Google Cloud Computing Foundation Course - Week 11 Lecture Notes Summary

Lecture 52: Introduction to Networking in the Cloud

Basic Networking Concepts

• Computers communicate through a network.
• LAN (Local Area Network) connects devices in a single location.
• WAN (Wide Area Network) connects multiple LANs.
• The Internet connects millions of devices globally.

Google Cloud’s Network

• Since 2004, Google has built a fast, high-quality cloud infrastructure.
• Uses software-defined networking and distributed systems to deliver services globally.
• Over 100 global points of presence ensure low latency and high throughput.

Lecture 53: Defining a Virtual Private Cloud (VPC)

What is a VPC?
• A VPC builds private networks on top of Google’s global network.
• Allows deployment of Infrastructure-as-a-Service resources like compute instances and
containers.
• VPCs span all GCP regions but have no IP address ranges themselves.

Subnets
• VPCs contain subnets, regional resources that define IP ranges for VMs.
• VMs in the same VPC but different regions can communicate privately without public IP
addresses.
• Subnets use Classless Inter-Domain Routing (CIDR) notation.

Auto Mode vs Custom Mode VPCs

• Auto Mode: Automatically creates subnets in each GCP region with predefined IP ranges.
• Custom Mode: Users create and control subnets and IP ranges manually.

Lecture 54: Public and Private IP Address Basics

Private vs Public IP Addresses

• Private IP Addresses: Used within the VPC; cannot be routed to the Internet.
• Public IP Addresses: External IP addresses, ephemeral or reserved.
• VMs are assigned private IPs through DHCP, and external IPs are assigned from GCP’s pool.
CIDR Notation
• Determines how many IP addresses are available.
• A /16 range provides 65,536 IP addresses, while a /28 range only offers 16 IPs.

Lecture 55: Google’s Network Architecture

Key Networking Components

• Cloud Load Balancing: Distributes traffic across resources for high performance and
scalability.
• Cloud CDN: Delivers content globally with low latency.
• Cloud Interconnect: Provides enterprise-grade connections between on-premise networks and
Google’s network.

Regions, Zones, and Points of Presence (PoPs)

• GCP is divided into regions, with each region containing multiple zones.
• PoPs connect Google’s network with the broader Internet, minimizing latency for users.

Lecture 56: Routes and Firewall Rules

Routes
• Routes direct traffic within a VPC and to destinations outside the network.
• Each route consists of a destination and a next hop.
• Routes allow instances to communicate across subnets within the same VPC.

Firewall Rules
• Protect VMs from unapproved connections (both ingress and egress).
• Firewall rules are applied to the network but affect traffic at the instance level.
• Stateful firewall rules allow bi-directional communication once a connection is established.

Lecture 57: Multiple VPC Networks

Shared VPC
• Allows multiple projects within an organization to share a common VPC.
• Projects can communicate privately using internal IP addresses.

VPC Network Peering

• Connects VPCs in different projects or organizations for private communication.
• Peered networks remain administratively separate, with independent firewall and routing rules.
• Transitive peering is not supported (peered networks can’t connect to third networks through
each other).
Lecture 58: Building Hybrid Clouds

Cloud VPN
• Securely connects on-premise networks to GCP through an IPSEC VPN tunnel.
• Supports both static and dynamic routing using Cloud Router.

Cloud Interconnect
• Dedicated Interconnect: Direct physical connection to Google’s network, ideal for high-
capacity requirements.
• Partner Interconnect: Connectivity through a service provider for smaller capacity needs.

Direct and Carrier Peering

• Direct Peering: Direct connection between Google and a business network, but no SLA.
• Carrier Peering: Connectivity through a service provider for accessing Google’s services with
enterprise-grade performance.

Lecture 59: Different Options for Load Balancing

Types of Load Balancing

• Global Load Balancers: HTTPS, SSL Proxy, and TCP Proxy.
• Regional Load Balancers: Network Load Balancing and Internal Load Balancing.
• Load balancing distributes traffic between multiple VMs to ensure scalability and reliability.

