1. Home
  2. Training Library
  3. Google Cloud Platform
  4. Courses
  5. Getting Started with Google Compute Engine

Networking on GCE


Provisioning your first GCE instance
Start course

Google Compute Engine is the cornerstone of the Google Cloud Platform. It is an IaaS (Infrastructure as a Service) environment - powered by KVM hypervisors - that allows you to create instances based on default images and custom snapshots, with complete control over network traffic.

This course, crafted by our expert Linux System Administrator David Clinton, will help you get started with Google Compute Engine, either through Google's browser console or their command line interface. By the end of this course you will have everything it takes to master the efficient and effective use of GCE.

Who should take this course

As a beginner-level course, you don't need experience with Google Cloud Platform to benefit from this tutorial. Some basic knowledge of the Linux CLI interface and TCP/IP stack might help you better understand the Networking and the CLI lectures though.

If you need a high-level introduction to the cloud, check out the Introduction to Cloud Computing course. We also have an Introduction to Google Cloud Platform course to offer you broader overview of the whole family of Google services.

If, after going through this course, you'd like to test your knowledge of Google Compute Engine and improve your CloudRank, we've got Quizzes that should serve as a perfect followup.



Welcome to cloudacademy.com's video series on Getting Started with Google Compute Engine. In this video, we're going to learn about working with networks and subnet address ranges, the kind of access the rest of the Internet will have to a Google Instance and the specific internal IP address on which an Instance lives are determined by it's network.

Google Compute Engine Networks and Firewalls

You can have more than one network associated with a single Google Cloud project. And, in fact, to keep resources connected or isolated from each other, you'll often need more than one. Let's see what we've already got associated with our project. Let's click on exploration, which is our project. Click on compute and networks. You have one network called default. It has an address range of, which means the first two octets are network addresses and the second two or the last two octets are nodes and has a gateway of

Let's create a new network which uses a different range, let's call it new net. We'll leave the description for now, and we'll definitely change the address. Let's change it to 192.168.00/16. Its gateway will be Let's create it. Once it's actually been created, it'll show up in the all networks list, and we'll click on new net and it will create a new firewall rule. It has no firewall rules yet. So let's name the rule, we'll call it SSH because this rule will permit SSH traffic. Again, for now, we'll leave out the description.

We'll leave the source IP range at 0.0.0/0, but that's a very dangerous range to allow because that means SSH traffic from anywhere on the Internet will be allowed in, assuming that they'll have access to your password or some other authentication method. But it could be a little bit loose. You might, usually, want to restrict the IP range to, let's say your own IP range on your host computer.

Which protocols and ports will be allowed. For this one, TCP:22, meaning that any traffic coming in using the TCP protocol on Port 22, which is the default SSH port, will be allowed in. Source tags and target tags are optional. But let's create a target tag of Network 1. That happens to be a tag I've given to an existing Instance on this project. Now, let's click on create, and we have a firewall rule.

How to edit your project Routes

We should spend a minute just discussing the routes that are automatically created with each new network. You could, of course, add your own routes and replace or edit the routes that have already been created for you. But we should, at least, describe each route and its function.

The first default route that was added to this network is the default route to the Internet. That is all traffic, all packets leaving an Instance that's using this network, will be able to travel to any destination this route permits. In this case, because the destination IP range is 0.0.0/0, there is no restriction on outbound traffic at all. Let's look at the second default route. This is the default route to the virtual network that is from the Instance using this network. You'll be allowed to send packets internally to anything on the 192.168.0/16 range, meaning any other Instance whose IP address falls within this range.

You can create new routes that would permit outgoing traffic to other IP ranges if you like to create a VPC. All that's possible using routes. How to apply this network to a real Instance. Let's go back to VM Instances and click on new Instance and we'll quickly create an Instance, we'll call it Instance 2. We won't allow any traffic because you already have a network rule that gives us all the traffic we need for this Instance.

We'll choose F1 micro just because it's the smallest and cheapest. We'll use Debian 7 for our image and I think we got everything we need except to select a network. We could stay with default but instead, we'll choose new net. The external address will be ephemeral. We'll create the Instance and once it's actually up and running, we'll log in and see which IP address we've been given. So let's get rid of this box. We will SSH into Instance 2.

And we're in. Let's type sudo ifconfig to take a look at our subnet. And we see that we are on, that's the IP address the DHPC server gave us but it's based on the subnet range.

About the Author
David Clinton
Linux SysAdmin
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.