Networking Flashcards

1
Q

What is a VPC Network?

A
  • Virtual Private Cloud (VPC) network
  • Manage networking for your GCP Compute resources
  • All Compute Engine, Kubernetes Engine containers and AppEngine Flex apps, exist within a VPC Network.
  • A Default mode network is created, can be updated or replaced with custom mode to meet your needs (custom IP Addresses and sub-nets)
  • Securely connect your VPC network of IPsec for VPN access.
  • Support for firewall restriction and routing between networks and instances - Works across regions, highly scalable
  • Shared VPC allows sharing a network across projects to operate services with their own quota and billing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do VPC firewall rules allow you to do, how do they work?

A
  • Firewall rules protect your VM instances from unapproved connections, both inbound and outbound.
  • You can create firewall rules to allow or deny connections based on a combination of IP addresses, ports and protocols.
  • Functions between other networks AND between instances on the same network (distributed firewall)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a route, how or why would I need one?

A
  • A route is a mapping of an IP range to a destination
  • Routes tell the VPC network where to send packets destined for a particular IP address
  • Routes are created automatically when the network is created: a default route for Internet traffic, and a route for each subnet when the subnet is created.
  • Routes still need Firewall rules to allow packets
  • Routes may apply to instances by using a matching Tag attribute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do your route packets to the Internet?

A
  • Must be sent by an instance that has an external IP address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is VPC Network Peering?

A
  • Allows private connectivity across two VPC networks, in different projects or organizations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is CIDR notation?

A
  • CIDR = Classless Inter Domain Routing, using 1-bit increments
  • CIDR notation is a compact representation of an IP Address and its associated routing prefix (subnet mask splits into host part and network part)
  • A Class C address 192.168.1.100/24 gives access to 256 IP addresses:
  • 254 hosts IPs in the range 192.168.1.1 to 192.168.1.254
  • 1 Network address 192.168.1.0 (reserved)
  • 1 Broadcast address 192.168.1.255 (reserved)
  • the /24 represents subnet 255.255.255.0
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the different ‘Classes’ of networks?

Why is using Classful address scheme considered wasteful?

A
  1. Class A: 1.0.0.0 - 126.0.0.0 = /8
  2. Class B: 128.0.0.0 - 191.255.0.0 = /16
  3. Class C: 192.0.0.0 - 223.255.255.0 = /24
  • Giving Class C to an org that need 5 hosts is wasteful
  • Use CIDR instead, which uses 1-bit increments instead of 8-bit for classful.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do firewall rules work with regards to subnets?

A
  • Aautomode VPC creates inter-subnet firewall rules to allow instances on the same subnet to communicate
  • To allow communication between different subnets, you must define a custom firewall rule to allow that access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Google Cloud VPN?

A
  • Securely connects your on-premise network to your GCP VPC network/gateway through an IPSec VPN connection (VPN Tunnel)
  • Requires an IPsec VPN gateway on the client side
  • Supports static and dynamic routes (via Cloud Router), for managing traffic between GCP VPC and existing infrastructure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is required to use a VPN?

A
  1. Must have a peer gateway by the client
  2. The peer VPN gateway must have a static external IP address
  3. The CIDR range of the VPC network must not conflict with the CIDR ranges of the peer VPN gateway
  4. You must supply a shared secret for the VPN
  5. Setup firewall rules and any custom routing needed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Cloud Router? When should it be used?

A
  • fully distributed and managed cloud service that scales with your network traffic
  • Use Cloud Router to dynamically exchange routes between GCP networks and your on-premises network.
  • Cloud Router peers with your on-premises VPN gateway or router Static routing
  • Dynamic routing: uses Border Gateway Protocol (BGP) to exchange network topology information, so no static routes are required *
  • Static routing: sutiable for small networks and stable topologies, routing table control
  • Use Cloud Router to enable dynamic routing from your VPN tunnel
  • Pricing: FREE OF CHARGE!
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

VPC - What are Forwarding Rules?

A
  • routes govern traffic LEAVING an instance
  • forwarding rules can direct traffic that ARRIVEWS from OUTSIDE the network AS WELL as traffic (that ARRIVES) from INSIDE the network
  • rules based on IP, protocol or port
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are some use cases for VPC ‘forwarding rules’?

A
  • Virtual hosting: multiple rules to point to a single instance, allowing multiple external IPs with just one VM; especially useful for SSL hosting
  • Forwarding rules over a VPN
  • Load balancing: forward traffic to a load-balancer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is needed to create and use a VPC ‘forwarding rule’?

A
  1. Creation of a ‘targeted instance’ resource on the VM - BEFORE the fowarding rule
    * gcloud compute target-instances create
  2. Creation of the forwarding rule
    * gcloud compute forwarding-rules create
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Cloud Load Balancing?

When and why would we want to use it?

A
  • Distribute traffic to load-balanced compute resources in single or multiple regions
  • Close to users with high-availability
  • Scale resources up or down with intelligent Autoscaling
  • Integrated with Cloud CDN for optimal app and content delivery
  • Scales as your user and traffic grows
  • Supports internal load-balancing (via Andromeda)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the types of load-balancing?

A
  1. Global external load balancing
    • HTTP(S) load balancing
    • SSL Proxy load balancing - non-https(s) traffic
    • TCP Proxy load balancing - non-htttp(s) traffic
  2. Regional external load balancing
    • Network load balancing- distributes traffic among a pool of instances within a region
  3. Regional internal load balancing
    • Internal load balancing- distributes traffic from GCP VM instances to a group of instances in the same region
17
Q

What is and how do you setup Internal Load Balancing?

A
  • Internal Load Balancing enables you to run and scale your services behind a private load balancing IP address which is accessible only to instances internal to your Virtual Private Cloud (VPC).
  • Think external LB service to Web tier, which has internal configuration to LB to App tier (like AJP), but instead using Google ‘Internal’ Load Balancer solution
18
Q

What is Cloud CDN and what is it good for, why/when should I use it?

A
  • Cloud CDN works with the HTTP(S) Load Balancing service
  • Content may come from VM instance groups or Cloud Storage buckets
    *