Networking Options Flashcards

1
Q

What is Google VPC?

A

VPC stands for Virtual Private Cloud and is a system used to divide resources into individual systems within a Google Cloud Enviornment. A project can share VPCs or a VPC can be created for each individual project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How many VPCs can you have per project?

A

5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the default firewall rules within a VPC?

A

Default rules allow ingress ICMP, RDP and SSH from anywhere

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can you communicate with VMs within a VPC?

A

VMs created in a VPC will have internal and external IP addresses. This is why it is important that VPCs will not have subnets with overlapping CIDR blocks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can you connect two VPCs?

A

VPCs are connected with VPC peering. Connections only go between two VPCs at a time and not all VPC connections with peering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the limitations of Load Balancing?

A

They can be global or regional, internal or external, and can include HTTP(S), SSL Proxy, TCP Proxy, Network TCP/UDP, and Internal TCP/UDP jobs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Cloud NAT (Network Address Translation)?

A

Cloud NAT is a regional self-scaling service that allows VMs internet access without external IPs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What rules does Cloud NAT impose on VMs?

A

Cloud NAT does not allow inbound traffic and is an alternative to NAT Gateway on Google

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a VPN?

A

A regional service that connects an IPsec tunnel and is set up using a Cloud VPN gateway, an on premisis gateway, and 2 tunnels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What kind of connections do Cloud VPN support?

A

They support static and dynamic routes, however, dynamic routes do require a Cloud Router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the bandwidth of a VPN connection?

A

Bandwidth of VPN connections range from 1.5 to 3 Gbps per tunnel. Higher connections can be achieved by configuring multiple tunnels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Cloud Interconnect?

A

Layer 2 connectivity method that you purchase to obtain an low latency and high availability between GCP and on prem devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Peering?

A

Layer 3 connectivity that provides high availability to Google services and can be done with Google or directly through a partner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Cloud DNS?

A

A managed service to host DNS records without servers or software that has 100% SLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a firewall?

A

Something that contains default rules to secure your network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How many subnet ranges can you create when creating your VPC?

A

You must define one primary range and then optionally up to 5 secondary ranges

17
Q

What is the project where a VPC created called?

A

The Host Project

18
Q

What is a good use for VPC peering?

A

VPC peering is best for VPC that exist in different organizations or if you need a shared governance model

19
Q

What is load balancing in relation of VPC?

A

Allows you to distribute your worklkoad between scaling resources in GCE, GAE, and GKE

20
Q

What is the purpose of HTTP(S) Load Balancing?

A

A global balancer that allows external connectivity and supports IPv4 and IPv6 but only can be used for HTTP and HTTPS traffic. Has features including CDN caching, integration with Cloud Armor, URL maps, SSL certificate hosting, and Quick UDP Internet Connection protocol.

21
Q

What is SSL Proxy Load Balancing?

A

The SSL proxy terminates the user’s SSL/TLS connections and is intended for non-HTTP(S) traffic. GLobal and allows external connectivity that supports IPv4 and IPv6. Traffic can use TCP or SSL protocols.

22
Q

What is TCP Proxy Load Balancing?

A

TCP Proxy Load Balancing terminates non-HTTP traffic that does not require SSL. It is global and allows external connectivity that supports IPv4 and IPv6.

23
Q

What is Network TCP/UDP Load Balancing?

A

A non-proxied load balancer that distributes traffic based inbound IP protocol based on data such as address, port, and protocol type. It is regional, external, and only supports IPv4.

24
Q

What is Internal TCP/UDP Load Balancing?

A

A non-proxied regional internal load balancer and only supports IPv4 addresses. Can be used for three tier applications where web services need to load balance an internal connection to the application tier.

25
Q

How do we chose an external load balancer?

A

For external exposure we should chose the type of traffic we want to balance and the type of support we need.

26
Q

How do we chose an internal load balancer?

A

There’s only one and it’s the Internal TCP/UDP load balancer

27
Q

What does Cloud NAT do?

A

Cloud NAT hides the original IP Address of our virtual machine when communicating with external networks and allows VMs with internal addresses to access the internet.

28
Q

What is a NAT Gateway?

A

A NAT Gateway allows the provisioning of a VM to act as a gateway so that only one is exposed to the internet and must be configured with the –can-ip-forward tag to allow traffic forwarding. Can be added to managed instance groups.

29
Q

Why do Cloud NAT Gateways not require instances?

A

Coud NAT is a service managed by Google SDN so they don’t need to be managed on a seperate machine

30
Q

When peering your network, what speeds does that provide?

A

For direct peering, connections are through Google Edge and have 10GBps per link established. For carrier peering, the bandwidth will depend on the provider.

31
Q

What is a Firewall?

A

A hardware or software device that filters network traffic that’s passing through it

32
Q

How are firewall rules applied to VMs?

A

Rules are independant of the VM operating system and are automatically enabled and enforced unless otherwise specified. They are also applied per machine, even in the same network.

33
Q

What is Firewall Logging?

A

Firewall logging allows for you to verify that the rules are working correctly, and are injected into Stackdriver.

34
Q

What is Google Private Access?

A

A feature where only VMs with internal IP addresses can access a Google APIs external IP address. Not enabled for all services but available for on premises VMs as long as you have VPNs configured.