Virtual Private Cloud (VPC)

Google Virtual Private Cloud (VPC) is a global, scalable, and flexible networking foundation for GCP resources. Unlike traditional networks, GCP VPCs are global resources that span all regions, allowing subnets in different regions to communicate without extra configuration.

Key Features:

1. Global network - A single VPC spans all GCP regions; subnets are regional resources within the VPC.

2. Auto mode vs Custom mode - Auto mode creates one subnet per region automatically; custom mode gives full control over subnet ranges.

3. Firewall rules - Stateful firewall rules applied at the instance level, not the subnet level.

4. Private Google Access - VMs without external IPs can reach Google APIs using internal IPs.

5. Shared VPC - Share a single VPC network across multiple GCP projects for centralized management.

The below example shows how to create a custom VPC with subnets and firewall rules.

It gives the following output,

Created network [my-custom-vpc].
Created subnet [subnet-us] in us-central1 (10.1.0.0/24).
Created subnet [subnet-eu] in europe-west1 (10.2.0.0/24).
Created firewall rule [allow-internal].
Created firewall rule [allow-ssh].

Auto Mode vs Custom Mode VPC:

Auto mode - Automatically creates one /20 subnet per region. Easy to start, but less control and can conflict with on-premises ranges. Not recommended for production.

Custom mode - Full control over subnet IP ranges and regions. Recommended for production to avoid IP conflicts with on-premises networks.