Networking
Virtual Private Cloud (VPC)
Global software-defined network for GCP resources
AWS equivalent
VPC
Architecture Diagram
GCP VPC β Global Network (vs AWS Regional VPCs)
π‘ Key difference from AWS: In AWS, each region has its own VPC and you need Transit Gateway to route between them. In GCP, one VPC connects all your regions automatically β subnets are regional, but internal traffic routes over Google's private backbone.
AWS β GCP: Key Differences
- βΈ
GCP VPCs are GLOBAL: one VPC spans all regions. Subnets are regional. AWS VPCs are regional.
- βΈ
No internet gateway to create/attach β route to internet is automatic via external IPs.
- βΈ
Shared VPC: one VPC shared across multiple GCP projects. β AWS Resource Access Manager for VPC sharing.
- βΈ
Private Google Access: VMs without external IPs can reach Google APIs without going through the internet.
Key Concepts to Know
- 1
Default VPC: created in every project with pre-configured subnets. OK for dev, not prod.
- 2
Custom mode VPC: you control all subnets. Use this for production.
- 3
Firewall rules: stateful, applied at instance level. Direction: ingress/egress. Target by service account or network tag.
- 4
Cloud NAT: allows VMs without external IPs to initiate outbound internet connections.
DCE Interview Tips
- β
Key differentiator: 'GCP VPCs are global. You create one VPC and it spans all regions β unlike AWS where you need a VPC per region and TGW to connect them.'
- β
Shared VPC is recommended for enterprises: 'Networking team owns the VPC, development teams deploy into it β clean separation of concerns.'
Common Gotchas
- !
GCP firewalls have an implied DENY ALL by default.
- !
VPC Flow Logs: enabled per subnet. Can generate significant log volume β costs money.