Understanding the fundamental building blocks of networking in a major cloud platform like Google Cloud is crucial for anyone deploying applications or infrastructure. At the core is the concept of a Virtual Private Cloud (VPC) network. Unlike traditional physical networks, a VPC network is a global resource, meaning subnets within a single VPC can span across multiple regions worldwide. This allows for highly flexible and scalable network design.
Within a VPC network, you define subnets. Subnets are regional resources, each associated with a specific region and having its own IP address range. Virtual machine instances and other resources connect to a subnet within a VPC network. Communication between instances in different subnets within the same VPC network is private and does not traverse the public internet.
Controlling traffic flow is handled by firewall rules. These are global resources applied at the VPC network level, but they can be configured to apply to specific instances or groups of instances based on tags. Firewall rules are stateful, allowing response traffic for allowed incoming connections and request traffic for allowed outgoing connections without needing a separate rule for the reverse direction. You can define ingress (inbound) and egress (outbound) rules to permit or deny traffic based on protocol, port, source, and destination.
Packet forwarding within the network is determined by routes. Routes are also global resources. The VPC network automatically includes system-generated routes, such as a default route for internet access and routes for internal IP ranges. You can also create custom static routes to direct traffic to specific next hops, such as a gateway or an instance, for scenarios like sending traffic to a network virtual appliance.
Beyond these core components, other essential networking services include Cloud DNS for managing domain names, Cloud Load Balancing for distributing traffic across instances, and Cloud VPN or Cloud Interconnect for securely connecting your on-premises network to your VPC.
Mastering these concepts – VPC networks, subnets, firewall rules, and routes – provides a solid foundation for designing and managing your cloud infrastructure effectively and securely.
Source: https://cloud.google.com/blog/topics/developers-practitioners/google-cloud-networking-101-quick-reference-guide/
