Module 2 - Cloud Infra

Question 1

What are the 4 areas of Cloud Infrastructure?

Answer 1

1. Foundation
2. Core Services
3. Scaling and Automation
4. Container and Services

Question 2

What is under Cloud Infrastructure - Foundation?

Answer 2

1. Intro to GCP
2. VPC Networking
3. VMs

Question 3

What falls under Infrastructure - Core Services?

Answer 3

1. Cloud IAM
2. Data Storage Services
3. Resource Management
4. Resource Monitoring

Question 4

What falls under Cloud Infra - Scaling and Automation?

Answer 4

1. Interconnected Networks
2. Load Balancing
3. Autoscaling
4. Infra automation with Cloud API
5. Infra Automation with Deployment Manager
6. Managed Services

Question 5

What comes under Cloud Infrastructure - Container and Srvices?

Answer 5

1. Application Infrastructure Services
2. Application Development Services
3. Containers

Question 6

Is there usually more than one solution fo a task or application in GCP?

Answer 6

YES

Question 7

What are 2 common tools allow you to interact with GCP?

Answer 7

1. Cloud Console which is a web based, GUI that you access through console.cloud.google.com
2. Google Cloud SDK which is a command-line interface that can be installed locally or accessed through Cloud Shell.

Question 8

What is the difference between Cloud Console and Cloud Shell?

Answer 8

Cloud shell is a command line tool, Cloud Console is a GUI

Question 9

How would you define GCP’s networking?

Answer 9

GCP uses software defined network that is built on a global fiber infrastructure that makes GCP one of the largest and fastest.

Question 10

How should one think about resources in GCP?

Answer 10

Thinking resources as services as opposed to hardware - will help with options available and their behavior

Question 11

What are VPCs objects?

Answer 11

1. Projects
2. Networks
   
   1. Default, auto mode, custom
3. Subnetworks
4. Regions
5. Zones
6. IP Addresses
   
   1. Internal, external, range
7. VMs
8. Routes
9. Firewall rules

Question 12

What can you do with a VPC?

Answer 12

With Google Cloud Platform VPC, you can provision your GCP resources, connect them to each other and isolate them from one another in a virtual private cloud

Question 13

How would you describe a VPC?

Answer 13

Essentially, VPC is a comprehensive set of Google managed networking objects

Question 14

What are different modes of networks in VPC?

Answer 14

Default

Auto

Custom

Question 15

What do sub-networks help accomplish?

Answer 15

Sub-networks let you divide and segregate your resources.

Question 16

What is the key organizer of the infrastructure resources?

Answer 16

Project

Question 17

What is a key role played by the project?

Answer 17

A project associates objects and services with Billing

Question 18

How many networks(VPCs) can a project have?

Answer 18

Five

Question 19

How would you describe a VPC?

Answer 19

A VPC network is somply a construct of all of the individial IP addresses, or services that are within that network

Question 20

What are some features of a network?

Answer 20

1. No IP address range
2. Is global and spans all available regions
3. Contains sub-networks
4. Can be of type default, auto or custom

Question 21

What is one feature of auto network?

Answer 21

Auto networks can be promoted to custom, but once custom they stay custom.

Question 22

How do things get isolated using networks(VPC)

Answer 22

Question 23

How do sub-networks cross zones?

Answer 23

• Subnetworks can extend across zones in the same region
• One VM and an alternate VM can be on the same subnet but in different zones
• A single firewall rule can apply to both VMs even though they are in different zones

Question 24

What are subnetworks mostly designed for?

Answer 24

Subnetworks are for managing resources.

• Networks have no IP range, so subnetworks don’t need to fit into an address hierarchy
• Instead, subnetworks can be used to groop and manage resources.
• They can represent departments, business dunctions or systems

Question 25

What kind of IPs can a VM get?

Answer 25

Internal

External

Question 26

How are the internal IP assigned to a VM?

Answer 26

An internal IP is allocated from a subnet range to VMs by DHCP

Question 27

How often do the DHCP lease renews?

Answer 27

Every 24 hours

Question 28

How does the network scoped DNS find the VMs?

