VPC Peering in Google Cloud | Networking in GCP
Vložit
- čas přidán 24. 05. 2020
- This video explains about what VPC peering in google cloud, advantages and Demo of peering within an organization.
Timelines:
1. Advantages - 01:18
2. Scenarios - 03:08
3. Exam's perspective - 04:18
4. Demo - 04:29
5. Peering Demo - 13:21
Steps used the in the project:
First Project:
create a custom network:
gcloud compute networks create network-a --subnet-mode custom
Create a subnet within this VPC and specify a region and IP range by running:
gcloud compute networks subnets create network-a-central --network network-a --range 10.0.0.0/16 --region us-central1
Create a VM instance:
gcloud compute instances create vm-a --zone us-central1-a --network network-a --subnet network-a-central
Run the following to enable SSH and icmp, because you'll need a secure shell to communicate with VMs during connectivity testing:
gcloud compute firewall-rules create network-a-fw --network network-a --allow tcp:22,icmp
Second Project
Switch to the second cloud shell and create a custom network:
gcloud compute networks create network-b --subnet-mode custom
Create a subnet within this VPC and specify a region and IP range by running:
gcloud compute networks subnets create network-b-central --network network-b --range 10.8.0.0/16 --region us-central1
Create a VM instance:
gcloud compute instances create vm-b --zone us-central1-a --network network-b --subnet network-b-central
Run the following to enable SSH and icmp, because you'll need a secure shell to communicate with VMs during connectivity testing:
gcloud compute firewall-rules create network-b-fw --network network-b --allow tcp:22,icmp
----------
- Questions? Thoughts? Disagreements? Tell us here in the comments.
----------
- PLEASE SUBSCRIBE! / @cloudadvocate
Oh and follow me!
Facebook: / multicloudguy
Twitter: / multicloudguy - Věda a technologie
Thanks alot, while preparing for architect certification your videos do help alot. Even the demos in each video makes easy to digest the concept. Thanks again.
Thank you for the cleanest/clearest explanation. Keep up the good work!
Thanks so much for this simplistic explanations. Its more easy now to understand concepts.
Thank you so MUCH! You are such a good teacher my friend!
The best video i have seen for all the concepts explained.
Such a nice example and it is very simple and understand clearly abou VPC network peering. Very help full . Thank you GK.
Great video. Clearest example of peering that I've seen so far. Quite precise and pacing is good without too much fluff. Wish we could have seen an example of the creation of the peering using cloudshell as well - since you already did that nicely for the first part.
Thank you Carlos.
Thanks mate, it helped a lot
wow great explaination, keep the good work going
Thanks!
Very Nice Explained...
Thank you so much 🙂
Good one..
You talked in video that in ACE, we don't except questions from this topic.. Could you pls make a video on important topics for ACE ...
👍great
Please try to cover advanced deep dive concept ex exchange custom routes, use cases where a lot of manual configuration can be avoided by using google managed private service connect service. I'm assuming you have extensive hard-core experience, i would come back to you for case base demos which are not even covered by qwiklabs :) Thank you JK !, i really appreciate you devoting time to enlighten us with your experience.
Thanks for the content. What is the difference between a Shared VPC and VPC peering?
I think the main thing may be that VPC Peering can connect VPCs between different Organizations. Whereas VPC Sharing must stay within 1 organization. However, I'm sure there are other differences.
Thanks for this video, requesting you to please zoom your content a bit more for better visualisation.
Sure, noted.
Does GCP allow transitive peering - for e.g. if Project A is peered with Project B, Project B is peered with Project C; then does it mean that Project A is automatically peered with Project C?
No it doesn't.
Nope it doesn't allow. VPCs have to be peered directly to each other to allow communication between them. To further filter on what subnets to allow to peer within vpc, you have to use firewall rules as by default all subnets within a vpc are peered once peering is set up, so to further filtering subnets within peered networks use firewall.
Both the author and Vikas are correct. One solution would be to open an ssh tunnel either from A or from B that provides A API access to C. for instance - if you do from project A: ssh -L 3306:project-C-vm:3306 user@project-B-vm -N - then you'd create the tunnel. and, if you want the tunnel to be self-healing, then autossh can be used. It is a hack - but seemingly reliable and simple.
