VPC

Question 1

How many networks can a project contain by default?

Answer 1

5

Question 2

What are the 3 types of VPC networks?

Answer 2

Default, Auto, Custom

Question 3

A network in Google Cloud has these featuures

Answer 3

Global and spans all available regions
Has no IP address range
Contains subnetworks

Question 4

Default network type

Answer 4

Every project gets this VPC with preset subnets and firewall rules.
A subnet for each region with non overlapping CIDR blocks.
Firewall rules allow ICMP, RDP and SSH traffic from anywhere. Within the network, any ingress traffic is allowed.
Also an auto mode network.

Question 5

Auto mode network type

Answer 5

Default network
Regional IP allocation
Fixed /20 subnetwork per region, expandable up to /16
As new regions become available, auto added
Can be converted to custom to avoid auto adding (1 way)
All subnets fit in 10.128.0.0/9 CIDR block

Question 6

Custom mode network type

Answer 6

Full control
Subnets cannot overlap IP ranges

Question 7

Describe how resources in different regions and/or networks communicate

Answer 7

Resources in same network can communicate across regions with internal IP
Resources in different networks cannot communicate with internal IP

Question 8

Describe how a basic VPN would connect to a VPC with multiple regions

Answer 8

Single VPN Gateway can leverage global VPC

Question 9

A subnet reserves what IP addresses

Answer 9

4 total reserved addresses
.0 and .1 for network and subnet’s gateway
Second to last and last address for broadcast

Question 10

What is relationship between subnets and regions/zones, and how does it affect firewall rules

Answer 10

Subnets work on a region, which has multiple zones. So subnets can cross zones (for the given region)
Use same subnet IP address so a single firewall rule will work

Question 11

Subnet expansion features

Answer 11

Can increase IP address space of any subnets without workload shutdown or downtime
Note still cant overlap, need valid CIDR block
Cannot undo

Question 12

How many IP addresses can a machine have?

Answer 12

2. One internal, one (optional) external. Although… see Alias IP Ranges

Question 13

External IP address types

Answer 13

Ephemeral or static

Question 14

Static IP address cost more when…

Answer 14

they are not used/assigned

Question 15

External IP addresses are mapped to…

Answer 15

the internal IP address

Question 16

Cloud DNS Features and Availability

Answer 16

Host DNS zones. 100% availability

Question 17

Alias IP Ranges

Answer 17

Assign range of internal IP addresses as an alias to a VM’s network interface. Useful if multiple services or containers running on VM

Question 18

Define a Route. Every network has what kind of routes?

Answer 18

Mapping of an IP range to a destination. Routes that let instances in a network send traffic directly to each other. A default route that directs packets to destinations that are outside the network.

Question 19

Manually created networks and firewalls

Answer 19

Manually created networks have no default firewall rules

Question 20

Routes are created automatically when

Answer 20

A network is created. A subnetwork is created.

Question 21

VPC and Firewall Relationship (mention ingress/egress rules, how firewall connections work)

Answer 21

VPC network functions as a distributed firewall
Firewall rules are applied to the network as a whole
Connections are allowed or denied at the instance level
Firewall rules are stateful (if connection established, allow bidirectional comms)
Implied deny all ingress and allow all egress

Question 22

Firewall rule is composed of

Answer 22

direction, source or destination, protocol and port, action, priority, and rule assignment

Question 23

Example Network Pricing for Compute Engine

Answer 23

Ingress - No Charge (unless something like load balancer)
Egress to same zone (internal IP address) - No Charge
Egress to Google Products - No Charge
Egress to a different GCP service in same region - No Charge (for most)
Egress between zones in same region - .01
Egress to the same zone (external IP address) - .01
Egress between regions within US and Canada - .01
Egress between regions, not including US regions - varies by region

Question 24

How to estimate costs

Answer 24

Google Cloud Pricing Calculator

Question 25

Structure of a Network with Increased Availability

Answer 25

Use multiple zones in same subnetwork (single firewall rule on CIDR block). IE VMs in multiple zones.

Question 26

Structure of a Network with Globalization

Answer 26

Use multiple regions. Load balancer can route to region that is closest to user.

Question 27

Cloud NAT

Answer 27

Provides internet access to private instances (internal IP addresses) for things like updates, patching, etc. Outbound initiated only.

Question 28

Private Google Access definition and scope

Answer 28

Provides access to Google APIs and services for VM instances with only internal IP addresses. Subnet-by-subnet basis. Does not impact VMs with public IP addresses.

Question 29

Firewall rules added via

Answer 29

Tags