Some basic facts about GCP VPC network:

 

A project:

● Associates objects and services with billing.

● Contains networks (quota max 5). This is not the limit and hence can be increased.

 

A VPC network:

● Has no IP address range.

● Is global and spans all available regions.

● Contains subnetworks.

● Can be of type default, auto mode, or custom mode.

An auto mode network can be converted to custom mode network, but “once custom, always custom.”

 

Subnetworks cross zones:

● Subnetworks can extend across zones in the same region.

● One VM and an alternate VM can be on the same subnet but in different zones.

● A single firewall rule can apply to both VMs even though they are in different zones.

● Defined by internal IP address prefix range

● Specified in CIDR notation

○ IP ranges cannot overlap between subnets

○ IP range can be expanded but can never shrink

○ Specific to one region

● Can cross zones within the region

● Notice that the first address in the range, 10.0.0.1, is reserved for the "router" address. And the last address in the range, 10.0.0.255, is reserved for the "broadcast" address. VPC networks only support IPv4 unicast traffic. IPv4 broadcast and IPv4 multicast are not supported.

 

Networks have no IP range, so subnetworks don't need to fit into an address hierarchy. Instead, subnetworks can be used to group and manage resources. They can represent departments, business functions, or systems.

 

In the GCP VPC, that physical network structure doesn't exist. The network has no top-level IP range.

 

IP addresses:

 

• Internal IP
• Allocated from subnet range to VMs by DHCP
• DHCP lease is renewed every 24 hours Reserved (static)
• VM name + IP is registered with network-scoped DNS

  

• External IP
• Assigned from pool (ephemeral)
•  VM doesn't know external IP; it is mapped to the internal IP
• Reserved (static)

Billed when not attached to a running VM

       DNS resolution for internal addresses

      Each instance has a hostname that can be resolved to an internal IP address:

● The hostname is the same as the instance name.

● FQDN is [hostname].c.[project-id].internal.

○ Example: guestbook-test.c.guestbook-151617.internal

Name resolution is handled by internal DNS resolver:

● Provided as part of Compute Engine (169.254.169.254).

● Configured for use on instance via DHCP.

● Provides answer for internal and external addresses.

 

            DNS resolution for external addresses

● Instances with external IP addresses can allow connections from hosts outside of the project.

○ Users connect directly using external IP address.

○ Admins can also publish public DNS records pointing to the instance.

○ Public DNS records are not published automatically.

● DNS records for external addresses can be published using existing DNS servers (outside of GCP).

● DNS zones can be hosted using Cloud DNS.

○ Create zone and configure domain DNS to use.

○ Create, update, and remove records manually or via API

 

Using IP aliasing, you can configure multiple IP addresses, representing containers or applications hosted in a VM, without having to define a separate network interface.

Draw the alias IP range from the local subnet's primary or secondary CIDR ranges. Configuring alias IP ranges describes commands for setting up a subnet with

secondary ranges and for assigning alias IP addresses to VMs.

 

Routes:

Every network has:

● Routes that let instances in a network send traffic directly to each other.

● A default route that directs packets to destinations that are outside the network.

 

The fact that a packet has a route to a destination doesn’t mean it can get there; firewall rules must also allow the packet.

 

Firewall rules:

        Firewall rules protect your VM instances from unapproved connections

         ● Every VPC network also functions as a distributed firewall.

● Firewall rules are applied to the network as a whole.

● Connections are allowed or denied at the instance level.