419125, 6:26 PM \Virual Private Cloud (VPC) overview | Google Cloud Virtual Private Cloud (VPC) overview Virtual Private Cloud (VPC) provides networking functionality to Compute Engine virtual machine (VM) instances (/compute/docs/instances), Google Kubernetes Engine (GKE) clusters (/kubernetes-engine/docs), and serverless workloads (/serverless#section-3). VPC provides networking for your cloud-based resources and services that is global, scalable, and flexible. This page provides a high-level overview of VPC concepts and features. VPC networks You can think of a VPC network the same way you'd think of a physical network, except that it is virtualized within Google Cloud. A VPC network is a global resource that consists of a list of regional virtual subnetworks (subnets) in data centers, all connected by a global wide area network. VPC networks are logically isolated from each other in Google Cloud hitpseloud google comivpeldocsloverview wr419125, 825 PM. \Virual Private Cloud (VPC) overview | Google Cloud @ Mntenet © Google Cloud Platform Projet © veonsiwok Y% vec Routing Region uswest! subnet 10278000724 vm ro20002 vM 1028003 Region useast subnet: 192.1681 0/24 sbres:10200°6 one veesst-b {Zone usenet Zone: senate vM vm vM 192,168.12 10202 10203 vm vw2i6813 ntps:ifeloud google comivpeldocsioverview419125, 6:26 PM \Virual Private Cloud (VPC) overview | Google Cloud ((static/vpc/images/vpc-overview-example.svg) VPC network example (click to enlarge) AVPC network does the following: + Provides connectivity for your Compute Engine virtual machine (VM) instances (/compute/docs/instances), including Google Kubernetes Engine (GKE) clusters (/kubemetes-engine/docs/concepts/cluster-architecture), serverless workloads (/serverlessiisection-3), and other Google Cloud products built on Compute Engine VMs. * Offers built-in internal passthrough Network Load Balancers and proxy systems for internal Application Load Balancers. + Connects to on-premises networks by using Cloud VPN tunnels and VLAN attachments for Cloud interconnect. * Distributes traffic from Google Cloud external load balancers to backends. For more information, see VPC networks (/vpe/docs/vpe). Firewall rules Each VPC network implements a distributed virtual firewall that you can configure. Firewall tules let you control which packets are allowed to travel to which destinations. Every VPC network has two implied firewall rules (/vpc/docs/firewalls##default_firewall_rules) that block all incoming connections and allow all outgoing connections. The default network has additional firewall rules (/vpe/docs/firewalls#more_rules_default_vpc), including the default-allow-internal rule, which permit communication among instances in the network. For more information, see VPC firewall rules (/vpc/docs/irewalls). Routes Routes tell VM instances and the VPC network how to send traffic from an instance to a destination, either inside the network or outside of Google Cloud. Each VPC network comes with some system-generated routes (/vpc/docs/vpc#system-generated-routes) to route traffic hitpseloud google comivpeldocsloverview a7ars925, 6:26 PM Virtual Private Clo (VPC) overview | Google Cloud among its subnets and send traffic from eligible instances (/vpc/docs/vpc#internet_access_reqs) to the internet, You can create custom static routes to direct some packets to specific destinations. For more information, see Routes (/vpc/docs/routes) Forwarding rules While routes govern traffic leaving an instance, forwarding rules direct traffic to a Google Cloud resource in a VPC network based on IP address, protocol, and port. Some forwarding rules direct traffic from outside of Google Cloud to a destination in the network; others direct traffic from inside the network. Destinations for forwarding rules are target instances (/load-balancing/docs/protocol-forwarding), load balancer targets (backend services, target proxies, and target pools) (/load-balancing/docs/forwarding-rule-concepts), and Classic VPN gateways (/network-connectivity/docs/vpn/concepts/classic-topologies) For more information, see Forwarding rules overview (/load-balancing/docs/forwarding-rule-concepts). Interfaces and IP addresses VPC networks provide the following configurations for IP addresses and VM network interfaces. IP addresses Google Cloud resources, such as Compute Engine VM instances, forwarding rules, and GKE containers, rely on IP addresses to communicate. For more information, see IP addresses (/vpc/docs/ip-addresses). Alias IP ranges If you have multiple services running on