Google Cloud Networking | Google Cloud VPC | Google Cloud training

Google Cloud is one of the leading cloud service providers in the It industry. It provides a variety of cloud services such as computing, storage, databases, networking, artificial intelligence, and many more. So in today's session, we're going to talk about one of Google Cloud services, which is the networking service. But before we get started, I would like to address the agenda for today's session. Firstly, we will talk about the Google Cloud Platform and then understand what exactly is Google Cloud VPC or the Virtual Private Cloud.

Moving on, we will briefly talk about other Google Cloud networking services like load balancing and Cloud DNS. Finally, we will come to a session with the demo part where I will explain how to create a VPC. Now moving on to a first topic, what is Google Cloud Platform? While Google Cloud Platform is a suite of cloud computing services and management tools offered by Google, it runs on the same cloud infrastructure that Google uses internally for its end-user products such as Google Search, Gmail, Google Photos, and YouTube. GCP is one of the leading cloud service providers along with Amazon Web Services and Microsoft Azure Cloud and owns 7% of the total cloud market share.

Many enterprises are increasingly adopting the Google Cloud platform because the services offered by Google are more secure and cost-effective. Gartner has positioned Google as a Magic Quadrant leader among the furthest three-position vendors along with Amazon Web Services and Microsoft Azure. GCP's global network spans 25 regions with 76 zones and is available to the user from 200 plus countries and territories. Now let us take a look at the core services provided by GCP. First is the Google Cloud Engine, which is Google's infrastructure as a service virtual machine offering.

It allows customers to use powerful virtual machines in the cloud as server resources instead of acquiring and managing server hardware. The second is the GCP Cloud Storage, which is an object storage system. It can store the entire organized databases, raw video streams, and even the mattresses for machine learning models. It's a record that maintains both the identity and the structure of any class of data given to It. The third service is networking.

GCP provides tools that make it easier for you to manage and scale your networks. It provides a single place to publish, discover and connect all application services, reducing the management and operational complexity. We're going to talk about this service in detail today. The next service domain is Big Data. Now, GCP provides multiple services like dataflow, dataprocs, and data fusion to help you create a complete cloud-based big Data infrastructure that supports big Data storage and analysis.

Now, the advantage of hosting Big Data infrastructure in the cloud is that it provides unlimited data storage and has an easy option for highly parallel big data processing and analysis. Next, GCP also provides all the tools developers and the development team needs to be productive while writing, deploying, and debugging application hosted in the Google Cloud. The next service is GCP IAM. With IAM, you can manage access control by defining who has what access to which resources. It lets the administrator authorize who can take actions on specific resources, giving you full control and visibility to manage Google Cloud resources.

The next service domain is GCP IoT. Now, GCP provides an intelligent IoT platform that is scalable, fully managed, and integrated. It lets you connect, store and analyze data at the edge and in the cloud. Finally, we have Cloud AI. GCP provides fast, scalable, and easy-to-use AI offerings including an artificial intelligence platform, video and image analysis, speech recognition, and multilanguage processing.

Now, these are the few core service domains of GCP. Now let's move on to the next topic and see what is Google Cloud's virtual Private Cloud Google Cloud Virtual Private Cloud provides network functionalities to Compute Engine Virtual Machine instances such as Google Kubernetes Engine, Containers, App Engine, Flexible Environment, and other Google Cloud products which are built on Compute Engine Virtual Machines. Basically, VPC provides networking for your cluster-based services that are global, scalable, and flexible. Now, Google VPC is quite different from the VPC of other cloud service providers. Now, in the traditional VPC or the VPC provided by other cloud service providers like AWS, the architecture would look something like this.

Now, here in the first diagram, we can see that there are two VPCs built with two different subnets in two different regions, which are US East and US West. Now, the virtual machine in one region can access the Internet and communicate with the other virtual machine only to the VPC gateway which acts as an interface in the traditional VPC, one virtual machine cannot directly communicate with the other virtual machine. Now, in the Google version of the Virtual Private Cloud, it is a global construct which means instead of creating a VPC in the US West and the other one in the US East region, we just create one VPC and put the subnet in different regions within the VPC. Now, in this case, the virtual machine present in one region can directly communicate with the virtual machine in the other region without the help of the VPN gateway. Now, the communication between the virtual machines is handled by Google's underlying network.

