GCP Networking
Refer to this link for public cloud FAQ's.
Resource in GCP
Global
-
Can be accessed by any other resource, across regions and zones
-
Creating VPC is a global operation because a network is a global resource
-
Different from AWS and Azure because the VPC and routing is global, not within a region
Regional
-
Can be accessed only by resources in the same region
-
Reserving an IP address is a regional operation
Zonal
-
Can be accessed only by resources in the same zone
-
Disks can be attached to computers in the same zone
GCP Projects
-
Projects are the fundamental organizational structure
-
GCP resources must belong to a project
-
Made up of settings, permissions, and other metadata that describe applications
-
Contains the computing, storage, and networking resources
-
A project can’t access other projects resources unless you use
-
Shared VPC
-
VPC Network Peering
-
Basic GCP Network Components
-
GCP Regions and Zones
-
VPC/Subnets
-
VPC Peering
-
Implicit Routing
-
VPN Gateway
VPC Network
-
Global Routing:
-
VPC is a global resource
-
All the subnets irrespective of region are inherently routable within a VPC
-
-
Subnets/CIDR are a regional resource
-
Projects can contain multiple VPC networks
Routes in GCP
-
Routes created by GCP for users are system generated routes
-
Default route
-
Subnet gateway
-
-
User Defined Route
-
Static Routing
-
Dynamic Routing
-
Transit (Inter-VPC) Networking
-
Lacks native transit solution to interconnect VPC’s
-
VPC peering preferred
-
Preaching single VPC
-
-
VPC Peering
-
Same qualities as other CSP’s
-
All preprogrammed routes from the two VPC’s are announced to each other
-
Used to connect multiple VPC’s
-
Non-transitive
-
Cloud Interconnect
-
Connect your On-Prem network to your VPC network through a private connection
-
Limitation: Not encrypted
-
Dedicated Interconnect
-
Enables users to connect existing network to the VPC network through a highly available, low latency, enterprise grade connection
-
-
When VPC is global service in GCP why would there be a Shared VPC or VPC peering?
-
Anil K The global routing stays inside the VPC. The reality is that enterprises would need number of VPCs for segregation, isolation and security reasons. So you need a proper transit solution that is Aviatrix transit to connect those VPCs for proper routing, control and traffic engineering.
Shared VPC is is mainly for network admins to check-out resources such a subnets and firewall rules to tenants or service projects.
-
-
What is the difference between Cloud Interconnect and Dedicated Interconnect.
-
Moses Ahima Adonteng Google Cloud Interconnect has two flavors
https://cloud.google.com/network-connectivity/docs/interconnect/concepts/overview
1- Dedicated Interconnect provides a direct physical connection between your on-premises network and Google's network.
2- Partner Interconnect provides connectivity between your on-premises and VPC networks through a supported service provider.
-
-
Hi Everyone/Aviatrix team,
In video lectures it is mentioned that Azure native firewall do not have support for DPI, IDS or IPS but on azure website they it says it has IDS and IPS support. please refer the link below.
What should be our answer if the question comes on support of IDS and IPS feature of Azure native firewall?
-
Rohan Acharekar it is a new feature and in preview mode. https://azure.microsoft.com/en-us/blog/azure-firewall-premium-now-in-preview-2/
-
-
Hi Aviatrix team,
Hi I have one query about logging feature in aviatrix,
does Controller allows customers to export Netflow data from selected Aviatrix Gateways only to any Netflow collector like solarwinds or PRTG on a custom port?
-
Shahzad Ali , ace team awaiting your reply.
-
Rohan Acharekar it does.
-
Shahzad Ali thank you for your response, I am unable to find a supporting document for the same, can you please share the same.
-
Rohan Acharekar It will be much easier if you Launch the Controller and check all the options
https://community.aviatrix.com/t/g9hx9jh -
-
