You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Networking is the backbone of any cloud architecture. GCP provides a software-defined networking stack built on Google's global infrastructure. This lesson covers Virtual Private Cloud (VPC) networks, subnets, firewall rules, and connectivity options.
A VPC network is a global, private network within GCP. Unlike other cloud providers, GCP VPCs are global — they are not confined to a single region.
| Property | Description |
|---|---|
| Global | A VPC spans all GCP regions automatically |
| Subnets | Regional — each subnet exists in one region |
| No IP overlap | Subnets within a VPC cannot have overlapping IP ranges |
| Default VPC | Every new project gets a default VPC with subnets in every region |
| Type | Description |
|---|---|
| Auto mode | Automatically creates one subnet in each region (default VPC) |
| Custom mode | You create subnets manually in the regions you choose (recommended for production) |
Subnets are regional — they span all zones within a region.
VPC: my-network (global)
|
|-- Subnet: web-subnet (europe-west2, 10.0.1.0/24)
| |-- Zone A: VM instances
| |-- Zone B: VM instances
|
|-- Subnet: db-subnet (europe-west2, 10.0.2.0/24)
|
|-- Subnet: us-subnet (us-central1, 10.0.3.0/24)
Each subnet is defined by a CIDR range (e.g., 10.0.1.0/24 = 256 IP addresses):
gcloud compute networks subnets create web-subnet \
--network=my-network \
--region=europe-west2 \
--range=10.0.1.0/24
Subnets can be expanded (increase the CIDR range) but not shrunk.
| Type | Description |
|---|---|
| Internal IP | Assigned from the subnet range. Used for communication within GCP. |
| External IP | A public IP for internet access. Can be ephemeral (changes on restart) or static (reserved). |
| Alias IP | Additional IP ranges assigned to a VM's network interface. Useful for containers. |
Best practice: Avoid assigning external IPs to VMs. Use a load balancer, Cloud NAT, or IAP (Identity-Aware Proxy) instead.
GCP firewall rules control traffic to and from VM instances. They are applied at the VPC level and enforced per instance.
| Property | Description |
|---|---|
| Direction | Ingress (inbound) or Egress (outbound) |
| Priority | 0–65535 (lower number = higher priority) |
| Action | Allow or Deny |
| Target | Which instances the rule applies to (all, by tag, or by service account) |
| Source/Destination | IP ranges, tags, or service accounts |
| Protocol and ports | TCP, UDP, ICMP, specific ports |
Every VPC has two implied rules:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.