Answer 28

VM name & IP are registered with network scoped DNS

• We do in local host files(?)

Question 29

How are the external IPs assigned to a VM?

Answer 29

Assigned from a pool. Ephemeral

Question 30

How can I get the external IP of the VM?

Answer 30

VMs don’t know the external IP. It’s mapped to an internal IP

The mapping is done by VPC

Question 31

How does DNS resolution for internal addresses work?

Answer 31

Each instance has a hostname that can be resolved to an internal IP address:

• The hostname is same as the instance name
• FQDN is [hostname].c.[project-id[.internal.

Example: guestbook-test.c.guesbook-151617.inernal

Question 32

What do hostnames resolve to?

Answer 32

Hostnames resolve to Internal IPs

Question 33

Hostname is same as….

Answer 33

Instance name

Question 34

What is the FQDN of a hostname of a VM?

Answer 34

[hostname].c.[project-id].internal

Question 35

How is the name resolution handled for a VM?

Answer 35

By an internal DNS resolver

• which is configured on instance via DHCP
• as address - 169.254.169.254

Question 36

What is a meta DNS server for a VM?

Answer 36

Each instance has a meta DNS server that acts as a DNS resolver for that instance

• The meta data server handles all DNS queries for local network resources and routes all other queries to Google’s public DNS servers for public name resolution

Question 37

Think on this one…

Answer 37

DNS name always points to a specific instance no matter what the internal IP is.

Question 38

How is DNS for external addresses managed?

Answer 38

Question 39

What are range of IP addresses for VMs?

Answer 39

You can assign a range of IP addresses as aliases to a VM’s primary network interface using alias IP ranges

-

Question 40

What are default routes in a network?

Answer 40

• Every network has a default route - which indicates how the VMs talk to each other in the network
• By default, every network has routes that let instances in the network send traffic directly to each other even across subnetworks
• Every network has default route that directs packets to destinations that are outside network

Question 41

Default networks and firewall rules

Answer 41

The default network has preconfigured firewall rules that allow all instances in the network talk with each other.

• Manually created networks don’t have such rules

Question 42

When are routes created?

Answer 42

• A route is created when a network is created, enabling traffic delivery from anywhere. (Confirm this is only true for auto/default networks)
• A route is created when a subnet is created- this is what enabled VMs on the same subnet to communicate internally

Question 43

What do VM’s routing tables do?

Answer 43

• Destination in CIDR notation
• Applies to traffic egressing a VM
• Forwards traffic to most specific route
• Traffic is delivered only if it also matches a firewall rule
• Created when a subnet is created
• Enabled VMs on the same subnet to communicate

Question 44

Picture of hybrid cloud

Answer 44

Question 45

What do firewall rules provide?

Answer 45

• Firewall rules protect your VM instances from unapproved connections
• Every VPC network also functions as distributed firewall
• Firewall rules are applied to the network as a whole
• Connections are allowed or denied at the instance level

Question 46

Features of firewalls

Answer 46

• GCP firewall rules protect your virtual machine instances from unapproved connections, both inbound and outbound known as ingress and egress respectively
• While firewall rules are applied to the network as a whole, connections are allowed or denied at the instance level
• You can think of the firewall as existing not only between your instances and other networks, but between individual instances within the same network
• Also, if for some reason all firewall rules in a network are deleted, there’s still an implied deny all ingress rule, and an implied allow all egress rule for the network.

Question 47

What are the parameters of a firewall rule?

Answer 47

1. direction
2. source/destination
3. protocol and port
4. action
5. priority

Question 48

What does the -direction- parameter of the firewall rule do?

Answer 48

Inbound connections are are matched against ingress rules only

Outbound connections are matched against egress rules only

Question 49

What do source or destination parameters of firewall rules do?

Answer 49

For the ingress direction, sources can be specified as part of the rule with IP addresses, source tags or a source service account.

For the egress direction, destinations can be specified as part of the rule with one or more ranges of IP addresses.

Question 50

What are protocol and port parameters of the firewall rule used for

Answer 50

Any rule can be restricted to apply to specific protocols only or specific combinations of protocols and ports only

Question 51

What does priority firewall parameter do?