This is the same network that Google uses for its search engine, YouTube, Gmail, and its other applications. Now, the Google version of VPC can be very helpful. Let's say for a large project you use the traditional approach, then you have to build multiple VPCs and multiple gateways which would be very hard to maintain and keep a track of. Now with Google VPC, you just have to create one VPC and a gateway and can create multiple virtual machines in multiple subnets. It is much simpler and easy to maintain.

Also, if something goes wrong with the traditional network infrastructure, it will take a lot more time and cost to identify and resolve the issue. In Google VPC, there are fewer network constructs to break and troubleshoot. This would help in identifying the problem faster and solving it. Now let us understand VPC networks. You can think of a VPC network the same way as a physical network, except that is virtualized within the Google Cloud, a VPC network is a global resource that consists of a list of regional virtual subnetworks in data centers which are called subnets and all these are connected by a global wide area network.

Also, VPC networks are logically isolated from each other in the Google Cloud. Now, some of the functionalities offered by Google Cloud VPC networks are it provides connectivity for your Compute Engine Virtual Machine instances including Google Kubernetes, Engine Clusters, App Engine Instances, and other Google Cloud products. Built on Compute Engine Virtual Machines It offers built-in internal TCP UDP load balancing and a proxy system for internal HTTPS load balancing. It can also help in connecting to on-premises networks using Cloud VPN tunnels and Cloud interconnect attachments. It distributes traffic from Google Cloud external load balancer to the back end.

Now to understand the VPC network better, let us take a look at its architecture. Now here you can see we have two regions, US West One and US East one in a VPC network. Now a region is nothing but a specific geographical location where you can host your resources and a region can have three or more zones. For example, the US One region has three zones, US East one A, US East one B, and US East One three. Now talking about zones, zones are independent of each other.

They have the completely separate physical infrastructure, networking, and isolated control planes. This is to ensure that typical failures event only affect that zone. Now coming to subnets, a subnet or a subnetwork is a segmented piece of a larger network. The Virtual Machine instances can be created in the subnet and the instances can communicate with each other in the same VPC network using the private IP addresses. Here you can see there are two virtual machines in the US East subnet and there are two virtual machines in the US West subnet.

Now these virtual machines can access the Internet through VPC routing. Vpc routing decides how to send traffic from the Virtual machine instances to the destination. The destination could be either the other Virtual Machine instances or the Internet. Moving on, let us understand a few important concepts in VPC like IP addresses, routes, and firewall rules. You will find all these concepts in Google Cloud VPC's console.

So first let us talk about IP addresses. Now each Virtual machine instance in GCP will have an internal IP address and typically an external IP address. The internal IP address is used to communicate between instances in the same V PC network, while the external IP address is used to communicate with instances in other networks or the Internet. These IP addresses are ephemeral by default but can be statically assigned. Ephemeral means the IP address will keep changing every time the virtual machine restarts.

Now talking about the VPC route tells virtual machine instances and the VPC network how to send traffic from an instance to the destination. The destination can be either inside the network or outside of Google cloud which is the internet. You can also create custom static routes to direct some packets to specific destinations. Now each VPC network comes with some system-generated routes. There are two different system-generated routes.

First is the default route. This route defines a path for the traffic to leave the VPC network. It provides general internet access to virtual machines that meet the requirement. It also provides the typical path for private Google access. Next for communication within the network, there are subnet routes.

It defines the path for sending traffic among instances within the network by using internal IP addresses. But for one instance to communicate with another you must configure appropriate firewall rules because every network has implied deny firewall rules for English traffic. Now talking about firewall rules each VPC network implements a distributed virtual firewall that you can configure firewall rules allow you to control which package can travel to which destination. It lets you allow or deny connection to or from your virtual.