Networking Options

Question 1

What is Google VPC?

Answer 1

VPC stands for Virtual Private Cloud and is a system used to divide resources into individual systems within a Google Cloud Enviornment. A project can share VPCs or a VPC can be created for each individual project.

Question 2

How many VPCs can you have per project?

Answer 2

5

Question 3

What are the default firewall rules within a VPC?

Answer 3

Default rules allow ingress ICMP, RDP and SSH from anywhere

Question 4

How can you communicate with VMs within a VPC?

Answer 4

VMs created in a VPC will have internal and external IP addresses. This is why it is important that VPCs will not have subnets with overlapping CIDR blocks.

Question 5

How can you connect two VPCs?

Answer 5

VPCs are connected with VPC peering. Connections only go between two VPCs at a time and not all VPC connections with peering.

Question 6

What are the limitations of Load Balancing?

Answer 6

They can be global or regional, internal or external, and can include HTTP(S), SSL Proxy, TCP Proxy, Network TCP/UDP, and Internal TCP/UDP jobs

Question 7

What is the Cloud NAT (Network Address Translation)?

Answer 7

Cloud NAT is a regional self-scaling service that allows VMs internet access without external IPs

Question 8

What rules does Cloud NAT impose on VMs?

Answer 8

Cloud NAT does not allow inbound traffic and is an alternative to NAT Gateway on Google

Question 9

What is a VPN?

Answer 9

A regional service that connects an IPsec tunnel and is set up using a Cloud VPN gateway, an on premisis gateway, and 2 tunnels

Question 10

What kind of connections do Cloud VPN support?

Answer 10

They support static and dynamic routes, however, dynamic routes do require a Cloud Router

Question 11

What is the bandwidth of a VPN connection?

Answer 11

Bandwidth of VPN connections range from 1.5 to 3 Gbps per tunnel. Higher connections can be achieved by configuring multiple tunnels.

Question 12

What is Cloud Interconnect?

Answer 12

Layer 2 connectivity method that you purchase to obtain an low latency and high availability between GCP and on prem devices.

Question 13

What is Peering?

Answer 13

Layer 3 connectivity that provides high availability to Google services and can be done with Google or directly through a partner.

Question 14

What is Cloud DNS?

Answer 14

A managed service to host DNS records without servers or software that has 100% SLA

Question 15

What is a firewall?

Answer 15

Something that contains default rules to secure your network

Question 16

How many subnet ranges can you create when creating your VPC?

Answer 16

You must define one primary range and then optionally up to 5 secondary ranges

Question 17

What is the project where a VPC created called?

Answer 17

The Host Project

Question 18

What is a good use for VPC peering?

Answer 18

VPC peering is best for VPC that exist in different organizations or if you need a shared governance model

Question 19

What is load balancing in relation of VPC?

Answer 19

Allows you to distribute your worklkoad between scaling resources in GCE, GAE, and GKE

Question 20

What is the purpose of HTTP(S) Load Balancing?

Answer 20

A global balancer that allows external connectivity and supports IPv4 and IPv6 but only can be used for HTTP and HTTPS traffic. Has features including CDN caching, integration with Cloud Armor, URL maps, SSL certificate hosting, and Quick UDP Internet Connection protocol.

Question 21

What is SSL Proxy Load Balancing?

Answer 21

The SSL proxy terminates the user’s SSL/TLS connections and is intended for non-HTTP(S) traffic. GLobal and allows external connectivity that supports IPv4 and IPv6. Traffic can use TCP or SSL protocols.

Question 22

What is TCP Proxy Load Balancing?

Answer 22

TCP Proxy Load Balancing terminates non-HTTP traffic that does not require SSL. It is global and allows external connectivity that supports IPv4 and IPv6.

Question 23

What is Network TCP/UDP Load Balancing?

Answer 23

A non-proxied load balancer that distributes traffic based inbound IP protocol based on data such as address, port, and protocol type. It is regional, external, and only supports IPv4.

Question 24

What is Internal TCP/UDP Load Balancing?

Answer 24

A non-proxied regional internal load balancer and only supports IPv4 addresses. Can be used for three tier applications where web services need to load balance an internal connection to the application tier.

Question 25

How do we chose an external load balancer?

Answer 25

For external exposure we should chose the type of traffic we want to balance and the type of support we need.

Question 26

How do we chose an internal load balancer?

Answer 26

There’s only one and it’s the Internal TCP/UDP load balancer

Question 27

What does Cloud NAT do?

Answer 27

Cloud NAT hides the original IP Address of our virtual machine when communicating with external networks and allows VMs with internal addresses to access the internet.

Question 28

What is a NAT Gateway?

Answer 28

A NAT Gateway allows the provisioning of a VM to act as a gateway so that only one is exposed to the internet and must be configured with the –can-ip-forward tag to allow traffic forwarding. Can be added to managed instance groups.

Question 29

Why do Cloud NAT Gateways not require instances?

Answer 29

Coud NAT is a service managed by Google SDN so they don’t need to be managed on a seperate machine

Question 30

When peering your network, what speeds does that provide?

Answer 30

For direct peering, connections are through Google Edge and have 10GBps per link established. For carrier peering, the bandwidth will depend on the provider.

Question 31

What is a Firewall?

Answer 31

A hardware or software device that filters network traffic that’s passing through it

Question 32

How are firewall rules applied to VMs?

Answer 32

Rules are independant of the VM operating system and are automatically enabled and enforced unless otherwise specified. They are also applied per machine, even in the same network.

Question 33

What is Firewall Logging?

Answer 33

Firewall logging allows for you to verify that the rules are working correctly, and are injected into Stackdriver.

Question 34

What is Google Private Access?

Answer 34

A feature where only VMs with internal IP addresses can access a Google APIs external IP address. Not enabled for all services but available for on premises VMs as long as you have VPNs configured.