Download to read offline
More Related Content
Similar to GDSC Google Cloud Study Jams Session - 3
GDSC Google Cloud Study Jams Session - 3
- 1. Google Cloud StudyJam Session 3 SepĞ ember - OcĞ ober 2023 Romin Irani, Developer Advocate, Google Cloud
- 2. Session Agenda 1 2 GCPNetworking 3 Cloud Operations Google Network
- 3. Google Network Copyright GoogleLLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 4. A background tonetworking Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 5. Google Cloud Network CopyrightGoogle LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 6. Products by Region CopyrightGoogle LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 7. Google Cloud Networking Copyright GoogleLLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 8. Allow the deploymentof IaaS resources No IP address ranges Global Contain subnets VPCs are software defined network (SDN) constructs Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 9. Internet Region: us-west1 Zone: us-west1-a subnet1:10.240.0.0/24 Region: us-east1 Zone: us-east1-a subnet2: 192.168.1.0/24 Internet Gateway Zone: us-east1-b subnet3: 10.2.0.0/16 VM 10.240.0.2 VM 10.240.0.3 VM 192.168.1.2 VM 192.168.1.3 VM 10.2.0.2 VM 10.2.0.3 VPC Routing VPN Gateway On Premises Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website. A VPC network is a virtual version of a physical network and is a global resource VPC Network
- 10. Subnets are regionaland extend across zones in the same region Internet Region: us-west1 Zone: us-west1-a subnet1: 10.240.0.0/24 Region: us-east1 Zone: us-east1-a subnet2: 192.168.1.0/24 Internet Gateway Zone: us-east1-b subnet3: 10.2.0.0/16 VM 10.240.0.2 VM 10.240.0.3 VM 192.168.1.2 VM 192.168.1.3 VM 10.2.0.2 VM 10.2.0.3 VPC Routing VPN Gateway On Premises Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website. VPC Network
- 11. VPC Network 1 VPC Network 2 VPC Network 3 VPC Network 4 VPC Network 5 us-east1 asia-east1 Google Cloud Project Internet VM1 Copyright GoogleLLC. For educational purposes in accordance with the terms of use set forth on the program Website. VM2 VM3 VM4 Private IP Private IP Public IP Public IP Network behavior within a project
- 12. Auto subnet mode CopyrightGoogle LLC. For educational purposes in accordance with the terms of use set forth on the program Website. ● One subnet from each region is automatically created ● Set of predefined IP ranges ● Comes with default firewall rules Custom subnet mode ● No subnets are automatically created ● Subnets and IP ranges are defined ● No default firewalls rules ● Recommended for Production environments The differences between auto and custom networks
- 13. ● Subnets needto be configured with a private IP address range. ● IP addresses are used for internal network communication. ● Each octet is represented by 8 bits. ● The /## determines the number of address bits that are static. 10 . 0 . 0 . 0 /16 00001010 00000000 00000000 00000000 /16 freezes first two octets Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website. A VPC is made up of subnets
- 14. Internet Cloud External IP Addresses CopyrightGoogle LLC. For educational purposes in accordance with the terms of use set forth on the program Website. Internal IP ● Allocated from subnet range to VMs by DHCP. ● DHCP lease is renewed every 24 hours. ● VM name and IP is registered with network-scoped DNS. External IP ● Can be assigned from pool (ephemeral) or reserved (static). ● Billed when not attached to a running VM. ● VM doesn't know the external IP; it’s mapped to the internal IP. Public and Private IP address basics Dynamic Host Configuration Protocol
- 15. Virtual Private Cloud Manage networking for resources CloudLoad Balancer Worldwide autoscaling and load balancing Cloud CDN Content delivery network Cloud Interconnect Cloud DNS Fast, high availability interconnect Highly available global DNS network The primary products included in Google networking Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 16. Firewalls protect virtualmachine instances from unapproved connections Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website. ● VPC network functions as a distributed firewall. ● Firewall rules are applied to the network as a whole. ● Connections are allowed or denied at the instance level. ● Firewall rules are stateful. ● Implied deny all ingress and allow all egress.
- 17. Express your desiredfirewall configuration as a set of firewall rules Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website. ● Direction of the rule ● Source or destination of the connection ● Protocol and port of the connection ● Action of the rule ● Priority of the rule ● Rule assignment
- 18. Conditions: ● Destination CIDRranges ● Protocols ● Ports Action: ● Allow: permit the matching egress connection ● Deny: block the matching egress connection External hosts VM Firewalls (egress) Google Cloud Virtual Network Google Cloud Virtual Network Firewalls (egress) VM VM Google Cloud firewall use case: Egress Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 19. Conditions: ● Source CIDR ranges ●Protocols ● Ports Action: ● Allow: permit the matching ingress connection ● Deny: block the matching ingress connection External hosts VM Firewalls (ingress) Google Cloud Virtual Network Google Cloud Virtual Network Firewalls (ingress) VM VM Google Cloud firewall use case: Ingress Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 20. Cloud VPN securelyconnects an on-premises network to a Google Cloud VPC network Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website. ● Useful for low-volume data connections ● 99.9% SLA
- 21. GCP Monitoring Copyright GoogleLLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 22. Operations suite Cloud Monitoring Cloud Logging Error Reporting Cloud T race Cloud Profiler Google Cloud'soperations suite Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 23. Identify trends, preventissues Reduce monitoring overhead Improve signal-to-noise Fix problems faster Cloud Monitoring Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 24. Seamlessly resolve issuesScalable and fully managed All cloud logs in one place Real-time insights Cloud Logging Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 25. Quickly understand errorsAutomatic and real-time Instant error notification Popular languages Error Reporting Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 26. Find performance bottlenecksFast, automatic issue detection Broad platform support Cloud Trace Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 27. Low-impact production profiling Broad platformsupport Cloud Profiler Copyright Google LLC. For educational purposes in accordance with the terms of use set forth on the program Website.
- 28.
Editor's Notes
- #5 layman engineering overview