Network Flashcards

1
Q

What are the 3 different types of networks that makeup Google’s network infrastructure?

A
  1. Data Center Network
  2. Private WAN
  3. Public WAN

The Data Center Network connects all machines in that network together. The Private WAN connects all Data Centers together. The Public WAN connects the user to the Private WAN. It is important to recognize that Google’s edge servers terminate TCP/SSL connections before entering the Private WAN toeliminate the 2 network round trips needed to establish an HTTPS connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a VPC Network?

A

A VPC Network is a private, virtual, global WAN composed of private, virtual, regional subnetworks.

Its purpose is to provide a way to connect your internal project resources. An example of an internal resource is a Compute Engine instance. Keep in mind, there are resources that do not need to use your VPC Network, an example is a Cloud Run instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Is a default VPC Network created whenever you create a project?

A

Yes. This default VPC Network has “auto” regional subnets enabled, essentially creating a subnet in each region with predefined IP address ranges. In addition, the default VPC Network has 4 firewall rules (not associated with the 2 implicit firewall rules) that streamlines the out of the box experience. These firewall rules are fully configurable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Does Google recommend using a default VPC Network in production?

A

No. Google recommends using a custom VPC Network in production.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Does a VPC Network have its own firewall or must you provision one yourself?

A

A VPC Network has its own firewall. In fact, every VPC Network has 2 implicit firewall rules that are not visible: 1) Deny all ingress. 2) Allow all egress. However, these 2 implicit firewall rules are given the lowest priority possible (65535), and can be overridden by defining firewall rules with a higher priority (lower number than 65535).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the difference between VPC Network Peering and Shared VPC?

A

VPC Network Peering is used to connect 2 different VPC Networks together, whether in the same or different projects. Shared VPC is used to allow a host project to share its VPC Network with other projects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Could 2 different projects each having their own default VPC Network connect to each other by using VPC Network Peering?

A

No. This is because each default VPC Network creates regional subnets with the same predefined IP address ranges, causing a conflict when attempting to connect to each other’s networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Cloud Interconnect?

A

Cloud Interconnect is a service used to create a physical connection between a VPC Network to other external networks, such as on-prem or other cloud providers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

According to Google, 98% of internet traffic travels through fiber optic cables. In fact, Google has built subsea cables that span across continents.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is latency?

A

Latency is the amount of time it takes for a data packet to travel across a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the purpose of a load balancer?

A

To distribute traffic to multiple application instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the main purpose of DNS?

A

To translate hostnames into IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Cloud Load Balancing and what are its 2 main features?

A

Cloud Load Balancing is a managed service that manages incoming traffic for your applications.

  1. Supports either external or internal load balancing
  2. Supports global or single region load balancing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Cloud DNS?

A

Cloud DNS is a service that publishes your domain names so that they area available to users (internal or external)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are transient network errors?

A

Transient network errors are temporary errors that normally resolve themselves. For example, a temporary loss of network connectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 2 patterns that can be used to handle transient and long-lasting network errors?

A
  1. Retry pattern
  2. Circuit Breaker pattern

The retry pattern can be used for transient network erros. The circuit breaker pattern can be used for long-lasting network errors.

17
Q

What is exponential backoff?

A

Exponential backoff is a retry implementation where retry requests are made after transient network errors while increasing delays between those requests. Many client libraries support this type of implementation.

18
Q

At a high level, how does a circuit breaker work?

A

An application starts off with a closed circuit, implying the application will process incoming requests. If a predefined number of errors occur within a certain span of time, the circuit is placed into an open state. This means incoming requests will fail immediately to prevent wasting CPU resources and a timer is started. Once the timer is up, the circuit is placed in a half-open state, allowing a small number of requests to pass through. If all the requests succeed, the circuit is placed into a closed state. If a single request fails, the circuit is placed into an open state.

19
Q

Do client libraries implement retries automatically?

A

Yes

20
Q

What is GFE?

A

GFE is a service that runs at each PoP in Google’s network. This service is what supports the implementation of external load balancers, Cloud CDN, Cloud DNS, and Cloud Armor.

21
Q

What 4 primary services does GFE implement?

A
  1. Cloud Load Balancing
  2. Cloud CDN
  3. Cloud DNS
  4. Cloud Armor
22
Q

What is a Point of Presence?

A

A Point of Presence is a location where Google connects to the internet. Google has over 100 PoPs.

23
Q

Can a single project have multiple VPC Networks?

A

Yes

24
Q

Is a VPC Network a global or regional resource?

A

A VPC Network is a global resource. A Subnet is a regional resource.

25
Q

Both hierarchical firewall policies and VPC firewall rules apply to packets sent to and from VM instances (and resources that depend on VMs, such as Google Kubernetes Engine nodes). Both types of firewalls control traffic even if it is between VMs in the same VPC network.

Hierarchical firewall policies let you create and enforce a consistent firewall policy across your organization. You can assign hierarchical firewall policies to the organization as a whole or to individual folders. These policies contain rules that can explicitly deny or allow connections, as do Virtual Private Cloud (VPC) firewall rules.

After you create a network, create firewall rules to allow or deny traffic between resources in the network, such as communication between VM instances. You also use firewall rules to control what traffic leaves or enters the VPC network to or from the internet.

A
26
Q

Is it possible to create multiple subnets in the same region?

A

Yes