A virtual private cloud (VPC) network is a global resource which consists of a list of regional subnetworks (subnets) in data centes, all connected by a global wide network (WAN).
VPC networks are isolated from each other. They provide functionality to Compute Engine VMs, GKE and App Engine.
Each GCP Project has a default network config. which provides each region with an auto subnet network.
Create a network
You can choose to create a VPC network with auto mode or custom mode
You can create up to 4 addition networks in a project. Each of them must have a unique name inside the project.
# creates a network called labnet
gcloud compute networks create labnet --subnet-mode=custom
Create a subnetwork
When you create a subnetwork, it’s name must be unique in that project for that region, even across networks. The same name can appear twice in a project as long as each one is in a different region.
Each subnet must have a primary range, which must be unique within the same region in a project.
# creates a subnetwork called labnet-sub
# set to the previously created network labnet
gcloud compute networks subnets create labnet-sub \
--network labnet \
--region us-central1 \
--range 10.0.0.0/28
List networks
# lists networks
gcloud compute networks list
# lists subnetworks
gcloud compute networks subnets list
# describes the internals of <network-name>
gcloud compute networks describe <network-name>
Create firewall rules
auto networks include default rules, custom networks do not include any firewall rule.
Firewall rules are defined at the network level and only apply to the network where they’re created. The name must be unique for the project.
To allow access to VM instances you must apply firewall rules.
# cerate a firewall rule called 'labnet-allow-internal'
# put the rule in labnet network
# allows icmp and tcp for port 22
# specifies the range of source IP addresses
gcloud compute firewall-rules create labnet-allow-internal \
--network=labnet \
--action=ALLOW \
--rules=icmp,tcp:22 \
--source-ranges=0.0.0.0/0
List firewall rules
# list firewall rules
gcloud compute firewall-rules list
# describes the inners of a firewall rule
gcloud compute firewall-rules describe <firewall-rule-name>
Create and list a VM
Exercise: Create 2 VMs, put them into different networks, one allowing and other denying port 22 and try to ping them both from Cloud Shell.
# create a VM
gcloud compute instances create pnet-vm \
--zone=us-central1-c \
--machine-type=n1-standard-1 \
--subnet=private-sub
# list VMs
gcloud compute instances list