Network

Question 1

What are the 3 different types of networks that makeup Google’s network infrastructure?

Answer 1

1. Data Center Network
2. Private WAN
3. Public WAN

The Data Center Network connects all machines in that network together. The Private WAN connects all Data Centers together. The Public WAN connects the user to the Private WAN. It is important to recognize that Google’s edge servers terminate TCP/SSL connections before entering the Private WAN toeliminate the 2 network round trips needed to establish an HTTPS connection

Question 2

What is a VPC Network?

Answer 2

A VPC Network is a private, virtual, global WAN composed of private, virtual, regional subnetworks.

Its purpose is to provide a way to connect your internal project resources. An example of an internal resource is a Compute Engine instance. Keep in mind, there are resources that do not need to use your VPC Network, an example is a Cloud Run instance.

Question 3

Is a default VPC Network created whenever you create a project?

Answer 3

Yes. This default VPC Network has “auto” regional subnets enabled, essentially creating a subnet in each region with predefined IP address ranges. In addition, the default VPC Network has 4 firewall rules (not associated with the 2 implicit firewall rules) that streamlines the out of the box experience. These firewall rules are fully configurable.

Question 4

Does Google recommend using a default VPC Network in production?

Answer 4

No. Google recommends using a custom VPC Network in production.

Question 5

Does a VPC Network have its own firewall or must you provision one yourself?

Answer 5

A VPC Network has its own firewall. In fact, every VPC Network has 2 implicit firewall rules that are not visible: 1) Deny all ingress. 2) Allow all egress. However, these 2 implicit firewall rules are given the lowest priority possible (65535), and can be overridden by defining firewall rules with a higher priority (lower number than 65535).

Question 6

What is the difference between VPC Network Peering and Shared VPC?

Answer 6

VPC Network Peering is used to connect 2 different VPC Networks together, whether in the same or different projects. Shared VPC is used to allow a host project to share its VPC Network with other projects.

Question 7

Could 2 different projects each having their own default VPC Network connect to each other by using VPC Network Peering?

Answer 7

No. This is because each default VPC Network creates regional subnets with the same predefined IP address ranges, causing a conflict when attempting to connect to each other’s networks.

Question 8

What is Cloud Interconnect?

Answer 8

Cloud Interconnect is a service used to create a physical connection between a VPC Network to other external networks, such as on-prem or other cloud providers.

Question 9

According to Google, 98% of internet traffic travels through fiber optic cables. In fact, Google has built subsea cables that span across continents.

Question 10

What is latency?

Answer 10

Latency is the amount of time it takes for a data packet to travel across a network

Question 11

What is the purpose of a load balancer?

Answer 11

To distribute traffic to multiple application instances

Question 12

What is the main purpose of DNS?

Answer 12

To translate hostnames into IP addresses

Question 13

What is Cloud Load Balancing and what are its 2 main features?

Answer 13

Cloud Load Balancing is a managed service that manages incoming traffic for your applications.

1. Supports either external or internal load balancing
2. Supports global or single region load balancing

Question 14

What is Cloud DNS?

Answer 14

Cloud DNS is a service that publishes your domain names so that they area available to users (internal or external)

Question 15

What are transient network errors?

Answer 15

Transient network errors are temporary errors that normally resolve themselves. For example, a temporary loss of network connectivity.

Question 16

What are the 2 patterns that can be used to handle transient and long-lasting network errors?

Answer 16

1. Retry pattern
2. Circuit Breaker pattern

The retry pattern can be used for transient network erros. The circuit breaker pattern can be used for long-lasting network errors.

Question 17

What is exponential backoff?

Answer 17

Exponential backoff is a retry implementation where retry requests are made after transient network errors while increasing delays between those requests. Many client libraries support this type of implementation.

Question 18

At a high level, how does a circuit breaker work?

Answer 18

An application starts off with a closed circuit, implying the application will process incoming requests. If a predefined number of errors occur within a certain span of time, the circuit is placed into an open state. This means incoming requests will fail immediately to prevent wasting CPU resources and a timer is started. Once the timer is up, the circuit is placed in a half-open state, allowing a small number of requests to pass through. If all the requests succeed, the circuit is placed into a closed state. If a single request fails, the circuit is placed into an open state.

Question 19

Do client libraries implement retries automatically?

Answer 19

Yes

Question 20

What is GFE?

Answer 20

GFE is a service that runs at each PoP in Google’s network. This service is what supports the implementation of external load balancers, Cloud CDN, Cloud DNS, and Cloud Armor.

Question 21

What 4 primary services does GFE implement?

Answer 21

1. Cloud Load Balancing
2. Cloud CDN
3. Cloud DNS
4. Cloud Armor

Question 22

What is a Point of Presence?

Answer 22

A Point of Presence is a location where Google connects to the internet. Google has over 100 PoPs.

Question 23

Can a single project have multiple VPC Networks?

Answer 23

Yes

Question 24

Is a VPC Network a global or regional resource?

Answer 24

A VPC Network is a global resource. A Subnet is a regional resource.

Question 25

Both hierarchical firewall policies and VPC firewall rules apply to packets sent to and from VM instances (and resources that depend on VMs, such as Google Kubernetes Engine nodes). Both types of firewalls control traffic even if it is between VMs in the same VPC network.

Hierarchical firewall policies let you create and enforce a consistent firewall policy across your organization. You can assign hierarchical firewall policies to the organization as a whole or to individual folders. These policies contain rules that can explicitly deny or allow connections, as do Virtual Private Cloud (VPC) firewall rules.

After you create a network, create firewall rules to allow or deny traffic between resources in the network, such as communication between VM instances. You also use firewall rules to control what traffic leaves or enters the VPC network to or from the internet.

Question 26

Is it possible to create multiple subnets in the same region?

Answer 26

Yes