Google Cloud Platform - Virtual Private Cloud (VPC)
A Virtual Private Cloud (VPC) is a global, private, isolated virtual network partition within Google Cloud. It provides networking functionality to Compute Engine VM instances, GKE clusters, and the App Engine flexible environment.
1. Core Components
- Subnets: Regional resources that define IP address ranges.
- Firewall Rules: Control traffic to and from instances (Ingress/Egress).
- Routes: Define paths for traffic to leave the VPC (e.g., Default Internet Gateway).
- Cloud Router: Enables dynamic exchange of routes between your VPC and on-premises networks.
2. VPC vs. Subnet Comparison
| Feature | VPC (Global) | Subnet (Regional) |
|---|---|---|
| Scope | Global (Spans all regions) | Regional (Tied to one region) |
| Definition | The entire virtual network | A specific IP range (CIDR) |
| Communication | Resources can talk privately across regions | Organizes resources by geography |
Practical Example: Two-Tier Architecture
Imagine a secure banking app:
- Web Tier: Located in a Public Subnet with an External IP for customer access.
- Database Tier: Located in a Private Subnet with no External IP.
- Security Logic: A Firewall rule is set to only allow traffic into the Database Subnet if it originates from the Web Tier's internal IP range.
3. Steps to Launch a VPC on GCP
- Navigate: Open the GCP Console and go to VPC network > VPC networks.
- Initiate: Click Create VPC Network at the top of the page.
- Configure Name: Provide a unique name (e.g.,
prod-vpc-network). - Set Subnet Mode: Choose Custom. This allows you to manually define subnets and IP ranges for better security.
- Add a Subnet:
- Name:
subnet-us-east - Region:
us-east1 - IP Address Range:
10.0.1.0/24
- Name:
- Select Firewall Rules: Check basic rules like
allow-sshorallow-icmpto allow initial connectivity. - Finalize: Scroll to the bottom and click Create.