The Series

Compute

Storage & DB

Network

Big Data

A short clarification: Basic Concepts gives just the intuition of the topic, while the Cheatsheet provides a general overview with lists of organized and structured links with a minimal definition.

These links, coming from the official documentation, are to be used for the study, keeping on focusing at the big picture.

For any doubt, consult the doc Building Blocks, that has small explanation for any single item.

Basic Concepts TL;DR

VPC - Virtual Private Cloud is the network space of your activity or company. It is like your actual Data Center, but just in Cloud. Integrated with your IT resources on-premises (local).

 Before diving into the technical definitions, we’ll get the intuition comparing a Network to a big Sporting Village.

The Village will have:

1. spots open to the public (bar and restaurant) [public subnet]
2. The entrance only for members [gateways and firewalls]
3. The internal streets open to pedestrians, bikes or cars [routes]
4. Different zone for kids, tennis, swimming pools, basketaball ecc [private subnets]
5. Internal Common Services [NAT Gateway, VPN ecc..]
6. Internal Names and Addresses  [Private IP and DNS]

Moreover, the village may be connected with other Villages around the World….

Now let’s dive a little more into the basic concepts :

Subnets: “boxes” in which resources with IP are placed. Located in different places (Europe USA ecc).

Private IP Addresses: all the resources of the network have and use a private IP  

Routes and IP forwarding: the paths in which the traffic may flow

CIDR: groups of IP addresses with this notation 10.10.10.0/24. The last number indicates the initial bits fixed (10.10.10 → 24 bits), that is →  prefix ranges. See CIDR (explanations and computing)

Firewall rules: security rules for allowing/blocking traffic in relation to protocol, generic labels and specific addresses.

DNS: a network resource may be referred with a number (IP) or a corresponding name.

Region and Zones : in Cloud you may choose to distribute resources in different data Centers (zones) in the same or different big Regions (US-west, US-east, Europe-west). More distance → more latecncy

NAT: systems that translate internal and external addresses automatically

Load Balancers and Availability Groups: behind the IP Address of your website may sit a fleet of Servers. In this case the IP Address point to a Load Balancer that sends traffic to the fleet (Availability Group).

Important concept: you have to manage how to organize your data center in subgroups depending on  which instance may communicate with each other and how.

For example: The finance private subnet may talk only with the accounting private subnet. The public resources may be accessed from Internet only with Https and may ask for data to the DB in the private DB subnet.

Ask yourself

Think at the IT Infrastructure of your Company or University or Government Institution.

How may it fit in this picture?

How could it be transferred into the Cloud?

What could be private? What public? How?

Cheatsheet

A quick roadmap to all the most important topics. Refer to the doc Building Blocks (links and definitions) for any doubts.

If you like Videos: Next VCP Dive & Best

A VPC is a private network (global) created in auto or custom mode with:

• Subnets (Regional) 1+ IP range partitions - primary & secondary CIDR range
• Routes manage traffic from VMs to a destination (inside or outside VPC)
• default route →  Private Google Access
• subnet route
• static route
• dynamic route
• Forwarding rules manage traffic to VMs inside VPC (private IPs) from outside
• Virtual Hosting
• Load Balancing
• Firewall Routes allow or deny traffic to VMs with priority → stateful
• Private Google Access
• NAT Gateway → private IP ← → public IP advanced: multiple
• Internet Gateway created automatically in the routing table
• TAGs label used to group resources
• Private Google/Services Access Access to Google Service only from inside without public IP and any public exposure
• VPC Flow Logs →  IP traffic going to and from network interfaces

An Addressable Resource has a Private IP Address or an Alias IP Range and may be a:

• VM may have a tag
• Network Interface → may be 2+ in 1 VM
• Load Balancer distribute workload to 2+ VMs

Connection with Internet (public):

• valid default Internet gateway route
• Firewall rules allow egress traffic
• external IP address OR NAT Gateway
• CDN Content Delivery Network - caching content near users at the edges of Google's network

VPCs may be connected :

• Shared VPC - attach subnets to other project → VPCs → host and service
• How to delete the sharing
• VCP Peering connectivity directly with IP ranges (CIDR - rfc1918) across VPCs different projects/organizations

Connection with on-premise Data Centers may be made with:

• Classical and economical VPN  with IPsec - also redundant → Cloud Router;
• Border Gateway Protocol (BGP) Enable dynamic routing, that is, automatic update of routing configuration when there are changes
• Cloud Interconnect – Dedicated - fast & expensive
• Cloud Interconnect – Partner - cheaper
• How to choose Cloud Interconnect    

Step by Step Guides and :

• Create VPC
• Manage firewalls
• use network tags
• using flow logs
• IP: private  public  alias ip ranges

Demos

Getting Started: Google Cloud VPC

Create an HTTP Load Balancer

Create Managed Instance Group

Creating Managed Instance Group Templates

Running a container with Managed Instance Groups

Command Line Creation of Managed Instance Groups

Autohealing Instance Groups

Setting Up Cloud CDN

Labs - Qwiklabs

VPC Networking Fundamentals

Multiple VPC Networks

Creating Cross-region Load Balancing

Using VPC Network Peering

Dynamic VPN Gateways - Cloud Routers (advanced)

Building a High-throughput VPN

Practice Tests

Network Tests