Google Cloud Virtual Private Cloud (VPC) provides networking functionality to Compute Engine virtual machine (VM) instances, Kubernetes Engine containers and App Engine Flex. In other words, without a VPC network you cannot create VM instances, containers or App Engine applications. Therefore, each Google Cloud project has a default network to get you started.
You can think of a VPC network the same way you would think of a physical network, except that it is virtualized within Google Cloud. A VPC network is a global resource which consists of a list of regional virtual subnetworks (subnets) in data centers, all connected by a global wide area network (WAN). VPC networks are logically isolated from each other in Google Cloud.
In this lab, you create an auto mode VPC network with firewall rules and two VM instances. Then, you explore the connectivity for the VM instances.
Explore the default VPC network
Create an auto mode network with firewall rules
Create VM instances using Compute Engine
Explore the connectivity for VM instances
us-east1 10.140.0.0/20
us-west4 10.182.0.0/20
gcloud compute networks create mynetwork --project=qwiklabs-gcp-02-79d324f07fe7 --subnet-mode=auto --mtu=1460 --bgp-routing-mode=regional
&& gcloud compute firewall-rules create mynetwork-allow-custom --project=qwiklabs-gcp-02-79d324f07fe7 --network=projects/qwiklabs-gcp-02-79d324f07fe7/global/networks/mynetwork --description=Allows\ connection\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ custom\ protocols. --direction=INGRESS --priority=65534 --source-ranges=10.128.0.0/9 --action=ALLOW --rules=all
&& gcloud compute firewall-rules create mynetwork-allow-icmp --project=qwiklabs-gcp-02-79d324f07fe7 --network=projects/qwiklabs-gcp-02-79d324f07fe7/global/networks/mynetwork --description=Allows\ ICMP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=icmp
&& gcloud compute firewall-rules create mynetwork-allow-rdp --project=qwiklabs-gcp-02-79d324f07fe7 --network=projects/qwiklabs-gcp-02-79d324f07fe7/global/networks/mynetwork --description=Allows\ RDP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ port\ 3389. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=tcp:3389
&& gcloud compute firewall-rules create mynetwork-allow-ssh --project=qwiklabs-gcp-02-79d324f07fe7 --network=projects/qwiklabs-gcp-02-79d324f07fe7/global/networks/mynetwork --description=Allows\ TCP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ port\ 22. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=tcp:22
In this lab, you explored the default network along with its subnets, routes, and firewall rules. You deleted the default network and determined that you cannot create any VM instances without a VPC network. Thus, you created a new auto mode VPC network with subnets, routes, firewall rules and two VM instances. Then, you tested the connectivity for the VM instances and explored the effects of the firewall rules on connectivity.
No comments:
Post a Comment