Cloud Google (GCP) - Networking on cloud | What is vpc (virtual private cloud)

 

Google Cloud Platform (GCP) -  Networking on cloud | What is vpc (virtual private cloud)

You have created a VPN channel to access your database securely, and then you have replicated every routing details using root cloud router. Hello friends. Welcome to ITK fund your own channel where we make it interesting for everyone. So in this video we will understand about virtual private cloud. Vpc is the fundamental platform on top of which all the various cloud platforms or cloud technologies are running today.

Vpc, which is virtual private cloud, provides us access to all the cloud infrastructure and networks. This is a common concept which is used across different cloud technologies. But we will understand it in relation with Google cloud platform. We will understand what is a V PC. We will understand its features and what different components we have in Google cloud platform, VPC product.

And then at the end we will take a use case and we will try to understand it through a real example. So without wasting any more time, let's get started. Please subscribe to my channel and hit the Bell icon. So let's understand what is a VPC. Suppose there is a new startup company, XYZ, who is trying to establish its office in a city and this company wants to set up it's it data center within the premises.

So what they will do, they will start with the network planning. They will start with understanding what kind of network requirements they have. And then maybe they will have a data center which in which they will deploy all the servers which are needed and all the network requirements. Firewall rules, whatever is required will be put into this particular company's premises. And all this will be done with the proper network planning and actual hardware will be set up.

So you will have physical lands. You will have physical routers which will be set up, routing tables will be set up. Firewall rules will be set up, physical machines which will be deployed here. So take for example that this is done all manually. Okay.

And you have to first do the planning and then you have to also do the work on the ground. Now, suppose if that same company wants that they want to have a lean startup and they want to leverage cloud technology to set up it's all It infrastructure. So in the same manner, how we get the network planning for on Prem in the same manner, it will be done on the cloud as well. But there will be a big difference in cloud. You will not be touching the physical infrastructure of physical networks at all.

In cloud, you will just have a software front end wherein you will define what you want and rest. All will be taken care by your cloud provider. So this is called as software defined network. So VPC is the thing, but a software defined network. What is software defined network?

As I explained to you, you will have a front end, you will have a Gui, or you will program your whole network infrastructure through a front end application, but you don't have to do it manually going into the data center. That will be done automatically and you will be a part of the huge infrastructure. In example, in case of Google Cloud platform, you will be using the same infrastructure which is used by Google Search, YouTube and all the different Google products, and then that particular network is globally accessible.

What is meant by globally? If you want, you can watch my video previous video where I explain that every cloud component Google Cloud component can be categorized as a global, regional or a zonal resource.

So your network, your VPC, which is Virtual Private Cloud, is your global resource. So friends, now let's understand the key components of Google Cloud VPC and also some important features which we should be aware of. Cloud VPN, Cloud Router Firewall, Net subnets, IP ranges, VPC pairing, Cloud interconnect and flow logs. Vpn, as you can understand, is used to establish connectivity with your on Prem data center. Suppose if you want to connect one server from your data center to your cloud VM, then you can use VPN and VPN will establish a tunnel over the Internet to provide that connectivity.

Obviously it will have if you need higher bandwidth or hired throughput, then VPN might not be a better option for you because VPN underlying uses IP SEC protocol and this particular protocol is a bit heavy in nature because it has additional encryption headers which slows down the data transfer rate. So that's why if you have needs of more than ten Gbps throughput, then instead of using Cloud VPN to connect from your on Prem to your Google Cloud network, you should use Cloud Interconnect, which is a direct virtual land which will be established between your data center and Google Cloud.

And this is a very good option. It has two different types, dedicated interconnect, where Google Cloud point of presence. You will connect directly to a Google Cloud point of presence location through direct connection, which is called as Dedicated interconnect.

And the other one is Partner interconnect, wherein if you do not have a nearby point of presence for Google Cloud platform, Google Cloud Data Center, then you will go through a partner a verified partner of Google Cloud. Cloud Router don't take it as a physical router. It is not a physical router. Cloud router is kind of an object. Everything which you see on Google Cloud is treated as an object.

So Cloud router tries to understand the routing which has been performed in your on Prem environment and tries to mimic that or automate that using BGP protocol, which is also called as dynamic routing. But still you can also have static routing wherein you decide and you define your own network. Firewall again is controlled under VPC Virtual Private Cloud, but then you will define Excel Firewall rules on your VMs. But yes, you can enable or disable Firewall rules in your overall VPC. So by default you can have by default you have to one ingress rule and one Egress rule.

Ingress means incoming rule and Egress means outgoing rule. So you can define your firewall rules. You can control it from your VPC level, but then at your VM level, you will have your specific firewall rules established. Net is again, network address translation, Again, a similar service which we use to convert the private IP address which is there within your premises. If you want to go over the Internet, you use network address translation, Similar services provided by this Net service of VPC subnets.

Now, again, this is a very important topic because by default you have three different modes. When you create a V PC, so in your V PC, you will have your default mode, your auto mode, and your custom mode. So by default mode is pretty much your auto mode by default. If you choose this automatically, you don't have to do anything. You will have predefined VPC and predefined subnets, you know, in different regions of that particular VPC network.

So you don't have to do anything. You will get predefined subnet ranges, and in those subnet ranges you can deploy your network. But there is a risk because whatever subnet ranges are defined automatically might overlap with your onprem network ranges. So suppose you have your onprem network being migrated into Google Cloud. And if you simply Select Default or Auto, it might happen that in your subnet ranges and your IP address ranges might overlap each other.

So this should be used in development or non production environment. But Google recommends that when you're going on to a production environment, you should always choose custom. And custom is pretty much defining yourself what you want on your VPC. So in custom you will define your subnet range, and that would be a much safer option. So the first address is your network address.

The second address in your subnet range is your gateway. Your second to last address IP address in your subnet range is resulted by Google for any future reduce. And your last network address in your subnet range is your broadcast. It. I have explained subnetting in a different video.

So if you want to understand it, you can check that video separately. Ip ranges. Again, you will have by default, a primary IP range. But then you can also have a secondary IP range, which is an alias IP range, which you can utilize under a VPC. And this is very important or might be very useful when you're doing deploying containerized applications wherein your certain ports could could run on your primary IP range.

But then in case of any failures, you might have certain ports running on your secondary IP range. So I.