Networking

Question 1

Border Gateway Protocol

Answer 1

Cloud Router uses Border Gateway Protocol (BGP) to exchange routes between your Virtual Private Cloud (VPC) network and your on-premises network. On Cloud Router, you configure an interface and a BGP peer for your on-premises router. The interface and BGP peer configuration together form a BGP session.

For example, if you use a Cloud VPN tunnel to connect your networks, you can use Cloud Router to establish a BGP session with your on-premises router over your Cloud VPN tunnel. Cloud Router automatically learns new subnets in your VPC network and announces them to your on-premises network.

Question 2

Internal forwarding rules

Answer 2

Internal forwarding rules forward traffic that originates inside a Google Cloud network. The clients can be in the same Virtual Private Cloud (VPC) network as the backends, or the clients can be in a connected network.

Internal forwarding rules are used by two types of Google Cloud load balancers:

1. internal TCP/UDP load balancers
2. internal HTTP(S) load balancers

Question 3

Internal TCP/UDP load balancers

Answer 3

With an internal TCP/UDP load balancer, the supported traffic type is IPv4, and the supported protocol is either TCP or UDP (not both).

Each internal TCP/UDP load balancer has at least one regional internal forwarding rule. The regional internal forwarding rules point to the load balancer’s regional internal backend service.

The internal forwarding rule must be in a region and a subnet, and the backend service only needs to be in the region

Question 4

Backend Services

Answer 4

A backend service is a resource with fields containing configuration values for the following Google Cloud load balancing services:

External HTTP(S) Load Balancing
Internal HTTP(S) Load Balancing
SSL Proxy Load Balancing
TCP Proxy Load Balancing
Internal TCP/UDP Load Balancing

Network Load Balancing does not use a backend service.

The load balancers use the configuration information in the backend service resource for the following functions:

1. To direct traffic to the correct backends, which are instance groups or network endpoint groups
2. To distribute traffic according to a balancing mode. The balancing mode is defined in the backend service for each backend.
3. To monitor backend health by using the health check designated in the backend service
4. To maintain session affinity

Question 5

Network endpoint groups

Answer 5

used as backends for some load balancers.

NEGs define how a set of endpoints should be reached, whether they are reachable, and where they are located.

Two types:

1. Zonal
2. Internet

Question 6

Target Pools

Answer 6

A Target Pool resource defines a group of instances that receive incoming traffic from forwarding rules. When a forwarding rule directs traffic to a target pool, Cloud Load Balancing picks an instance from these target pools based on a hash of the source IP and port and the destination IP and port

Target pools can only be used with forwarding rules that handle TCP and UDP traffic. You must create a target pool before you can use it with a forwarding rule. Each project can have up to 50 target pools. A target pool can have only one health check. Network load balancing only supports httpHealthChecks.

Question 7

Internal HTTP(S) load balancers

Answer 7

With an internal HTTP(S) load balancer, the supported traffic type is IPv4, and the supported protocol can be HTTP, HTTPS, or HTTP/2.

Each internal HTTP(S) load balancer has exactly one regional internal forwarding rule. The regional internal forwarding rule points to the load balancer’s regional target HTTP or HTTPS proxy.

Question 8

Internal HTTP(S) load balancers

Answer 8

With an internal HTTP(S) load balancer, the supported traffic type is IPv4, and the supported protocol can be HTTP, HTTPS, or HTTP/2.

Each internal HTTP(S) load balancer has exactly one regional internal forwarding rule. The regional internal forwarding rule points to the load balancer’s regional target HTTP or HTTPS proxy.

Question 9

External forwarding rules

Answer 9

External forwarding rules forward traffic that originates from the internet, outside of your VPC network.

External forwarding rules are used by the following Google Cloud load balancers:

1. external HTTP(S) load balancers
2. SSL proxy load balancers
3. TCP proxy load balancers
4. network load balancers

Question 10

External forwarding rules

Answer 10

External forwarding rules forward traffic that originates from the internet, outside of your VPC network.

External forwarding rules are used by the following Google Cloud load balancers:

1. external HTTP(S) load balancers
2. SSL proxy load balancers
3. TCP proxy load balancers
4. network load balancers

Question 11

HTTP(S) load balancers

Answer 11

In an external HTTP(S) load balancer, a forwarding rule points to a target proxy.