Answer 51

Governs the order in which rules are evaluated: the first matching rule is applied

Question 52

How are firewall rules assigned?

Answer 52

All rules are assigned to all instances, but you can assign certain rules to certain instances only.

Question 53

What should you consider with Networks?

Answer 53

• VPC througput and routrip latency between VMs varies with location
• READ docs
• VPCs are evolving - anything BETA has no SLA

Question 54

How to delete network and subnetworks?

Answer 54

1. Delete VMs
2. Delete firewall rules
3. Auto mode Network
   
   1. Delete Network
4. Custom mode network
   
   1. Delete subnetworks
   2. Delete Network

Question 55

What resources can youn assign IP addresses to?

Answer 55

You can assign internal & external IPs to VM instances

You can assign internal and external IPs to a forwarding rule for internal/external load balancing.

Question 56

How many IPs can a VM have?

Answer 56

Each VM can have one primary internal IP, one or more secondary IP addresses, and one external IP address

Question 57

How do instances communicate between each other in a VPC?

Answer 57

To communicate between instances on the same VPC network, you can use an instance’s internal IP addresses.

Question 58

How do you connect to a VM inside a VPC if you are not part of VPC?

Answer 58

Similarly you must use instance’s external IP address to connect to instances outside of VPC network, unless the networks are connected in some way like VPN

Question 59

What’s the lifetime of an internal & external IP addresses?

Answer 59

Both external and internal primary IP addresses can be either ephemeral or static.

Question 60

When do we need a forwarding rule?

Answer 60

A forwarding rule is required for Network, global, and internal load balancing

Question 61

What is the link between a forwarding rule and a load balancer?

Answer 61

A forwarding rule must have an external or internal IP address, depending on the load balancer you are using

Question 62

What kinds of forwarding rules can we create for Network and Global load balancing?

Answer 62

For Network and Global load balacing - you can create a regional or global forwarding rule and allocate a regional or global static IP address

Question 63

What kind of IP can we assign to internal load balancing?

Answer 63

Use internal IP address

Question 64

Why do you need to assign an external IP address to an instance or a forwarding rule?

Answer 64

If you need:

• to communicate with the internet
• with resources in another network
• or need to communicate resource outside of compute engine

Question 65

If we assign a external IP does it mean that we can access it from anywhere?

Answer 65

Sources from outside GCP VPC network can address a specific resource by the external IP address, as long as firewall rules allow the connection.

Question 66

What are 2 kinds of external IP addresses does Compute Engine support?

Answer 66

• Static external IP
• Ephemeral external IP

Question 67

What is the lifetime of Static External IPs?

Answer 67

Static external IP addresses are assigned to a project long term until they are explicitly released, and remain attached to a resource (VM/FR) until they are explicitly detached.

Question 68

What is the lifetime of Static IP addresses on a VM?

Answer 68

For VM instances, static external IP addresses remain attached to stopped instances until they are removed.

Question 69

What are two ways to get Static External IPs?

Answer 69

You can reserve a new static external IP address or promote an existing ephemeral external IPaddress to static external IP.

Question 70

What kind of resources (scope wise) static external IPs can be assigned to?

Answer 70

Static external IP address can be either a regional or global resources.

Question 71

Whats so special about regional static external IP?

Answer 71

A regional static external IP allows resources of that region or resources of zones within that region to use the IP address.

In this case, VM instances and regional forwarding rules can use a regional static IP address.

I think this means - these other regional resources can reach this public IP using google infra rather than going out to internet.

Question 72

What is special about Global Static external IPs?

Answer 72

Global static external IP addresses are available ONLY to global forwarding rules, use for global load balacing

You cannot assign Global IP address to a regional or zonal resource.

Question 73

To what resources does ephemeral external IP addresses available?

Answer 73

Ephemeral external IP addresses are available to VM instances and forwarding rules.

Question 74

What’s the life of ephemeral exernal IP on a VM?

Answer 74

Ephemeral external IP addresses remain attached to a VM instance only until the VM is stopped and restarted or the instance is terminated

Question 75

When the VM is stopped what happens to the ephemeral external IP?

