Routes - Virtual Networks Module 1.2.3 Flashcards
What is a network route
Route is a mapping of an IP range to a destination.
Which routes every GSP network has?
By default, every network has routes that let instances in a network send traffic directly to each other, even across subnets.
In addition, every network has a default route that directs packets to destinations that are outside the network.
you can also create special routes that overwrite these routes.
What is also needed besides routes to enable traffic to arrive to a destination
Firewall rules must also allow the packet.
Routes match packets by destination IP addresses.
However, no traffic will flow without also matching a firewall rule.
What are default network pre-configured firewall rules (except custom networks that don’t have tham)
default-allow-internal - Permits incoming connections to VM instances from other instances within the same VPC network.
default-allow-ssh - Lets you connect to instances with tools such as ssh, scp, or sftp.
default-allow-rdp - Lets you connect to instances using the Microsoft Remote Desktop Protocol (RDP).
default-allow-icmp - Lets you use tools such as ping.
When are routes created by default
A route is created when a network is created, enabling traffic delivery from “anywhere”.
Also, a route is created when a subnet is created.
This is what enables VMs on the same network to communicate.
How the routes apply to an instance
A route applies to an instance if the network and instance tags match
If the network matches and there are no instance tags specified, the route applies to all instances in that network.
How the traffic flow goes
Compute Engine then uses the Routes collection to create individual read-only routing tables for each instance.
There is massively scalable virtual router at the core of each network.
Every virtual machine instance in the network is directly connected to this router, and all packets leaving a virtual machine instance are first handled at this layer before they are forwarded to their next hop.
The virtual network router selects the next hop for a packet by consulting the routing table for that instance.
what is ingress/ egress
inbound and outbound, known as ingress and egress, respectively.
Inbound connections are matched against ingress rules only, and outbound connections are matched against egress rules only.
Ingress incoming traffic (entering) Egress refers exiting traffic.
What means that GCP firewall rules are stateful.
This means that if a connection is allowed between a source and a target or a target at a destination, all subsequent traffic in either direction will be allowed.
In other words, firewall rules allow bidirectional communication once a session is established.
which are implied firewall rules on network
Also, if for some reason, all firewall rules in a network are deleted, there is still
an implied “Deny all” ingress rule and an implied “Allow all” egress rule for the network.
What is firewall rule composed of?
- direction (ingress/egress)
- source (for ingress : IP addresses, tags, source service account)
or
destination (for egress IP address ranges) - protocol & port
- action (allow, deny)
- priority
- rule assignment (rules are assigned to all instances, but you can assign certan rules to certan instances ????
