A Tour of Cloud Networking
GSP1132
Overview
Google has a planet-scale, advanced, fiber-optic software-defined network with presence in over 200 countries and territories. This network provides services such as Search, Maps, YouTube, Google Cloud and more to billions of users and customers.
There are six Google Cloud building blocks of cloud networking. By grouping the network functions into six building blocks (Network connectivity, Network security, Service Networking, Service security, Content delivery, Observability) we can conceptualize the Google Cloud networking services that help us achieve the requirements we are trying to address.
If you are new to cloud computing or looking for an overview of Google Cloud networking, you are in the right place. Read on to learn about the specifics of this lab and additional next steps to get hands-on practice.
What you'll learn
In this lab, you will learn about the following:
- Virtual Private Cloud (VPC) network
- Network services
- Network connectivity
- Networking security
- Network intelligence (i.e. Observability)
- Network Service Tiers
Lab fundamentals
Before you click the Start Lab button
Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.
This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.
To complete this lab, you need:
- Access to a standard internet browser (Chrome browser recommended).
- Time to complete the lab---remember, once you start, you cannot pause a lab.
Understanding Regions and Zones
Certain Compute Engine resources live in regions or zones. A region is a specific geographical location where you can run your resources. Each region has one or more zones. For example, the us-central1 region denotes a region in the Central United States that has zones us-central1-a
, us-central1-b
, us-central1-c
, and us-central1-f
.
Regions | Zones |
---|---|
Western US | us-west1-a, us-west1-b |
Central US | us-central1-a, us-central1-b, us-central1-d, us-central1-f |
Eastern US | us-east1-b, us-east1-c, us-east1-d |
Western Europe | europe-west1-b, europe-west1-c, europe-west1-d |
Eastern Asia | asia-east1-a, asia-east1-b, asia-east1-c |
Resources that live in a zone are referred to as zonal resources. Virtual machine Instances and persistent disks live in a zone. To attach a persistent disk to a virtual machine instance, both resources must be in the same zone. Similarly, if you want to assign a static IP address to an instance, the instance must be in the same region as the static IP.
Task 1. Networking Overview
Google Cloud networking is a comprehensive suite of networking services to enable businesses to build, scale, and manage secure and scalable network infrastructure in Google Cloud.
The Google Cloud network is continually evolving and the diagram below shows a visual representation of the network scale
The network consists of:
- Region - Geographical location.
- Zones - Interconnected deployment centers within a region. Currently a region comprises a minimum of three zones.
- Point of presence (PoP) - Connects public internet to Google Cloud. Provides services like CDN, Media CDN, Interconnects.
Google Cloud provides a wide range of products and services that address all aspects of networking, from basic connectivity to advanced traffic management and security.
Over the course of this lab, you will learn what some of these products provide and how they can be integrated into your solution.
Task 2. VPC network
Google Cloud VPC network is a foundational component of Google Cloud's networking infrastructure. It allows you to create a logically isolated virtual network within the Google Cloud, providing a private and secure environment for your cloud resources. You can define your own IP address space, subnetworks, and routing policies, giving you complete control over your network connectivity.
To learn more about Virtual Private Cloud, take a minute to view the following video.
Key features of Google Cloud VPC network:
- Private IP address space: Define your own private IP address range, ensuring no overlap with other networks.
- Subnetwork: Divide your VPC into multiple subnets to organize and segment your network resources.
- Customizable routing: Control how traffic flows within your VPC and between VPCs.
- Firewall rules: Define firewall rules to filter incoming and outgoing traffic, enhancing network security.
Example use cases of Google Cloud VPC network:
- Hosting web applications and services: Create a VPC to isolate your web applications from other resources and the public internet, enhancing security and performance.
- Deploying microservices-based architectures: Utilize VPCs to segment microservices and manage traffic flow between them, enabling scalability and flexibility.
- Connecting on-premises networks: Establish secure connections between your on-premises network and Google Cloud resources via Cloud VPN, or Cloud Interconnect enabling hybrid cloud deployments.
- Creating a secure cloud environment for sensitive data: Leverage VPCs to isolate and protect sensitive data from unauthorized access, ensuring data privacy and compliance.
Google Cloud VPC network provides a powerful and flexible foundation for building and managing secure, scalable, and performant network infrastructure in the cloud.
Test your understanding
Answer the following multiple choice questions to reinforce your understanding of the concepts covered so far.
Question 1:
Question 2:
Question 3:
Task 3. Network services
Google Cloud network offers a suite of network services that empower users to effectively control and optimize their network infrastructure. Some of these include:
- Load Balancing: Distribute incoming traffic across multiple instances of an application or service, ensuring high availability and scalability.
- Cloud DNS: Translate domain names into IP addresses, enabling users to access websites and services seamlessly.
