Defining a Virtual Private Cloud
In this topic you will explore what a virtual private cloud is a virtual private cloud networks or VPC are used to build private networks on top of the larger Google network. With VPC’s you can apply many of the same security and access control rules as if you were building a physical network. VPC’s allow the deployment of infrastructure-as-a-service resources such as compute instances and containers. They have no IP address ranges are global and span all available gcp regions, VPC’s also contains some networks that span all zones in a region and can have default, order or custome MODES. Sub-networks are also referred to as phablets subnets are regional resources they must be created in the VPC networks to define sense of usable IP ranges for instances. VMs in different zones within the same region can share the same subnet in this example subnet is defined as 10.2 40.00/24 in the US West region two VM instances in the US west 1A zone are in the subnet their IP addresses both come from the available range of addresses in subnet one. Subnet 2 is defined as 192 dot 168 dot 1 dot 0/24 in the US east one region. Two VM instances in the u.s. A ZONE 180 are in the submit. Their IP addresses both come from the available range of addresses in subnet 2. Subnet 3 is defined as tender 2.0.0/16 also in the US east one region. One VM instance in the US East 1A zone and a second instance in the US east B zone are in subnet 3 each receiving and IP address from its available range because subnets are regional resources instances can have their network interfaces associated with any subnet in the same region that contains their zones. A single VPN can be used to give PRIVATE connectivity from physical data centre to the vpc Subnets are defied by an internal IP address prefix range and are specified as cider notations cider stands for class list interdomain routing IP ranges cannot overlap between subnets, they can be expanded but can never shrink while IP ranges are specific to one region they can cross zones within the region. You can also create multiple subnets in a single region, all those subnets don’t need to conform to a hierarchical IP scheme the internal IP ranges for a subnet must conform to RSC 1918. Virtual machines that are in different REGIONS but in the same VPC can communicate privately. VM1 and VM2 CAN communicate at a local level even though they’re separated geographically. Virtual machines spectracide in different VPC’s even THOUGH the subnets are in the same region need to communicate via the internet in this instance VM three and VM 4 will need public IP addresses to traverse the internet. Networks don't communicate with any other networks by default. GCP offers two types of VPC NETWORKS determined by their subnet creation mode. When an auto mode network is created one subnet from each region is automatically, created within, as new gcp regions become available new subjects in those regions are automatically added to the auto mode networks the automatically created subnets uses a set of predefined IP ranges and default firewall rules are applied. In addition to the automatically created SUBNETS that you can add more subnets manually to order more networks in regions you choose using IP ranges outside set of predefined IP ranges. When expanding the IP range in an auto range network the broadest prefix you can use is slash 16 any prefix broader than 16 would conflict with the primary IP ranges of other automatically created subnets. Due to its limited flexibility an auto mode network is better suited to isolated use cases such as proof of concept, testing and so on. But if custom mode network is created no subnets are automatically created. This type of network provides you with complete control over its subnets and IP ranges. You decide which subnet to create in regions you choose and using IP ranges you specify. You also define the firewall rules and you can expand the IP ranges to rfc 1918 size. Custom mode networks are therefor a lot more flexible and are better suited to production and environments while are you can switch network from auto mode to custom mode this conversion is one way. Custom mode networks can not be changed to auto mode networks.