6

GCP Networking

Refer to this link for public cloud FAQ's.

Resource in GCP

Global 

  • Can be accessed by any other resource, across regions and zones 

  • Creating VPC is a global operation because a network is a global resource 

  • Different from AWS and Azure because the VPC and routing is global, not within a region 

Regional 

  • Can be accessed only by resources in the same region 

  • Reserving an IP address is a regional operation 

Zonal  

  • Can be accessed only by resources in the same zone 

  • Disks can be attached to computers in the same zone   

GCP Projects

  • Projects are the fundamental organizational structure 

  • GCP resources must belong to a project 

  • Made up of settings, permissions, and other metadata that describe applications 

  • Contains the computing, storage, and networking resources 

  • A project can’t access other projects resources unless you use 

    • Shared VPC 

    • VPC Network Peering 

 

Basic GCP Network Components  

  • GCP Regions and Zones 

  • VPC/Subnets 

  • VPC Peering 

  • Implicit Routing 

  • VPN Gateway 

VPC Network 

  • Global Routing: 

    • VPC is a global resource 

    • All the subnets irrespective of region are inherently routable within a VPC 

  • Subnets/CIDR are a regional resource  

  • Projects can contain multiple VPC networks 

Routes in GCP 

  • Routes created by GCP for users are system generated routes 

    • Default route 

    • Subnet gateway 

  • User Defined Route 

    • Static Routing 

    • Dynamic Routing 

Transit (Inter-VPC) Networking 

  • Lacks native transit solution to interconnect VPC’s 

    • VPC peering preferred 

    • Preaching single VPC 

  • VPC Peering 

    • Same qualities as other CSP’s 

    • All preprogrammed routes from the two VPC’s are announced to each other 

    • Used to connect multiple VPC’s  

    • Non-transitive 

Cloud Interconnect 

  • Connect your On-Prem network to your VPC network through a private connection 

  • Limitation: Not encrypted 

  • Dedicated Interconnect 

    • Enables users to connect existing network to the VPC network through a highly available, low latency, enterprise grade connection 

12replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • When VPC is global service in GCP why would there be a Shared VPC or VPC peering?

    Like 1
    • Anil K The global routing stays inside the VPC. The reality is that enterprises would need number of VPCs for segregation, isolation and security reasons. So you need a proper transit solution that is Aviatrix transit to connect those VPCs for proper routing, control and traffic engineering.

      Shared VPC is is mainly for network admins to check-out resources such a subnets and firewall rules to tenants or service projects.

      Like 2
  • What is the difference between Cloud Interconnect and Dedicated Interconnect.

    Like
  • Hi Everyone/Aviatrix team,

    In video lectures it is mentioned that Azure native firewall do not have support for DPI, IDS or IPS but on azure website they it says it has IDS and IPS support. please refer the link below.

     

    What should be our answer if the question comes on support of IDS and IPS feature of Azure native firewall?

    https://azure.microsoft.com/en-in/services/azure-firewall/

    Like
  • Hi Aviatrix team,

    Hi I have one query about logging feature in aviatrix,

    does Controller allows customers to export Netflow data from selected Aviatrix Gateways only to any Netflow collector like solarwinds or PRTG on a custom port?

    Like
Like6 Follow
  • 6 Likes
  • 2 mths agoLast active
  • 12Replies
  • 2973Views
  • 8 Following