Two kinds:

1. Premium tier
2. Standard tier

In Premium Tier, an external HTTP(S) load balancer uses a global external IP address, which can be either IPv4 or IPv6, and a global external forwarding rule.

In Standard Tier, an external HTTP(S) load balancer uses a regional external IP address, which must be IPv4, and a regional external forwarding rule. An external HTTP(S) load balancer in Standard Tier can only distribute traffic to backends within a single region.

Question 12

HTTP(S) load balancers

Answer 12

In an external HTTP(S) load balancer, a forwarding rule points to a target proxy.

Two kinds:

1. Premium tier
2. Standard tier

In Premium Tier, an external HTTP(S) load balancer uses a global external IP address, which can be either IPv4 or IPv6, and a global external forwarding rule.

In Standard Tier, an external HTTP(S) load balancer uses a regional external IP address, which must be IPv4, and a regional external forwarding rule. An external HTTP(S) load balancer in Standard Tier can only distribute traffic to backends within a single region.

Question 13

SSL proxy load balancers

Answer 13

An SSL proxy load balancer is similar to an external HTTP(S) load balancer because it can terminate SSL (TLS) sessions. SSL proxy load balancers do not support path-based redirection like external HTTP(S) load balancers, so they’re best suited for handling SSL for protocols other than HTTPS, such as IMAP or WebSockets over SSL.

In an SSL proxy load balancer, a forwarding rule points to a target proxy.

SSL proxy load balancers support both Premium Tier and Standard Tier.

SSL Proxy Load Balancing supports both IPv4 and IPv6 addresses for client traffic. Client IPv6 requests are terminated at the load balancing layer, and then proxied over IPv4 to your VMs.

Question 14

TCP proxy load balancers

Answer 14

A TCP proxy load balancer offers global TCP proxying capability, without SSL offload. TCP proxy load balancers support both Premium Tier and Standard Tier. The forwarding rule and IP address both depend on the tier that you select for the load balancer.

In a TCP proxy load balancer, a forwarding rule points to a target proxy.

Question 15

Network load balancer

Answer 15

The network load balancers distribute either TCP or UDP traffic among backends in a single region, and they support both Premium Tier and Standard Tier. A network load balancer uses a regional external forwarding rule and a regional external IPv4 address (regardless of tier). The regional external IP address can be accessed anywhere on the internet.

A regional external forwarding rule points to the load balancer’s target pool.

To use Network Load Balancing in different regions, you must create a network load balancer in each region.

Each load balancer has its own regional external forwarding rule with its own regional external IPv4 address.

Question 16

Network load balancer

Answer 16

The network load balancers distribute either TCP or UDP traffic among backends in a single region, and they support both Premium Tier and Standard Tier. A network load balancer uses a regional external forwarding rule and a regional external IPv4 address (regardless of tier). The regional external IP address can be accessed anywhere on the internet.

A regional external forwarding rule points to the load balancer’s target pool.

To use Network Load Balancing in different regions, you must create a network load balancer in each region.

Each load balancer has its own regional external forwarding rule with its own regional external IPv4 address.

Question 17

Network service tiers

Answer 17

In Network Service Tiers, the distinction between Standard Tier and Premium Tier depends on how far traffic is routed over the public internet:

Standard Tier: Offloads traffic as close as possible to the Google data center. This means that traffic is typically routed over the public internet for a longer distance, compared with Premium Tier.

Premium Tier: Routes traffic over Google’s private network as far as possible before leaving Google Cloud to get to the end user.

Question 18

Standard Network Tier

Answer 18

In Standard Tier, external HTTP(S) load balancers, TCP proxy load balancers, and SSL proxy load balancers are effectively regional. Their backend services remain global, but their forwarding rules and IP addresses are regional.

Uses public internet

Question 19

Premium Network Tier

Answer 19

The internal load balancers (HTTP(S) and TCP/UDP) must use Google’s private network, and they are therefore always in the Premium Tier. Internal load balancing is always regional.

With Premium Tier, external HTTP(S) load balancers, TCP proxy load balancers, and SSL proxy load balancers are global. Their forwarding rules, IP addresses, and backend services are global.