Gcp Networking¶
28 cards — 🟢 3 easy | 🟡 11 medium | 🔴 3 hard
🟢 Easy (3)¶
1. What is a subnet in GCP, and how does it differ from other clouds?
Show answer
In GCP, subnets are regional (not zonal). A single subnet spans all zones within a region. Each subnet has a primary IP range and can have secondary ranges for alias IPs (used by GKE for pod and service CIDRs). Unlike AWS, you do not create one subnet per AZ — one regional subnet covers all zones automatically.2. How do GCP firewall rules work?
Show answer
GCP firewall rules are applied at the VPC level and are stateful. Each rule specifies direction (ingress/egress), priority (0-65535, lower wins), action (allow/deny), target (all instances, specific tags, or service accounts), and protocols/ports. Rules are evaluated by priority — the first matching rule wins. The default network has pre-populated rules allowing internal traffic and ICMP.3. How does routing work in a GCP VPC?
Show answer
Every VPC has a system-generated default route (0.0.0.0/0) pointing to the default internet gateway, and automatically created subnet routes for each subnet's IP range. Custom static routes can be added for specific destinations. Dynamic routing (via Cloud Router using BGP) automatically exchanges routes with on-premises networks through VPN or Interconnect. VPCs can use regional or global dynamic routing mode.🟡 Medium (11)¶
1. Explain Global Load Balancer.
Show answer
It's a load balancing service distributing internet traffic across multiple regions to optimize service availability. It provides:* Global Presence: It offers a single anycast IP address for routing traffic to the nearest healthy instance, improving latency and service availability.
2. What is concept of shared VPC in GCP, also how do you setup a shared VPC ?
Show answer
Shared VPC (Virtual Private Cloud) is a network resource that allows an organization to connect multiple projects to a common VPC network. This centralizes network management and administration while allowing resources from different projects to communicate securely within the same virtual network. It simplifies network setup, aids in resource sharing, and centralizes governance and security policies.3. What is Cloud Load Balancing?
Show answer
It's a service for distributing incoming network traffic across multiple resources, ensuring high availability and reliability. Offers various load balancing options: global (for HTTP(S) and TCP/SSL traffic), internal (for internal traffic within VPC), and network (for non-HTTP/S traffic). Automatically scales resources based on traffic demands.4. What is Google Cloud CDN (Content Delivery Network)?
Show answer
Google Cloud CDN is a distributed edge caching service for delivering content closer to users for lower latency and better performance.* Content Caching and Distribution: Cloud CDN caches web content at Google's globally distributed edge caches. This allows users to access content from a nearby edge location, reducing latency.
5. What is VPC Service Controls ?
Show answer
VPC Service Controls is a GCP security feature allowing the restriction of data access between Google-managed services and the resources within a Virtual Private Cloud (VPC). It establishes a security perimeter around GCP resources, enabling organizations to define a security perimeter around APIs and services to prevent data exfiltration, maintaining data integrity and compliance. It ensures that sensitive data remains within the organization's specified boundaries even in the case of breaches.6. What is Cloud Interconnect?
Show answer
It's a service for connecting on-premises networks to GCP through dedicated and high-speed connections. It enables:* Fast and Reliable Connectivity: Direct connections with high bandwidth for better performance and reliability.
* Hybrid Cloud Solutions: Facilitates hybrid cloud solutions by extending on-premises networks into GCP.
* Reduced Latency: Helps in reducing latency and improving data transfer speeds.
7. Describe Google Virtual Private Cloud (VPC).
Show answer
It's a global private network providing a virtual networking environment that allows users to connect GCP resources to each other and to the internet along with offering control over IP ranges, subnets, and network policies. It also enables custom network topologies and network security configurations.8. What is Cloud NAT and when do you use it?
Show answer
Cloud NAT (Network Address Translation) provides outbound internet connectivity for VM instances without external IP addresses. It is regional and works at the VPC network level. Common uses: allowing private GKE nodes to pull container images, enabling private VMs to reach external APIs, and maintaining security by not exposing instances with public IPs. Cloud NAT does not support inbound connections — it is egress-only.9. What is Cloud DNS and what record types does it support?
Show answer
Cloud DNS is a high-performance, scalable, managed authoritative DNS service. It supports A, AAAA, CNAME, MX, NS, PTR, SOA, SRV, TXT, and CAA record types. It offers both public zones (internet-facing) and private zones (VPC-internal resolution). Private zones enable split-horizon DNS where internal names resolve differently than public names. Cloud DNS supports DNSSEC for public zones.10. What is VPC Network Peering and what are its limitations?
Show answer
VPC Network Peering connects two VPC networks so resources can communicate using internal IP addresses. Peering is non-transitive — if VPC-A peers with VPC-B, and VPC-B peers with VPC-C, VPC-A cannot reach VPC-C through VPC-B. Subnet IP ranges must not overlap. Peering works across projects and organizations. Routes, firewall rules, and IAM are managed independently in each VPC. Maximum of 25 peering connections per VPC network.11. What is Cloud VPN and what are its variants?
Show answer
Cloud VPN securely connects your on-premises network to GCP VPC through IPsec tunnels. Classic VPN supports a single tunnel with static routing and up to 3 Gbps. HA VPN provides 99.99% SLA with two tunnels, supports dynamic routing via BGP with Cloud Router, and up to 3 Gbps per tunnel. HA VPN is recommended for production. Both encrypt traffic in transit but Cloud Interconnect is preferred for higher bandwidth needs.🔴 Hard (3)¶
1. What are the different types of load balancers in GCP?
Show answer
GCP offers: (1) Global external HTTP(S) LB — L7, anycast IP, URL-based routing, CDN integration. (2) Global external TCP/SSL Proxy — L4, for non-HTTP TCP traffic. (3) Regional external Network LB — L4, pass-through, preserves client IP. (4) Regional internal TCP/UDP LB — L4, for internal services within VPC. (5) Regional internal HTTP(S) LB — L7, for internal microservices. (6) Cross-region internal LB — L7, spans regions for internal traffic. Choice depends on protocol, scope (global vs regional), and whether traffic is internal or external.2. What are hierarchical firewall policies in GCP?
Show answer
Hierarchical firewall policies allow organizations to enforce firewall rules at the organization or folder level, applying to all projects beneath them. Rules in higher-level policies are evaluated before VPC-level rules. This enables central security teams to enforce baseline rules (e.g., block known-bad IPs, require specific ports) that project-level admins cannot override. The evaluation order is: organization policy → folder policy → VPC firewall rules.3. How does GKE networking work with VPC-native clusters?