In this lesson, I am going to cover the main “Networking” offerings on Google Cloud Platform.

Google networking services are focused on allowing your other resources to connect and communicate.  Your Compute and Storage resources can be as accessible or isolated as you need.  You can reroute traffic when a VMs fails.  Or throttle high traffic so that a database is not overwhelmed.  Also, networking services include setting policies and rules that ensure that only authorized connections are allowed.

Virtual Private Clouds (or VPC for short) allow you to organize and share your resources.  VPCs are networks that are logically isolated from each other.  VPCs can be used to group or separate VMs and containers.  You can also divide a VPC into sub-networks, define routes, and specify how traffic should flow between them.

By default, all incoming traffic to a VPC is blocked, and all outgoing traffic is allowed.  This protects your VPC from outside access, but allows your resources to still connect to the internet.  By creating firewall rules, you have the ability to override this default behavior.  So you can block outbound traffic in case you want to prevent a resource from accessing the internet.  Or you can allow external access to a public web server.  You can also control which VPCs can connect to each other using a service called VPC Network Peering.

Now, what if you want to connect a VPC to an external network outside of Google?  For example, maybe you wish to route traffic between your own private data centers.  There are several ways of accomplishing this.  First, you can create a secure connection to a VPC using Cloud VPN.  VPN stands for Virtual Private Network.  A VPN uses the public internet to send encrypted traffic back and forth.  This works, but it does mean that any slowdown or disruption of the internet can affect your internal connections as well.  So, if you want even greater security and reliability, you can use Cloud Interconnect instead.  Cloud Interconnect is much more expensive than a VPN, but it provides a direct, dedicated connection to Google which results in higher speed and reliability.  Now as a third option, you can also choose Direct Peering by coordinating with your local internet service provider.  Peering is free, but it depends on your ISP.  It’s not really well-integrated with GCP and requires a lot more setup.

Google has many other networking services as well.  For example, Load Balancers help distribute network traffic among groups of resources, so that no individual part of your infrastructure gets overwhelmed.  Cloud Armor works with your load balancers to provide built-in defenses against application and Denial of Service attacks.  Cloud DNS allows you to create and manage millions of DNS records, for both public and private domains.  And Cloud CDN can accelerate your web and application content by using Google’s globally distributed caches.

Ok, so let’s do a quick review of everything that was covered:

• You group your VMs into VPCs and then create firewall rules to isolate or connect them to the internet
• Cloud VPN, Interconnect, and Peering all can be used to connect your corporate network to GCP
• Load balancers are used for distributing traffic across multiple resources
• Cloud Armor helps block internet attacks
• Cloud DNS manages domain names
• Cloud CDN uses caching to accelerate content delivery

So those are the most commonly used Networking services on GCP.