When preparing for Google Cloud certifications or Amazon AWS certifications, you will likely encounter the term “virtual private cloud.” A virtual private cloud in Google Cloud Platform and Amazon AWS is referred to as a VPC. In this blog post, we’re going to take a look at some of the basics of VPCs within the context of Google Cloud Platform.
- What is a VPC?
- VPC properties
- Connecting VPC networks
- Creating VPC networks and subnets
- Difference between auto and custom mode
When you’re ready to dive deeper into Google Cloud Platform (GCP), you’ll want to check out Cloud Academy’s Google Associate Cloud Engineer Exam Preparation. This learning path provides a solid foundation of how to set up a cloud solution environment; how to plan, configure, and deploy a cloud solution; and how to ensure the successful operation of a cloud solution built with GCP resources and services. The complete learning path includes 10 courses, 1 practice exam, 1 lab challenge, and 7 hands-on labs that let you practice your skills working in a live environment.
What is a VPC?
A VPC is essentially a virtualized network. It’s largely the same as a physical network but in a virtualized form. VPCs, in Google Cloud Platform, provide connectivity for various GCP resources, including Compute Engine VM resources, Google Kubernetes Engine clusters, and many others.
Although a GCP project can contain multiple VPC networks, when you create a project, it will, by default, start with a single default network that contains a single subnet in each region. The default network that is included with each new project is called an “auto mode VPC network.”
When you provision a VPC in Google Cloud Platform, the VPC will be deployed as a global resource; it will NOT be associated with and a specific zone or region. Subnets, which are different “sub-ranges” of IP addresses within the virtual network, however, will be regional resources, which means they will be accessible by any resources within the same region as the subnet.
While resources within a VPC network can communicate with one another via their private IP addresses, firewall rules are used to control traffic flow to and from those resources. These same resources can also communicate with Google APIs and services.
Connecting VPC networks
When you deploy two or more VPC networks, you can connect them to each other by using VPC Network Peering, which allows resources in different VPC networks to communicate in a private RFC 1918 space. The traffic between peered VPC networks remains within Google’s network. It does not traverse the public internet. It’s also important to note that VPC networks can be peered with other VPC networks that reside in different projects and even in different organizations.
You can also securely connect VPC networks with your on-prem network by leveraging Google’s Cloud VPN service, which establishes a secure connection over the pubic internet, or via Google’s Cloud Interconnect offering, which allows for secure connectivity that DOES NOT traverse the public internet.
Creating VPC networks and subnets
Before a VPC network can be used, at least one subnet must be created within that network. The creation of subnets is handled differently, depending on the VPC network type.
When an auto mode VPC network is created, it will automatically create a subnet in each region. Subnets that are automatically created within an auto mode VPC network will use a set of predefined IP ranges within the 10.128.0.0/9 CIDR block. You can also manually add more subnets to an auto mode VPC network if needed. When manually adding a subnet to an auto mode VPC network, however, you need to choose an IP range that falls outside of the 10.128.0.0/9 CIDR block.
By contrast, when a custom mode VPC network is created, it will contain no subnets. A custom mode VPC network allows you to control which subnets and IP ranges are defined within the network. You get to determine which subnets should be created in which regions, and which IP ranges they should consist of.
Auto mode vs. custom mode
Certain use cases call for certain types of VPC networks. For example, in cases where it’s helpful to have subnets automatically created in each region, an auto mode VPC network is a good choice. However, there is a significant caveat to consider in such cases. Because you have no control over the predefined IP ranges that are used to automatically create the subnets, you need to be sure that these predefined ranges do not overlap with IP ranges that you might be using (or might want to use) for other solutions or resources.
Custom mode VPC networks, on the flip side, are more flexible because they offer full control over subnet creation and IP addressing. Because of this flexibility, custom mode VPC networks are generally better suited for production solutions.
A typical use case for custom mode VPC networks would be a situation where you need to connect multiple VPC networks together through VPC Network Peering. Since the subnets within every auto mode VPC network use the same predefined IP address ranges, connecting them would cause overlaps. As a result, you cannot connect auto mode VPC networks to each other.
Google recommends that you use custom mode VPC networks when working in a production environment.
So, what are the key takeaways here? Well, a VPC network is basically a virtualized network that’s largely the same as a physical network, but in a virtualized form. VPC networks are used to provide connectivity for various GCP resources, including Compute Engine VM resources, Google Kubernetes Engine clusters, and many others.
There are two types of VPC networks to choose from: auto mode VPC networks and custom mode VPC networks. Auto mode VPC networks are easier to deploy but they also offer less control and flexibility, while custom mode VPC networks offer full control over subnet creation and IP range definition.
Generally speaking, auto mode VPC networks are best for simple environments while custom mode VPC networks are best for production environments.
To learn more about configuring a Google Cloud Platform VPC, check out Cloud Academy’s course, Implementing a Google Cloud Platform VPC. This course includes 24 lectures that guide you through the key steps to configure a GCP VPC, which allows you to connect your GCP services with one another securely.