GCP Google Cloud Platform - VPC Virtual Private Cloud

October 20, 2018

The Series
Big Data

A short clarification: Basic Concepts gives just the intuition of the topic, while the Cheatsheet provides a general overview with lists of organized and structured links with a minimal definition.
These links, coming from the official documentation, are to be used for the study, keeping on focusing at the big picture.
For any doubt, consult the doc Building Blocks, that has small explanation for any single item.

Basic Concepts TL;DR
VPC - Virtual Private Cloud is the network space of your activity or company. It is like your actual Data Center, but just in Cloud. Integrated with your IT resources on-premises (local).
 Before diving into the technical definitions, we’ll get the intuition comparing a Network to a big Sporting Village.

The Village will have:
  1. spots open to the public (bar and restaurant) [public subnet]
  2. The entrance only for members [gateways and firewalls]
  3. The internal streets open to pedestrians, bikes or cars [routes]
  4. Different zone for kids, tennis, swimming pools, basketaball ecc [private subnets]
  5. Internal Common Services [NAT Gateway, VPN ecc..]
  6. Internal Names and Addresses  [Private IP and DNS]

Moreover, the village may be connected with other Villages around the World….

Now let’s dive a little more into the basic concepts :
Subnets: “boxes” in which resources with IP are placed. Located in different places (Europe USA ecc).
Private IP Addresses: all the resources of the network have and use a private IP  
Routes and IP forwarding: the paths in which the traffic may flow
CIDR: groups of IP addresses with this notation The last number indicates the initial bits fixed (10.10.10 → 24 bits), that is →  prefix ranges. See CIDR (explanations and computing)
Firewall rules: security rules for allowing/blocking traffic in relation to protocol, generic labels and specific addresses.
DNS: a network resource may be referred with a number (IP) or a corresponding name.
Region and Zones : in Cloud you may choose to distribute resources in different data Centers (zones) in the same or different big Regions (US-west, US-east, Europe-west). More distance → more latecncy
NAT: systems that translate internal and external addresses automatically
Load Balancers and Availability Groups: behind the IP Address of your website may sit a fleet of Servers. In this case the IP Address point to a Load Balancer that sends traffic to the fleet (Availability Group).

Important concept: you have to manage how to organize your data center in subgroups depending on  which instance may communicate with each other and how.
For example: The finance private subnet may talk only with the accounting private subnet. The public resources may be accessed from Internet only with Https and may ask for data to the DB in the private DB subnet.
Ask yourself
Think at the IT Infrastructure of your Company or University or Government Institution.
How may it fit in this picture?
How could it be transferred into the Cloud?
What could be private? What public? How?

A quick roadmap to all the most important topics. Refer to the doc Building Blocks (links and definitions) for any doubts.

A VPC is a private network (global) created in auto or custom mode with:

An Addressable Resource has a Private IP Address or an Alias IP Range and may be a:

VPCs may be connected :

Connection with on-premise Data Centers may be made with:

Step by Step Guides and :


Labs - Qwiklabs
VPC Networking Fundamentals
Multiple VPC Networks
Creating Cross-region Load Balancing
Using VPC Network Peering
Dynamic VPN Gateways - Cloud Routers (advanced)
Building a High-throughput VPN

Practice Tests

Network Tests

  • Share:

You Might Also Like


Note: only a member of this blog may post a comment.