a single VM instance, you can give each service a different internal IP address by using alias IP ranges. The VPC network forwards packets that hitpsifcloud.googte.comivpeidocsioverview419125, 6:26 PM \Virual Private Cloud (VPC) overview | Google Cloud are destined to a particular service to the corresponding VM. For more information, see Alias IP ranges (/vpe/docs/alias‘p) Multiple network interfaces You can add multiple network interfaces to a VM instance, where each interface resides in a unique VPC network. Multiple network interfaces enable a network appliance VM to act as a gateway for securing traffic among different VPC networks or to and from the internet. For more information, see Multiple network interfaces (/vpc/docs/multiple-interfaces-concepts). VPC sharing and peering Google Cloud provides the following configurations for sharing VPC networks across projects and connecting VPC networks to each other. Shared VPC You can share a VPC network from one project (called a host project) to other projects in your Google Cloud organization. You can grant access to entire Shared VPC networks or select subnets therein by using specific [AM permissions (/vpe/docs/shared-vpci#iam_in_shared_vpc). This lets you provide centralized control over a common network while maintaining organizational flexibility. Shared VPC is especially useful in large organizations. For more information, see Shared VPC (/vpe/docs/shared-vpc). VPC Network Peering VPC Network Peering lets you build software as a service (SaaS) (https://wikipedia.org/wiki/Software_as_a_service) ecosystems in Google Cloud, making services available privately across different VPC networks, whether the networks are in the same project, different projects, or projects in different organizations. With VPC Network Peering, all communication happens by using internal IP addresses. Subject to firewall rules, VM instances in each peered network can communicate with one another without using external IP addresses. hitpseloud google comivpeldocsloverview 87arian, 626 PM Vitus Private Cloud (VPC) overview | Google Cloud Peered networks automatically exchange subnet routes for private IP address ranges. VPC Network Peering lets you configure whether the following types of routes are exchanged * Subnet routes for privately re-used public IP ranges * Custom static and dynamic routes Network administration for each peered network is unchanged: IAM policies are never exchanged by VPC Network Peering. For example, Network and Security Admins for one VPC network do not automatically get those roles for the peered network. For more information, see VPC Network Peering (/vpc/docs/vpe-peering), Hybrid cloud Google Cloud provides the following configurations that let you connect your VPC networks to on-premises networks and networks from other cloud providers. Cloud VPN Cloud VPN lets you connect your VPC network to your physical, on-premises network or another cloud provider by using a secure virtual private network (https://wikipedia.org/wiki/Virtual_private_network). For more information, see Cloud VPN (/network-connectivity/docs/vpn). Cloud Interconnect Cloud Interconnect lets you connect your VPC network to your on-premises network by using a high speed physical connection. For more information, see Cloud Interconnect (/network-connectivity/docs/interconnect). Cloud Load Balancing Google Cloud offers several load balancing configurations to distribute traffic and workloads across many backend types. hitpseloud google comivpeldocsloverview er419125, 6:26 PM Viral Private Cloud (VPO) overview | Google Cloud For more information, see Cloud Load Balancing overview (/load-balancing/docs/load-balancing-overview). Private access to services You can use Private Service Connect (/vpc/docs/private-service-connect), Private Google Access (wpe/docs/private-google-access), and private services access (/vpc/docs/private-services-access) to let VMs that don't have an external IP address communicate with supported services. For more information, see Private access options for services (/vpc/docs/private-access-options). Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 40 License (https://creativecommons.org/licenses/by/4.0/), and coce sarrples are licensed under the Apache 2.0 License (https://www.apache.org/licenses/LICENSE-2.0). For details, see the Google Developers Site Policies (https://developers.google.com/site-policies), Java is a registered trademark cf Oracle and/or its affiliates, Last updated 2025-04-17 UTC. hitpsifcloud.googte.comivpeidocsioverview