Hi sir.. i am newly learning gcp nd want to learn all concepts in order.. which videos of ur to follow in order to understand the comcepts nd clear ace external exam can u pls guideee
Hello, Please follow my learn gcp playlist on the channel.
@Cloud Advocate suppose we want to go from our local machine to a server that acts as bastian host and then from bastian host we need to go to an instance(on different vpc) and then from that instance we need to access all other instances in one different vpc. So i need to ask you if its possible to use same private-public key pair to access all these using ssh forwarding or not. Or do i need to supply different key pairs.
Hi Pradeep, bastian host is going to be onprem or in cloud?
Local -> Bastian -> gcevm -> allgce is this right?
Hi, @@CloudAdvocate . The bastian host is also a google cloud vm and only accepts connection from my ip address. And then there is another vm on different vpc (let's assume jenkins server ) that accepts connection only from bastian host. Now this jenkins server should be able to ssh into all other instances (one or greater than one) that are on different vpc. So there are total three vpc's involved. I don't want to store the private key on cloud (on any server) for security reasons. So how can i reach jenkins server's terminal and then ssh into any instance i want for further development.
Then you have to put public key of Jenkins server in all VM's. Should be baked in as part of AMI. That way Jenkins can talk to all VM's.
@@CloudAdvocate thanks for your reply . Greatly appreciated. Can you share some resource/link regarding this. I've been trying to do this from long time but without success or you can just tell what do you mean by "baked in as a part of AMI". Where we will store the private key of jenkins in this case ?
Yeah, you can put public key of Jenkins server in authorized keys of a gce instance..create a custom ami and let teams use that ami only. So going forward Jenkins will have access to all the instances coz the public key of Jenkins is present in all gce instances.
hi sir i have one doubt since both the project are in different networks we should connect over external ip ryt..only for within same network we use internal ip ..can u pls explain if i am wrng..somewhere i learnt in same way so
Yes but when you peer them together you communicate via private ip
@@CloudAdvocatethank u for reply..but will private ip work even outside network or org?
@@ushasree9388 no only if there is vpn or direct connect.
I am a business student don't have any prior knowledge in coding and I started using Google cloud shell while learning in qwiklabs gradually when I am about to finish the course I don't know how to write the command lines in cloud shell so can you please suggest me how to write command lines in cloud shell
What commands are you talking about ? gcloud commands or linux commands? gcloud commands are well documented for each service or you can learn how to do that by typing Eg:- gcloud app help for each service.
You are migrating your on-premises solution to Google Cloud in several phases. You will use Cloud VPN to maintain a connection between your on-premises systems and Google Cloud until the migration is completed. You want to make sure all your on-premise systems remain reachable during this period. How should you organize your networking in Google Cloud?
A. Use the same IP range on Google Cloud as you use on-premises
B. Use the same IP range on Google Cloud as you use on-premises for your primary IP range and use a secondary range that does not overlap with the range you use on-premises
C. Use an IP range on Google Cloud that does not overlap with the range you use on-premises
D. Use an IP range on Google Cloud that does not overlap with the range you use on-premises for your primary IP range and use a secondary range with the same IP range as you use on-premises
I'm confused between options C and D. Could you please help me choose the correct one with an explanation?
Can you please explain about direct connect
will do.
Do a video on restapi. As a cloud engineer do we need know to use the rest api. Why it is used. Please anyone answer my question.
To an extent yes, how to consume the rest api's.
@@CloudAdvocate can you please elaborate clearly. I didn't get you.
You should know how to hit the rest api's of cloud and get the response..minimum
Can you please explain about shared VPC
Sure will do.
@@CloudAdvocate which location you are working from?
New Jersey
VPC peering doesnt mandate both VPCs to be under same organization or same project.
Could you share your email id please ?
I have a specific requirement say, we have two projects and a third project as host where vpc network is created and it is shared with first two projects. In this scenario how the vpc peering looks like?? Happy to discuss more on call or email please