Networking Flashcards
Google Front End
Reverse proxy that protects backend Google services.
Authenticates, assures integrity, and encrypts traffic.
Once traffic passed to GFE, under purview of GCP.
What are the two network service tiers GC offers?
Premium - cold potato routing
Standard - hot potato routing
What is meant by cold potato routing?
GC will hold on to traffic within Google network for as long as possible before passing to public internet.
GC will hand off to edge POP closest to user.
Google Front End (GFE)
Reverse proxy that protects backend Google services
Default route
System-generated route that defines path for traffic that needs to leave VPC
Subnet
Logical subdivision of RFC 1918 IP space
Are VPCs and subnets global or regional resources?
VPCs are global
Subnets are regional
What’s the difference between an auto mode VPC network and custom mode VPC network?
Auto mode - default network created when you create a project. Each region automatically gets a /20 subnet.
Custom mode - does not come with any subnets or IP ranges so admin has full control to define.
What’s the difference between regions and zones?
Region is collection of zones.
Zone is isolated location within a region, typically a single data center.
What’s a useful application of network tags?
Strings that are used by FIREWALLS and ROUTES to apply to specific VM instances.
T/F: you can modify the primary IP range for your subnet.
F. You can expand the IP address range of your subnet once you’ve created, but you do so by adding an alias IP range.
Private Google Access
Allows instances without external IP addresses to access resources outside of the network from within GC services, i.e. GCS, Cloud Source Repos.
Private Service Access
Allows you to connect to Google or third-party services located on OTHER VPC NETWORKS hosted by Google or third parties.
What is the difference between Private Google Access and Private Service Access?
Private Google Access allows you to access assets/resources from outside your network via GC services.
Private Service Access allows you to access third-party services without leaving GC’s network.
Shared VPC
Allows you to connect resources from different projects to a single VPC.
T/F: in a shared VPC model, billing is attributed to the host project.
F. One benefit of using a shared VPC is that organizations can centrally manage network resources while individual BUs own their portions of the bill.
VPC Peering
Allows two separately managed VPCs to communicate with each other.
T/F: there is more latency between two resources across peered VPCs than between two resources within the same VPC.
F
Cloud VPN
Allows you to connect any of your peer networks to VPC securely through an IPSec-encrypted tunnel.
VPNs create secure connections over non-secure connections.
Name two use cases for Cloud DNS
Cloud DNS can act as
- An authoritative DNS server for public domains with Internet visibility
- A DNS server for private zones only visible within a private network.
What is the difference between Dedicated and Partner Interconnect?
Dedicated Interconnect provides a direct, dedicated physical connection between your on-prem network and GCP.
Partner Interconnect provides a connection between your on-prem and VPC networks through a supported service provider.
What are the different bandwidth constraints between Cloud VPN and Cloud Interconnect?
Cloud VPN supports up to 3 Gbps per tunnel
Cloud Interconnect supports up to 10 Gbps for Partner and 100 Gbps for Direct
What are the different types of Cloud Load Balancers?
Internal (TCP/UDP, HTTP)
External (
What are the different types of Cloud Load Balancers?
Internal (TCP/UDP, HTTP)
External (TCP/UDP network, TCP proxy, SSL proxy, HTTP)
What might be the reason VM instances sitting behind a load balancer keep restarting?
Firewall rule not configured to allow traffic from internal LB to hit backend VM instances for health checks.
What kinds of resources does Cloud CDN cache store content from?
VM instances and storage buckets
