VPC (Virtual Private Cloud) Network
A VPC interconnects GCP Resources between them and to the internet. The way to start is to define a VPC at your first GCP Project or to choose a default VPC
It allows for
- segment networks
- use firewall rules to
- restrict instances access
- create static routes to forward traffic to specific destinations
The VPC Networks that you define have global scope. The subnets have regional scope.
VPC Subnets
A network can have VMs in subnets in different zones or any GCP Region worldwide.
Subnets can span the zones that make up a region (regional scope). It is also possible to have resources in different zones on the same subnet.
VPCs belong to GCP Projects.
This architecture makes it easy to define your own network layout with a global scope and it is beneficial because it incorporates fault tolerance without complicating your network topology.
You can dinamically increase the size of a subnet into a custom network by expanding the range of IPs. This does not affect already configured VMs
Compute Engine
It lets you create and run VM on Google Infrastructure
No upfront investment. Can run thousands of VMs in a system designed to be fast and offers consistent performance. The VM can run Linux and Windows Server images provided by google or custom imported images.
When you create it you choose the CPUs, RAM and optionally the GPUs. You can choose persistent HDD or SSD. SSD does not save the information when the VM terminates (HDD does).
It is possible to set a startup script or metadata, to take snapshots as backup or to migrate a VM.
Preemptible instances
If you have a job you don’t need to wait for it to finish, you can save a lot of money by choosing preemptible instances.
They are different in one respect. You give permission for them to terminate if their resources are needed elsewhere. Just be sure to set the job so its able to stop and restart. There are a set of predefined types.
Autoscaling lets you add or restart VMs. It includes load balancing.
Important VPC capabilities
VPCs have routing tables used to route traffic from one instance to another in the same network or even across subnetworks and GCP Zones without an external IP. This routing tables are built-in.
Firewall
VPCs give you a global distributed firewall for blocking oncoming and outgoing traffic. You can define firewall rules in terms of metadata tags on Compute Engine instances.
Example: Tag all web services with a “web” tag and set a rule to allow ports 80 and 443.
VPC Peering
Use VPC Peering to interconnect networks in GCP Projects. It allows for different VPCs to exchange traffic.
Shared VPCs
Use Shared VPCs to share a network or individual subnets with other GCP projects. It allows IAM to control exactly who can do what from one project to another.
VPC Peering vs Shared VPCs?
(todo: investigate this)
Cloud load balancing
It allows for customers to use your app when it may have 4 instances in one moment an 40 VM instances the next.
Auto scale and auto manage. With one single IP frontend manages all your backends around the world. It provides cross-region load balancing including automatic multi-region failover. This moves traffic in fractions if backends become unhealthy.
You can put cloud load balancing in front of all your traffic. (HTTP(S), TCP, SSL & UDP)
Load balancing options
- For cross regional load balancing for a web application use HTTPS Load balancing.
- For SSL traffic that’s not HTTPS use Global SSL Proxy load balancer.
- For TCP traffic without SSL use global TCP proxy load balancer.
This 3 only work for specific port numbers and only for TCP ports.
- For UDP traffic OR any port number use regional load balancer.
All this are for incomming traffic into the google network from the internet. To load balance traffic inside your project use the internal load balancer. It accepts traffic between VMs.
Cloud DNS
Is a managed DNS Service for host names and addresses of applications you build in GCP. It has low latency and high availability. It is a cost effective way to make applications and services available to users. It is served from redundant locations around the world. It is also programmable.
CDN (Content Delivery Network)
It is a globally distributed caching system. It reduces load, latency and saves money. With HTTPS load balancing. It is enabled simply with a checkbox.
Direct Peering
It is possible to avoid publishing an App to the internet for security or for more reliable bandwith. It puts a router in the same public data center as a Google point of presence and exchange traffic. It has disadvantages as worse uptime values. This is solved through Dedicated Interconnect.