Questions with Answers

1. What is a Virtual Private Cloud (VPC)?
• A private network built on top of Google’s global network, used for deploying IaaS
resources.
2. What are subnets in a VPC?
• Subnets are regional resources that define IP ranges for VMs within a VPC.
3. What is the difference between Auto Mode and Custom Mode VPCs?
• Auto Mode creates subnets automatically; Custom Mode allows users to manually create
and manage subnets.
4. What is a CIDR block?
• A notation used to define IP address ranges in a subnet, e.g., /16 or /28.
5. What are private IP addresses used for in a VPC?
• For internal communication within the VPC; they are not routable on the Internet.
6. What is a public IP address?
• An external IP address assigned to VMs to enable communication over the Internet.
7. How does Cloud Load Balancing work?
• It distributes traffic across multiple instances to improve performance and ensure high
 availability.
8. What is Cloud CDN?
• Google’s content delivery network that delivers cached content to users globally with
low latency.
9. What is Cloud Interconnect?
• A service that provides a direct or partner connection between on-premise networks and
Google’s network.
10.What is the purpose of a firewall in GCP?
• To protect VMs from unauthorized connections and manage inbound/outbound traffic.
11.What is the difference between ingress and egress firewall rules?
• Ingress rules control incoming connections; egress rules control outgoing connections.
12.What is VPC Network Peering?
• A method for connecting two VPCs to allow private communication between them.
13.What are the benefits of using a shared VPC?
• It allows multiple projects within an organization to share a common VPC for private
communication.
14.What is Cloud VPN?
• A service that creates a secure IPSEC tunnel between on-premise networks and a GCP
VPC.
15.What is the difference between Dedicated and Partner Interconnect?
• Dedicated Interconnect offers high-capacity, direct connections, while Partner
Interconnect provides smaller capacity through a service provider.
16.What is Direct Peering?
• A direct connection between a business network and Google’s network.
17.What is Carrier Peering?
• A connection facilitated by a service provider, used to access Google services with
higher availability.
18.What are the types of global load balancers in GCP?
• HTTPS Load Balancing, SSL Proxy, and TCP Proxy.
19.What is the purpose of network load balancing?
• To distribute traffic across resources in a region, ensuring high performance.
20.How do routes work in GCP?
• Routes direct traffic within a VPC and to external destinations, based on destination IP
addresses.
21.What is the role of a virtual router in GCP?
• It manages packet forwarding between instances and next-hop destinations in a VPC.
22.What are ephemeral and reserved IP addresses?
• Ephemeral IPs are temporary, while reserved IPs are fixed and can be reassigned.
23.How are firewall rules applied in GCP?
• Firewall rules are applied to the network but affect traffic at the instance level.
24.What is the function of Cloud DNS?
• Translates domain names to IP addresses using Google’s global DNS infrastructure.
25.What is a point of presence (PoP) in GCP?
• A location where Google’s network connects with the broader Internet.
26.What is the difference between static and dynamic routing in Cloud VPN?
• Static routing uses fixed routes, while dynamic routing uses Cloud Router to manage
routes automatically.
27.What is the significance of a /16 CIDR block?
• It provides 65,536 IP addresses, commonly used for larger subnets.
28.What is the difference between public and private IP addresses in GCP?
• Private IPs are used for internal communication; public IPs are for external access.
29.What is Cloud Interconnect used for?
• To provide high-capacity, low-latency connections between on-premise networks and
GCP.
30.What is Cloud Router?
• A service that manages dynamic routing for VPN and interconnect traffic in GCP.
31.What is the difference between internal and external load balancing?
• Internal load balancing distributes traffic within a VPC, while external load balancing
routes traffic from external sources.
32.What are the key differences between shared VPC and VPC peering?
• Shared VPC is for multiple projects within the same organization, while VPC Peering
connects VPCs across different projects or organizations.
33.What are the benefits of using Cloud CDN?
• It reduces latency by caching content closer to the user, improving load times and
reducing costs.
34.What is transitive peering?
• Transitive peering allows VPC networks to communicate indirectly via another network;
however, GCP does not support it.
35.What is the maximum capacity for a Dedicated Interconnect?
• 10 Gbps per link, with up to eight links for a total of 80 Gbps.
36.How is traffic routed between subnets in the same VPC?
• Traffic is routed privately, without the need for public IP addresses.
37.What is the SLA for Cloud VPN?
• 99.9% availability for site-to-site IPSEC VPN connections.
38.What is the purpose of a subnet in a VPC?
• To define a set of IP ranges for VMs within a region.
39.What is the main use case for Carrier Peering?
• To provide enterprise-grade network services between a business and Google’s
infrastructure through a service provider.
40.What is a region in GCP?
 • A geographical location that contains multiple zones, where resources can be deployed.
41.What is an ingress firewall rule?
• A rule that controls inbound traffic to instances in a network.
42.What is an egress firewall rule?
• A rule that controls outbound traffic from instances in a network.
43.What is the role of a Cloud VPN gateway?
• It encrypts traffic between a GCP VPC and an on-premise network.
44.How does Cloud Load Balancing work globally?
• It routes traffic to resources across multiple regions to provide low-latency and high-
availability services.
45.What are default firewall rules in GCP?
• Pre-configured rules that allow or deny basic communication between instances in a
VPC.
46.What is a shared VPC host project?
• A project that contains the VPC network shared with other service projects.
47.What is a shared VPC service project?
• A project that uses resources from the shared VPC network in the host project.
48.What are the benefits of using Dedicated Interconnect?
• It provides direct, high-capacity connections with lower latency and higher security
compared to the public Internet.
49.What is the purpose of Cloud Interconnect Partner?
• To provide smaller capacity connections through a third-party service provider.
50.What is the difference between VPC peering and using public IP addresses for
communication?
• VPC peering provides private communication between VPCs, while public IP addresses
require routing over the Internet.
51.What are the key features of GCP’s global network?
• It includes fiber optic cables, submarine cables, and over 100 points of presence for low-
latency, high-performance networking.
52.What is Cloud Armor?
• A service that helps protect applications from DDoS attacks by filtering malicious
traffic.
53.What is the maximum capacity of Cloud VPN tunnels?
• 1.5 to 3 Gbps per tunnel, depending on the traffic type.
54.What is a regional load balancer?
• A load balancer that distributes traffic across instances within a single region.
55.What is dynamic routing in GCP?
• Routing that uses Cloud Router to automatically manage routes between on-premise and
GCP networks.
56.What is an external IP address in GCP?
 • An IP address used to allow communication between a VM and external resources over
the Internet.
57.What is the main purpose of GCP’s VPC network?
• To provide private, secure communication between resources within GCP.
58.How does Cloud Router integrate with Cloud VPN?
• It manages dynamic routes for traffic between GCP and on-premise networks over VPN
tunnels.
59.What are the types of firewalls in GCP?
• Stateful firewalls that manage both ingress (incoming) and egress (outgoing) traffic.
60.What is the role of a network admin in GCP?
• To manage network configurations, including routing, firewall rules, and VPC settings.