Answer 75

If an instance is stopped, any ephemeral external IP addresses assigned to the instance are released back into the general Compute Engine pool and become available for use by other projects.

When a stopped instance is started again, a new ephemeral external IP address is assigned to the instance.

Question 76

What the fuck is Ephemeral external IP address?

Answer 76

An ephemeral external IP address is an IP address that does not persist beyond the life of the resource.

Question 77

When do the ephemeral external IP address get assigned?

Answer 77

When you create an instance or forwarding rule without specifying an IP address, the resource is automatically assigned an ephemeral external IP address.

Question 78

Do I have to assign a IP for forwarding rule?

Answer 78

Forwarding rules always have an IP address, whether external or internal, so you should not need to assign an IP address to a forwarding rule after it is created.

Question 79

How many primary internal IP addresses can a VM have?

Answer 79

Every VM instance can have one primary internal IP address that is unique to the VPC network

Question 80

When can you assign a IP to a VM?

Answer 80

You can assign a specific internal IP address when you create a VM instance or you can reserve a static internal IP address for your project and assign that address to your resources.

Question 81

What happens when you don’t assign a IP to a VM?

Answer 81

If you do not specify an address, Compute Engine assigns one (primary internal IP) automatically.

Question 82

Where does the primary internal IP get picked from for a VM?

Answer 82

In either case, the address must belong to the IP range of the subnet.

• If your network is an auto mode VPC network , the address comes from the region’s subnet.
• If your network is a , you must specify which subnet the IP address will come from.
• If your network is a , the IP address is assigned from the network’s global internal IP range.

Question 83

What is the visibility of primary internal IP?

Answer 83

The internal IP address is only accessible from other instances within the same network or from a network that is linked, such as via VPN

You can address packets to a VM instance using an internal IP address of the instance.

Question 84

What happens when you creare a auto mode VPC?

Answer 84

Default network automatically creates 18 subners for each resions and also add routes - One for each subnet and one default internet gateway.

Question 85

What happens to firewall rules in auto mode VPC creation?

Answer 85

In auto VPC - a bunch of firewall rules are offered and we can pick

Question 86

What happens when you create a custom VPC?

Answer 86

Automatic routes are created when you create a VPC in custom mode

• No default firewall rules are created in custom mode VPC

Question 87

What fiewall rules get created in default & custom VPC?

Answer 87

GCP created automatic firewall rules

• icmp
• ssh - 22
• rdp - 3389
• all allow internal

Question 88

How are all the network & projects work together?

Answer 88

Projects

Networks

Subnetworks

Regions

Zones

Question 89

What is a Availability network design?

Answer 89

Question 90

What is Globalization Network design?

Answer 90

Question 91

What is cross project network peering netwrok design pattern?

Answer 91

Question 92

What is a Management Separation network design pattern?

Answer 92

Question 93

What is bastion host isolation?

Answer 93

Instance used as “jump host”

• External connections via SSH, used to connect to internal instances

Question 94

NAT gateway host isolation?

Answer 94

Question 95

What is the key distinguishing feature of networking in GCP?

Answer 95

Network topology is not dependent on address layout.

Question 96

What are the three kinds of networks offerered in GCP

Answer 96

• Default, auto network and custom network

Question 97

What is one benefit of applying firewall rules by tag rather than by address?

Answer 97

When a VM is created with a matching tag, the firewall rules apply irrespective of the IP address it is assigned.

Question 98

What does a VM consist of?

Answer 98

• Virtual CPU
• Memory
• Disk Storage
• IP address

Question 99

What does a VM in GCP can do more than a regular VM?

Answer 99

VMs can do something more:

• a micro VM uses a CPU that it shares with other virtual machines enabling you to get a VM with less capacity at a lower cost.
• some VMs offer burst capability, meaning that the virtual CPU would run above it’s rated capacity for a brief period using the available shared physical CPU.

Question 100

GCP compute and processing options

Answer 100

Question 101

What is the primary work case for compute engine?

Answer 101

The primary work case for compute engine is general workload especially enterprise applications to run on server infrastructure

• Compute engine is Infrastructure as Service