Configuring a Custom VPC Network in GCP

Google Cloud Platform (GCP) provides Virtual Private Cloud (VPC) as a robust networking solution, allowing the creation of custom networks with detailed controls. This guide will detail the process of creating a custom-mode VPC network in GCP, configuring firewall rules, deploying virtual machine (VM) instances, and testing their connectivity. Additionally, it will cover configuring a VM with multiple network interfaces to accommodate more complex network architectures.

Task 1: Create a Custom Mode VPC Network with Firewall Rules

Step 1: Create a Custom Mode VPC Network

1. Log in to your Google Cloud Console.

2. Go to the VPC Network section and click on Create VPC network.

   

3. Enter a name for your network, such as custom-vpc-network.

4. Select Custom mode for the subnet creation type. In custom mode, you have the flexibility to define subnets across specific regions.

   

5. Define your subnets by specifying:

   • Subnet name: Choose a unique name for each subnet.

   • Region: Select the region for each subnet.

   • IP range: Assign an IP range (CIDR notation) for each subnet.

6. Click Create.

Step 2: Add Firewall Rules to the VPC Network

Firewall rules are essential for controlling traffic to and from the resources within your VPC network.

1. In the VPC Network section, navigate to Firewall rules.

2. Click Create Firewall Rule.

   

3. Configure the following settings:

   • Name: Enter a name like demo-firewall.

   • Network: Select the VPC network you created (my-vpc-nw).

• Targets: Specify All instances in the network or choose specified target tags or specified service account.

• Source IP ranges: Define the range (e.g., 0.0.0.0/0 for all traffic).

• Protocols and ports: Allow TCP/UDP/ICMP as needed.

4. Click Create.

   

We can create additional firewall rules to control external traffic.

---

Task 2: Create VM Instances in Custom VPC Network

With the custom VPC and firewall rules established, we are now ready to create VM instances across different subnets.

1. Navigate to Compute Engine > VM instances.

   

2. Click Create Instance.

3. Configure the VM instance settings:

   • Name: Give the instance a unique name (e.g., instance-1).

   • Region and Zone: Select a region that matches one of the subnets in your VPC Network.

• Machine type: Choose a machine type based on your requirements.

• Network interfaces:

  • Select Network as my-vpc-nw.

  • Choose the Subnet where this VM should reside.

4. Click Create to launch the VM.

   

5. Repeat the steps to create additional VM instances in different Subnets as needed.

   

---

Task 3: Test Connectivity Between VM Instances

With the VMs deployed, it is essential to test the connectivity between them to ensure that the firewall rules and network configuration are functioning as intended.

1. Go to the VM instances page and SSH into one of your instances (e.g., instance-1).

2. From instance-1, try pinging the internal IP address of another VM instance (e.g., instance-2).

   
    ping <Internal_IP>
   

Note: Connections using Internal IP addresses are established exclusively within the VPC Network, even when VM instances are located in different zones, regions, or multi-regions.

3. If we configured the firewall rule correctly to allow internal traffic, the ping should be successful, indicating that the instances can communicate within the network.

   

4. Test other protocols as required based on the firewall settings.

    ping <External_IP>
   

5. Utilize the command prompt to diagnose connectivity issues by verifying the firewall rules and ensuring that the source and target IP ranges are correctly configured.

Note: Establishing a connection between different VPC Networks using External IP addresses is possible, regardless of whether the networks are in the same or different regions. This can be achieved by configuring an ICMP firewall rule to allow the necessary traffic.

Conclusion

Creating and managing a custom-mode VPC network in Google Cloud Platform offers the flexibility and control necessary for building robust, segmented network architectures. By setting up firewall rules, VM instances, and testing connectivity, a network can be designed to fit specific needs, ensuring secure and efficient communication between resources. Additionally, configuring VMs with multiple network interfaces allows for more complex setups, making GCP VPCs a versatile choice for cloud networking solutions.