In this codelab, you'll learn how to create a VPC with subnetworks in Google Cloud, and the differences between an auto mode VPC network and a custom mode VPC network. A subnetwork allows you to create network topology as you would in your own on-premise data center so that you can assign specific IP address ranges to groups of machines.
What is a Virtual Private Cloud?
A VPC network, sometimes simply referred to as a network, is a virtual version of a physical network, like a data-center network. It provides connectivity for your Compute Engine virtual machine (VM) instances, Google Kubernetes Engine clusters, App Engine flexible environment instances, and other resources in your project. It also connects the resources to each other and the internet.
A VPC network is a global resource, which consists of a list of regional virtual subnetworks in data centers, all connected by a global wide-area network. VPC networks are logically isolated from each other in Google Cloud.
Projects can contain multiple VPC networks. Unless you create an organizational policy that prohibits it, new projects start with a default network with one subnetwork–an auto mode VPC network— in each region.
What you'll build
- A custom mode VPC network with regional subnetworks
- Compute Engine instances in both subnetworks with an internal IP address from the subnetwork IP range
What you'll learn
- Auto mode VPC networks vs. custom mode VPC networks
- Regional subnetworks
- How to set up custom subnetworks
What you'll need
- A Google Account
Self-paced environment setup
Remember the project ID, a unique name across all Google Cloud projects. It will be referred to as PROJECT_ID.
Next, you'll need to enable billing in the Cloud Console to use Google Cloud resources. Running through the codelab shouldn't cost you more than a few dollars, but it could cost more if you use more resources or leave them running (see the cleanup section at the end of the codelab). New users of Google Cloud are eligible for a $300 free trial.
Initialize your project environment
Navigate to Compute > Compute Engine > VM instances.
After you finish enabling the Compute Engine API, you will do most of the work with Cloud Shell, which allows you to manage your infrastructure and applications from the command-line in any browser. The Debian-based VM is loaded with all the development tools that you'll need (
gcloud command-line tool,
Git, and others) and offers a persistent 5 GB home directory. Open Cloud Shell by clicking on the icon in the top-right section of the screen.
You can pick and choose different zones, too. For more information, see Regions & Zones.
Unless you choose to disable it, each new project starts with a default network. The default network is an auto mode VPC network with prepopulated firewall rules. You can then let Compute Engine automatically create and manage subnetworks based on region. It will automatically assign a subnetwork IP prefix range to each region in your network. The instances created in a zone in a specific region in your network get assigned an IP allocated from the regional subnetwork range.
Auto mode VPC networks are easy to set up and use, and they are well suited when:
- You prefer to have automatically created subnetworks in each region.
- The predefined IP ranges of the subnetworks do not overlap with IP ranges you would use for different purposes (for example, Cloud VPN connections to on-premises resources).
However, custom mode VPC networks are more flexible and are better suited for production. Use custom mode VPC networks when:
- It isn't necessary to have one automatically created subnetwork in each region.
- The new automatically created regional subnetworks could overlap with IP addresses used by manually created subnetworks or static routes, or interfere with your overall network planning.
- You need complete control over the subnetworks created in your VPC network, including regions and IP address ranges used.
- You plan to connect VPC networks using VPC Network Peering or Cloud VPN. Because the subnetworks of every auto mode VPC network use the same predefined range of IP addresses, you cannot connect auto mode VPC networks to one another.
You can see your current network setup through either Cloud Console or Cloud Shell.
In Cloud Console, click on the menu icon in the top-left section of the screen, then navigate to Networking > VPC network > VPC networks.
You will see that your project is already configured with automatic regional subnetworks and that there are different subnetworks created for each region.
You can get the same information from Cloud Shell. Start Cloud Shell as instructed in the previous section if you haven't done so already, then list the existing networks.
gcloud compute networks list NAME MODE IPV4_RANGE GATEWAY_IPV4 default auto
It shows the default network with the automatic regional subnetwork mode, but to see the actual subnetwork ranges:
gcloud compute networks subnets list NAME REGION NETWORK RANGE default asia-northeast1 default 10.146.0.0/20 default us-west1 default 10.138.0.0/20 default us-east1 default 10.142.0.0/20 default europe-west1 default 10.132.0.0/20 default asia-east1 default 10.140.0.0/20 default us-central1 default 10.128.0.0/20
The diagram illustrates the custom mode VPC network architecture you will be creating. Custom subnetworks allow you to manually define subnetwork IP ranges for each region in your network. There can be zero, one, or several subnetwork IP ranges created per region for a network. In order to create an instance in a zone, you must have previously created at least one subnetwork in that region. At instance creation time, you will need to specify the subnetwork in the region that the instance IP should be allocated from.