- Cloud CDN: Accelerate content delivery to users worldwide by caching content in edge locations close to their devices.
- Cloud NAT: Enable instances within a private network to access the internet without requiring public IP addresses, enhancing security and simplifying network management.
These tools empower businesses to optimize network performance, improve user experience, and enhance overall network security within the Google Cloud.
Test your understanding
Answer the following multiple choice questions to reinforce your understanding of the concepts covered so far.
Question 1:
Question 2:
Question 3:
Task 4. Network connectivity
Google Cloud network connectivity solutions enable seamless connections between on-premises networks, cloud resources, and other cloud providers. These solutions include:
- Cloud VPN: Establish secure encrypted connections between on-premises networks and VPCs, enabling hybrid cloud deployments.
- Cloud Interconnect: Provide high-bandwidth, low-latency connectivity between on-premises networks and VPCs, ideal for mission-critical applications.
- Cross-Cloud Interconnect: Provides direct, high-bandwidth, low-latency connectivity between Google Cloud and other cloud providers.
- Network Connectivity Center: Centralized logical hub for managing and monitoring connection. With support for hybrid spokes and VPC spokes.
These connectivity solutions empower businesses to extend their existing networks to the cloud, achieve high-performance data transfers, and build complex hybrid and multi cloud architectures.
Test your understanding
Answer the following multiple choice questions to reinforce your understanding of the concepts covered so far.
Question 1:
Question 2:
Task 5. Network security
Google Cloud network security solutions provide comprehensive protection against network threats and vulnerabilities. These solutions include:
- Cloud Armor: Safeguard applications and websites against denial-of-service (DoS) attacks, OWASP top 10 and other malicious traffic.
- Cloud IDS (Intrusion Detection System): Continuously monitor network traffic for suspicious activity, enabling early detection of potential threats.
- Cloud Firewall: Define firewall rules to control incoming and outgoing traffic, preventing unauthorized access and protecting against cyberattacks. These also provide advanced capabilities such as Intrusion Prevention System (IPS) for Cloud Firewall Plus editions.
These security solutions empower businesses to enhance network security, protect sensitive data, and ensure compliance with industry standards.
To learn more about Cloud Firewall, take a few minutes to view the following video.
Test your understanding
Answer the following multiple choice questions to reinforce your understanding of the concepts covered so far.
Question 1:
Question 2:
Task 6. Network Intelligence
Google Cloud Network Intelligence Center provides a comprehensive suite of tools for monitoring, troubleshooting, and optimizing your network performance. These tools include:
- Network Topology: Visualize the topology of your Virtual Private Cloud (VPC) networks and their associated metrics, enabling you to identify and resolve connectivity issues.
- Connectivity Tests: Test network connectivity to and from your VPC network, ensuring that your network is functioning properly and that your resources are accessible.
- Performance Dashboard: Monitor and visualize the performance of your Google Cloud network and resources.
- Firewall Insights: Gain insights into firewall rules usage, identify misconfigurations, and optimize your firewall rules to improve security and performance.
- Network Analyzer: Monitor network traffic and identify potential issues, such as high latency, packet loss, and routing problems.
These network intelligence tools empower businesses to proactively identify and resolve network issues, maintain network performance, and enhance overall network health.
Test your understanding
Answer the following multiple choice questions to reinforce your understanding of the concepts covered so far.
Question 1:
Question 2:
Task 7. Network Service Tiers
Google Cloud network offers two service tiers, Premium Tier and Standard Tier, catering to different performance, availability, and cost requirements.
- Global network with low latency: Leverage Google's high-performance global network for global reach and consistent performance.
- High availability and scalability: Ensure continuous availability and seamless scaling for mission-critical applications.
- Ideal for production workloads and demanding applications.
- Regional network with cost-effectiveness: Utilize a regional network with lower costs for less demanding workloads.
- Suitable for development, testing, and non-production environments.
- Choose Standard Tier for cost-sensitive scenarios.
Test your understanding
Answer the following multiple choice questions to reinforce your understanding of the concepts covered so far.
Question 1:
Question 2:
Congratulations!
You developed an understanding of the building blocks of cloud networking and the use of some of the core networking services. You are now ready to take more labs.
Finish your quest
This self-paced lab gives you a high-level overview of some networking features available in Google Cloud. There are several quests which will allow you to learn more. A quest is a series of related labs that form a learning path. Completing a quest earns you a badge to recognize your achievement. You can make your badge or badges public and link to them in your online resume or social media account. Check out the Network engineer learning path
for more on networking.
Explore the Google Cross-Cloud Network
Explore the Cross-Cloud Network and download the free eBook.
Take your next lab
Continue your quest with Google Cloud, and check out these other Google Cloud Skills Boost labs:
Manual Last Updated Jan 30, 2024
Lab Last Tested Jan 30, 2024