You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Subnets are the regional building blocks of a GCP VPC network. While the VPC itself is global, each subnet exists in a specific region and defines a CIDR range from which instances receive their internal IP addresses. Proper subnet design and IP planning are critical for performance, security, and avoiding costly rework later.
A subnet (subnetwork) is a regional resource within a VPC. It defines a range of internal IP addresses using CIDR notation. Instances deployed in a particular region are placed into a subnet in that region.
Key properties:
Every subnet has a primary CIDR range. Instances receive their internal IP from this range. For example, a subnet with 10.0.1.0/24 provides 256 addresses.
A subnet can have one or more secondary ranges. These are used for:
gcloud compute networks subnets create my-subnet \
--network=my-vpc \
--region=europe-west2 \
--range=10.0.1.0/24 \
--secondary-range pods=10.4.0.0/14,services=10.8.0.0/20
In every subnet GCP reserves four addresses:
| Address | Purpose |
|---|---|
First address (e.g. 10.0.1.0) | Network address |
Second address (e.g. 10.0.1.1) | Default gateway |
Second-to-last (e.g. 10.0.1.254) | Reserved by GCP |
Last address (e.g. 10.0.1.255) | Broadcast address |
So a /24 subnet provides 252 usable addresses (256 minus 4).
By default, instances without external IP addresses cannot reach Google APIs (e.g. Cloud Storage, BigQuery). Enabling Private Google Access on a subnet allows instances with only internal IPs to reach Google services over Google's internal network.
gcloud compute networks subnets update my-subnet \
--region=europe-west2 \
--enable-private-ip-google-access
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.