Configuring a Custom VPC Network in GCP

In the Google Cloud Platform (GCP), a Virtual Private Cloud (VPC) Network serves as an essential element for establishing and overseeing networking resources within the Google Cloud ecosystem. This VPC network facilitates the isolation and regulation of communication among various Google Cloud resources, including Compute Engine virtual machine (VM) instances, Kubernetes clusters, and additional services.

Task 1: Create a Custom Mode VPC Network with Firewall Rules

Step 1: Access the GCP Console

1. Open your GCP Console at https://console.cloud.google.com.

Step 2: Navigate to VPC Network

1. In the left-hand menu, click on VPC network.

2. Select VPC networks from the submenu.

Step 3: Create a New VPC Network

1. Click Create VPC network at the top.

   

2. Enter a Name for your VPC network (e.g., my-custom-vpc).

   

Step 3: Add Custom Subnets

1. Under the Subnet section, click Add subnet.

2. Enter the following details for each subnet you want to create:

   • Name: Name your subnet (e.g., subnet-us-central).

   • Region: Select a region for the subnet (e.g., us-central1).

   • IP address range: Specify an IP range in CIDR notation (e.g., 10.0.1.0/24). This will be the subnet range for instances in this region.

3. Repeat the above steps to add more subnets if needed, each with unique names, regions, and IP ranges.

4. Once all subnets are defined, click Done.

Step 5: Review and Create the VPC

1. Review all configurations for accuracy.

2. Click Create to create the VPC network along with its custom subnets.

Step 6: Add Firewall Rules

1. After creating your VPC, you may need to add specific firewall rules to control traffic.

2. In the Firewall rules section under VPC network, click Create firewall rule.

   

   

   1. Configure the following:

      • Name: Specify a name for the rule (e.g., my-firewall).

      • Network: Select your custom VPC network.

• Priority: Set the priority level for rule application (lower numbers have higher priority).

• Direction: Choose Ingress (for incoming traffic) or Egress (for outgoing traffic).

• Action: Choose Allow or Deny.

• Targets: Targets: Specify All instances in the network or choose specified target tags or specified service account.

• Source filter: Define the sources for incoming traffic (e.g., 0.0.0.0/0 for all IPs).

• Protocols and ports: Define the protocols and ports (e.g., tcp:22 for SSH).

2. Click Create to save the firewall rule.

Task 2: Create VM Instances in Custom VPC Network

With the custom VPC and firewall rules established, we are now ready to create VM instances across different subnets.

1. Navigate to Compute Engine > VM instances.

1. Click Create Instance.

2. Configure the VM instance settings:

   • Name: Give the instance a unique name (e.g., my-instance-1).

   • Region and Zone: Select a region that matches one of the subnets in your VPC Network.

• Machine type: Choose a machine type based on your requirements.

• Network interfaces:

  • Select Network as my-vpc-nw.

  • Choose the Subnet where this VM should reside.

Click Create to launch the VM.

• Repeat the steps to create additional VM instances in different Subnets as needed.

  

Task 3: Test Connectivity Between VM Instances

With the VMs deployed, it is essential to test the connectivity between them to ensure that the firewall rules and network configuration are functioning as intended.

1. Go to the VM instances page and SSH into one of your instances (e.g., instance-1).

2. From instance-1, try pinging the internal IP address of another VM instance (e.g., instance-2).

    ping <Internal_IP>
   

   Note: Connections using Internal IP addresses are established exclusively within the VPC Network, even when VM instances are located in different zones, regions, or multi-regions.

   3. If we configured the firewall rule correctly to allow internal traffic, the ping should be successful, indicating that the instances can communicate within the network.

   4. Test other protocols as required based on the firewall settings.

       ping <External_IP>
      

   5. Utilize the command prompt to diagnose connectivity issues by verifying the firewall rules and ensuring that the source and target IP ranges are correctly configured.

Note: Establishing a connection between different VPC Networks using External IP addresses is possible, regardless of whether the networks are in the same or different regions. This can be achieved by configuring an ICMP firewall rule to allow the necessary traffic.

Conclusion

Creating and managing a custom-mode VPC network in Google Cloud Platform offers the flexibility and control necessary for building robust, segmented network architectures. By setting up firewall rules, VM instances, and testing connectivity, a network can be designed to fit specific needs, ensuring secure and efficient communication between resources. Additionally, configuring VMs with multiple network interfaces allows for more complex setups, making GCP VPCs a versatile choice for cloud networking solutions.