center — Flow Analyzer in preview
Documentation- https://cloud.google.com/network-intelligence-center/docs/flow-analyzer/overview

#9- Cloud NAT - Hybrid NAT is in preview
Documentation - https://cloud.google.com/nat/docs/about-hybrid-nat

#10- Direct VPC egress on Cloud Run is now generally available
Blog — https://cloud.google.com/blog/products/serverless/direct-vpc-egress-for-cloud-run-is-now-ga
Documentation - https://cloud.google.com/run/docs/configuring/vpc-direct-vpc

___________ _ _ _
March — 24 ❄️❄️

— — — — — — — — — — — — —

# 1 - Load Balancing mTLS (in preview)— For applications that require the load balancer to authenticate the identity of clients that connect to it, use mutual TLS (mTLS).
Documentation — https://cloud.google.com/load-balancing/docs/mtls

# 2 - Load Balancing GUI menu — this was updated to help you choose the right load balancer.

# 3 - Network Intelligence Center — Network Analyzer now includes an insight that gives a summary of the IP address utilization of all the Private Service Access ranges
Documentation: https://cloud.google.com/network-intelligence-center/docs/network-analyzer/insights/vpc-network/ip-utilization#psa-ip-allocation-ratio-summary

# 4 - NEXT ’24 Networking sessions — https://cloud.google.com/blog/products/networking/networking-session-preview-at-next24

# 5 — GKE, Apigee and PSC — https://cloud.google.com/blog/products/api-management/using-private-service-connect-for-apigee-gke-connectivity

___________ _ _ _
February — 24 ❄️❄️

— — — — — — — — — — — — —

# 1- Partner Interconnect supports dual-stack IPv4 and IPv6 in Public Preview.
Documentation — https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview#ipv6-support
# 2- Cloud Interconnect supports VLAN attachments with a maximum transmission unit (MTU) up to 8896 bytes.
Documentation — Cloud Interconnect MTU
# 3- You can now use public IP with the AlloyDB Language Connectors (Preview)
Blog- Google AlloyDB is getting Public IP

#4 - Internal range API
Blog- https://cloud.google.com/blog/products/networking/introducing-internal-range-api

___________ _ _ _
January — 24 ❄️❄️

— — — — — — — — — — — — —

# 1- Cross-Cloud Network eBook — Read more about this in the free Introduction to Google Cross-Cloud Network ebook . Stay tuned for the Architecture Doc set coming soon. 🙂

# 2- Cloud VPN — You can now connect and HA VPN gateway to Compute Engine virtual machine (VM) instances.
Documentation — VM single zone config, Multizone Config
I created a test config lab with VyOS — https://medium.com/google-cloud/google-cloud-ha-vpn-to-compute-engine-vm-nva-config-lab-with-vyos-a447624849da

# 3 — Cloud NAT — Inter-VPC NAT feature this enables private-to-private translations across Google Cloud networks. This works with NCC.
Documentation — Private NAT
Video — https://www.youtube.com/watch?v=x6P3NwiPmP4&t=51s

# 4 — Private Service Connect Interfaces now GA — A Private Service Connect interface is a resource that lets a producer Virtual Private Cloud (VPC) network initiate connections to various destinations in a consumer VPC network.
Documentation — https://cloud.google.com/vpc/docs/about-private-service-connect-interfaces

_____________ _ _ _
Let’s start — From ‘23

1 # Duet AI — Intro to your AI assistant in Google Cloud. Check out some basic intro into Duet AI for networking.
Documentation — Explain and customize cloud networking with Duet AI
Hand-on labs — https://www.cloudskillsboost.google/course_templates/884
Youtube — https://www.youtube.com/watch?v=fZmTU748YsM

2 # IPv6 support — IPv6 is supported in a dual-stack configuration. You can also use IPv6 on your load balancers.
Documentation — IPv6 subnet ranges

3 # Private Service Connect — This provides you the ability to connect to services privately from service producer networks using and IP address from you own VPC network. No complicated VPN or VPC network peering required. It support multiple use cases and features like, multi regional access, endpoint, backend, interfaces have be added\previewed and it’s getting better.
Documentation — Private Service Connect
YouTube — https://www.youtube.com/watch?v=8sGs3b5zFOE

4 # Cross-Cloud Interconnect — This allows you to created a direct stable connections to another cloud provided at a colocation. This expands the Cloud-Interconnect family which provide stable connectivity to on-premises environments
Documentation — Cross-Cloud Interconnect overview
Video — https://www.youtube.com/watch?v=W-fVLyCQ2kA

5# Cloud Firewall Plus (IPS support) — This enhanced firewall capability by providing mative intergration with Palo Alto into your environment. You can enable this without redesigning your VPC and leverage IPS capability to enhance you security poster.
Documentation — IPS overview
Blog — Introducing Google Cloud Firewall Plus with intrusion prevention
YouTube — https://www.youtube.com/watch?v=p7JKjFdDeqE

6 # Network Connectivity Center (VPC spoke support). — This may help you get around VPN network Peering limitation (25 VPC limit) and non transitive routing.
Documentation — VPC spokes overview
YouTube demo — https://www.youtube.com/watch?v=x6P3NwiPmP4
Codelab —NCC VPC as a Spoke

7 # Cross-Cloud Network — This leverages Google’s Global network to provide any-to any- connectivity using Google Global backbone.
Documentation — Modernize your network with Cross-Cloud Network
Design Doc — Cross-Cloud Network Solution Brief

8 # GKE Gateway Ingress Support — Google Kubernetes Engine (GKE) implementation of the Kubernetes Gateway API using the GKE Gateway controller.
Documentation — Gateway
Blog — Ingress traffic to your GKE fleet with the Multi-cluster Gateway controller, now GA

9 # Private NAT — Private NAT enables private-to-private translations across Google Cloud networks.
Documentation — Private NAT

10 # Load balancers — A staple in designing you cloud network to distribute traffic to your workloads. They were some additional and adjustment to the naming.
Documentation — Choosing a load balancer

11 # DNS — Core service to handle name to IP resolution. Google Cloud can support complex use cased for DNS.
Documentation — Best practices for Cloud DNS
Video- https://www.youtube.com/watch?v=hOUlt9Nylq8

Bonus
Advanced networking demos : https://goo.gle/AdvancedNetworking

Advanced networking demo series: This YouTube series focused on L200+ level networking and networking security demo. Check out current playlist here. Advanced Networking demo series playlist

Architecture Center updates >>
All updates generally — https://cloud.google.com/architecture/release-notes

Document archetypes — Google Cloud deployment archetypes

Networking Architecture doc sets
#1 — Designing networks for migrating enterprise workloads: Architectural approaches
#2 — Networking for secure intra-cloud access: Reference architectures
#3 — Networking for internet-facing application delivery: Reference architectures
#4 —Networking for hybrid and multi-cloud workloads: Reference architectures

TCO report # The Economic Advantage of Google Cloud’s Advanced Networking Services

My external content — Github

Product release notes : Checkout out all release notes

Follow me on LinkedIn for more content.