Create a new network topology that supports custom subnetworks.
gcloud compute networks create custom-network1 --subnet-mode custom Created [https://www.googleapis.com/compute/v1/projects/...]. NAME MODE IPV4_RANGE GATEWAY_IPV4 custom-network1 custom
Create a custom subnetwork in the
gcloud compute networks subnets create subnet-us-central-192 \ --network custom-network1 \ --region us-central1 \ --range 192.168.1.0/24 Created [https://www.googleapis.com/compute/v1/projects/...]. NAME REGION NETWORK RANGE subnet-us-central-192 us-central1 custom-network1 192.168.1.0/24
Create a custom subnetwork in the
gcloud compute networks subnets create subnet-europe-west-192 \ --network custom-network1 \ --region europe-west1 \ --range 192.168.5.0/24 Created [https://www.googleapis.com/compute/v1/projects/...]. NAME REGION NETWORK RANGE subnet-europe-west-192 europe-west1 custom-network1 192.168.5.0/24
List all your subnetworks and their internal IP address ranges.
gcloud compute networks subnets list NAME REGION NETWORK RANGE default asia-east1 default 10.140.0.0/20 default us-central1 default 10.128.0.0/20 subnet-us-central-192 us-central1 custom-network1 192.168.1.0/24 default europe-west1 default 10.132.0.0/20 subnet-europe-west-192 europe-west1 custom-network1 192.168.5.0/24 default us-east1 default 10.142.0.0/20
Create instances in the different subnetworks.
gcloud compute instances create instance-1 \ --zone us-central1-a \ --subnet subnet-us-central-192 Created [https://www.googleapis.com/compute/v1/projects/...]. NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS instance-1 us-central1-a n1-standard-1 192.168.1.2 X.X.X.X RUNNING
gcloud compute instances create instance-2 \ --zone europe-west1-d \ --subnet subnet-europe-west-192 Created [https://www.googleapis.com/compute/v1/projects/...]. NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS instance-2 europe-west1-d n1-standard-1 192.168.5.2 X.X.X.X RUNNING
You can see that the internal IPs assigned to each Compute Engine instance are from the subnetwork ranges associated with the respective subnetwork in
You now know the basics of the default network topology, as well as the ability to create your own network topology on Google Cloud!
What you covered
- The differences between auto mode VPC networks and custom mode VPC networks
- Regional subnetworks
- How to set up custom subnetworks
- Learn more about subnetworks from VPC network overview.
Delete the resources that you created with the Cloud Shell.
Delete Compute Engine instances with the following commands:
gcloud compute instances delete instance-1 --zone us-central1-a The following instances will be deleted. Any attached disks configured to be auto-deleted will be deleted unless they are attached to any other instances or the `--keep-disks` flag is given and specifies them for keeping. Deleting a disk is irreversible and any data on the disk will be lost. - [instance-1] in [us-central1-a] Do you want to continue (Y/n)? y Deleted [https://www.googleapis.com/compute/v1/projects/ypc-demo/zones/us-central1-a/instances/instance-1].
gcloud compute instances delete instance-2 --zone europe-west1-d The following instances will be deleted. Any attached disks configured to be auto-deleted will be deleted unless they are attached to any other instances or the `--keep-disks` flag is given and specifies them for keeping. Deleting a disk is irreversible and any data on the disk will be lost. - [instance-2] in [europe-west1-d] Do you want to continue (Y/n)? y Deleted [https://www.googleapis.com/compute/v1/projects/ypc-demo/zones/europe-west1-d/instances/instance-2].
Delete subnetworks with the following commands:
gcloud compute networks subnets delete subnet-us-central-192 --region us-central1 The following subnetworks will be deleted: - [subnet-us-central-192] in [us-central1] Do you want to continue (Y/n)? y Deleted [https://www.googleapis.com/compute/v1/projects/vpc-demo-241520/regions/us-central1/subnetworks/subnet-us-central-192].
gcloud compute networks subnets delete subnet-europe-west-192 --region europe-west1 The following subnetworks will be deleted: - [subnet-europe-west-192] in [europe-west1] Do you want to continue (Y/n)? y Deleted [https://www.googleapis.com/compute/v1/projects/vpc-demo-241520/regions/europe-west1/subnetworks/subnet-europe-west-192].
Delete the custom network with the following command:
gcloud compute networks delete custom-network1 The following networks will be deleted: - [custom-network1] Do you want to continue (Y/n)? y Deleted [https://www.googleapis.com/compute/v1/projects/vpc-demo-241520/global/networks/custom-network1].