Spotted a bug? Have a great idea? Help us make google.dev great!

In this codelab, you'll learn about Google Cloud Platform's Virtual Private Cloud and the differences between the auto mode and custom mode networks on GCP. A subnetwork allows you to create your own network topology as you would in your own on-premise datacenter, so that you can assign specific IP address ranges to groups of machines.

What is a Virtual Private Cloud?

A VPC network, sometimes just called a "network," is a virtual version of a physical network, like a data center network. It provides connectivity for your Compute Engine virtual machine (VM) instances, Kubernetes Engine clusters, App Engine Flex instances, and other resources in your project. It also connects the resources to each other and to the Internet. A VPC network is a global resource which consists of a list of regional virtual subnetworks (subnets) in data centers, all connected by a global wide area network. VPC networks are logically isolated from each other in GCP.

Projects can contain multiple VPC networks. Unless you create an organizational policy that prohibits it, new projects start with a default network that has one subnet in each region (an auto mode network).

What you'll build

  • A Custom Mode VPC Network with regional subnets
  • Compute Engine instances in both subnets with an internal IP address from the subnet IP range

What you'll learn

  • Learn about auto mode vs. custom mode networks
  • Learn about regional subnetworks
  • How to setup custom subnetworks

What you'll need

  • A Google Cloud Platform account

Self-paced environment setup

If you don't already have a Google Account (Gmail or Google Apps), you must create one. Sign in to Google Cloud Platform console (console.cloud.google.com) and create a new project:

Remember the project ID, a unique name across all Google Cloud projects. It will be referred to in these codelabs as PROJECT_ID.

Next, you'll need to enable billing in the Cloud Console in order to use Google Cloud resources.

Running through this codelab shouldn't cost you more than a few dollars, but it could be more if you decide to use more resources or if you leave them running (see "cleanup" section at the end of this document).

New users of Google Cloud Platform are eligible for a $300 free trial.

Initialize your Project environment

Compute → Compute Engine → VM instances

Once the enabling the Compute Engine API completes, you will do most of the work from the Google Cloud Shell, a command line environment running in the Cloud. This Debian-based virtual machine is loaded with all the development tools you'll need (gcloud, git and others) and offers a persistent 5GB home directory. Open the Google Cloud Shell by clicking on the icon on the top right of the screen:

You can pick and choose different zones too. Learn more about zones in Regions & Zones documentation.

Unless you choose to disable it, each new project starts with a default network. The default network is an auto mode network with pre-populated firewall rules. You can then let Google Compute Engine automatically create and manage subnetworks based on region. It will automatically assign a subnetwork IP prefix range to each region in your network. The instances created in a zone in a specific region in your network get assigned an IP allocated from the regional subnetwork range.

Auto mode networks are easy to set up and use, and they are well suited when:

  • You prefer to have automatically created subnets in each region.
  • The predefined IP ranges of the subnets do not overlap with IP ranges you would use for different purposes (for example, Cloud VPN connections to on-premises resources).

However, custom mode networks are more flexible and are better suited to production. Use custom mode networks when:

  • It isn't necessary to have one automatically created subnet in each region.
  • The new automatically created regional subnets could overlap with IP addresses used by manually created subnets or static routes, or could interfere with your overall network planning.
  • You need complete control over the subnets created in your VPC network, including regions and IP address ranges used.
  • You plan to connect VPC networks using VPC Network Peering or Cloud VPN. Because the subnets of every auto mode network use the same predefined range of IP addresses, you cannot connect auto mode networks to one another.

You can see your current network setup two ways: from the Google Cloud Console, or from command line.

From the Google Cloud Console, click on the Menu icon on the top left of the screen. Then navigate down to Networking > VPC Network > VPC networks.

You will see that your project is already configured with automatic regional subnetworks, and there are different subnetworks created for each of the regions:

You can get the same information from the Cloud Shell. Start Cloud Shell, as instructed in the previous section, if you haven't done so already. In the shell, list the existing networks:

gcloud compute networks list

NAME    MODE IPV4_RANGE GATEWAY_IPV4
default auto

It shows the default network with the automatic regional subnetwork mode. But to see the actual subnetwork ranges:

gcloud compute networks subnets list

NAME     REGION           NETWORK RANGE
default  asia-northeast1  default  10.146.0.0/20
default  us-west1         default  10.138.0.0/20
default  us-east1         default  10.142.0.0/20
default  europe-west1     default  10.132.0.0/20
default  asia-east1       default  10.140.0.0/20
default  us-central1      default  10.128.0.0/20

The diagram above illustrates the custom VPC network architecture you will be creating. Custom subnetworks allow you to manually define subnetwork IP ranges for each region in your network. There can be zero, one, or several subnetwork IP ranges created per region for a network. In order to create an instance in a zone, you must have previously created at least one subnetwork in that region. At instance creation time, you will need to specify the subnetwork in the region that the instance IP should be allocated from.

Let's create a new network topology that supports custom subnetworks:

gcloud compute networks create custom-network1 --subnet-mode custom

Created [https://www.googleapis.com/compute/v1/projects/...].
NAME            MODE   IPV4_RANGE GATEWAY_IPV4
custom-network1 custom

Next, create a custom subnet in the us-central1 region:

gcloud compute networks subnets create subnet-us-central-192 \
      --network custom-network1 \
      --region us-central1 \
      --range 192.168.1.0/24

Created [https://www.googleapis.com/compute/v1/projects/...].
NAME                  REGION      NETWORK         RANGE
subnet-us-central-192 us-central1 custom-network1 192.168.1.0/24

Next, create a custom subnet in the europe-west1 region:

gcloud compute networks subnets create subnet-europe-west-192 \
      --network custom-network1 \
      --region europe-west1 \
      --range 192.168.5.0/24

Created [https://www.googleapis.com/compute/v1/projects/...].
NAME                   REGION       NETWORK         RANGE
subnet-europe-west-192 europe-west1 custom-network1 192.168.5.0/24

You can then list all of your subnetworks and their internal IP address ranges:

gcloud compute networks subnets list

NAME                   REGION       NETWORK         RANGE
default                asia-east1   default         10.140.0.0/20
default                us-central1  default         10.128.0.0/20
subnet-us-central-192  us-central1  custom-network1 192.168.1.0/24
default                europe-west1 default         10.132.0.0/20
subnet-europe-west-192 europe-west1 custom-network1 192.168.5.0/24
default                us-east1     default         10.142.0.0/20

Then you can create instances in the different subnetworks:

gcloud compute instances create instance-1 \
      --zone us-central1-a \
      --subnet subnet-us-central-192

Created [https://www.googleapis.com/compute/v1/projects/...].
NAME       ZONE          MACHINE_TYPE  PREEMPTIBLE INTERNAL_IP EXTERNAL_IP   STATUS
instance-1 us-central1-a n1-standard-1             192.168.1.2 X.X.X.X   RUNNING
gcloud compute instances create instance-2 \
      --zone europe-west1-d \
      --subnet subnet-europe-west-192

Created [https://www.googleapis.com/compute/v1/projects/...].
NAME       ZONE           MACHINE_TYPE  PREEMPTIBLE INTERNAL_IP EXTERNAL_IP   STATUS
instance-2 europe-west1-d n1-standard-1             192.168.5.2 X.X.X.X  RUNNING

You can see the internal IPs assigned to each Compute instance are from within the subnet ranges associated with the respective subnet in us-central or europe-west.

You now know the basics of the default network topology as well as the ability to create your own network topology on Google Cloud Platform!

What we've covered

  • Differences between auto mode and custom mode networks
  • Learned about regional subnetworks
  • How to set up custom subnetworks

Next Steps

If you are not continuing on to the next lab, you can delete the resources created during the codelab using the Cloud Shell.

Delete Compute Engine instances with the following commands:

gcloud compute instances delete instance-1 --zone us-central1-a

The following instances will be deleted. Any attached disks configured
 to be auto-deleted will be deleted unless they are attached to any
other instances or the `--keep-disks` flag is given and specifies them
 for keeping. Deleting a disk is irreversible and any data on the disk
 will be lost.
 - [instance-1] in [us-central1-a]
Do you want to continue (Y/n)?  y
Deleted [https://www.googleapis.com/compute/v1/projects/ypc-demo/zones/us-central1-a/instances/instance-1].
gcloud compute instances delete instance-2 --zone europe-west1-d

The following instances will be deleted. Any attached disks configured
 to be auto-deleted will be deleted unless they are attached to any
other instances or the `--keep-disks` flag is given and specifies them
 for keeping. Deleting a disk is irreversible and any data on the disk
 will be lost.
 - [instance-2] in [europe-west1-d]
Do you want to continue (Y/n)?  y
Deleted [https://www.googleapis.com/compute/v1/projects/ypc-demo/zones/europe-west1-d/instances/instance-2].

Delete the subnetworks created with the following commands:

gcloud compute networks subnets delete subnet-us-central-192 --region us-central1

The following subnetworks will be deleted:
 - [subnet-us-central-192] in [us-central1]
Do you want to continue (Y/n)?  y
Deleted [https://www.googleapis.com/compute/v1/projects/vpc-demo-241520/regions/us-central1/subnetworks/subnet-us-central-192].
gcloud compute networks subnets delete subnet-europe-west-192 --region europe-west1

The following subnetworks will be deleted:
 - [subnet-europe-west-192] in [europe-west1]
Do you want to continue (Y/n)?  y
Deleted [https://www.googleapis.com/compute/v1/projects/vpc-demo-241520/regions/europe-west1/subnetworks/subnet-europe-west-192].

Delete the custom VPC with the following command:

gcloud compute networks delete custom-network1

The following networks will be deleted:
 - [custom-network1]
Do you want to continue (Y/n)?  y
Deleted [https://www.googleapis.com/compute/v1/projects/vpc-demo-241520/global/networks/custom-network1].