GCP Global Network

A global private isolated virtual network that provides managed networking functionality for your Google Cloud Platform (GCP) resources.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Deployments

28

Made by

Massdriver

Official

Yes

No

Compliance
Clouds

Operator Guide for gcp-global-network

Google Cloud Virtual Private Cloud (VPC) creates a private cloud as an abstraction on Google Cloud’s physical infrastructure. VPC provides secure network isolation across regions along with the ability to adjust the IP space on the fly.

Use Cases

General Compute

VPC is vital to running almost anything on Google Cloud.

Configuration Presets

Private

This is our only guided configuration for the global network. It sets Classless Inter-Domain Routing (CIDR) blocks for Private Service Connect and Private services access.

Design

The gcp-global-network bundle creates a VPC. It is the global parent for everything that needs network access. You will end up connecting bundles to gcp-subnetwork most of the time, with that subnetwork connected to the global network (cluster → subnetwork → global-network). You cannot run anything in a VPC without a subnetwork. The subnetwork defines the IP range.

Private Service Connect

Private Service Connect improves security by allowing you to access GCP APIs across VPCs without traversing the public Internet.

Private Services Access

Private services access allows GCP services (such as CloudSQL and Memorystore) to be offered through a single peering connection with an internal IP address so that each instance does not consume its own peering connection. This is important since GCP global networks have a peering limit of only 25 connections. You may choose the CIDR blocks for Private Service Connect and private services access, but we do not allow you to turn them off.

Best Practices

Security

Massdriver allocates a range for private services access so that you can launch private Google Cloud Platform (GCP) services without individual peering connections. See documentation here for more information.

Private Service Connect

Private Service Connect lowers network egress costs and latency. You also benefit from the improved security of private networking.

Private Services Access

The peering limit of 25 often becomes a major issue for companies because it limits service scaling. Because private services access routes GCP services through a single peering connection, you can scale larger without hitting the peering limit.

Trade-offs

VPC Flow Logs are not turned on or configurable by this bundle. Even on medium-sized networks, they incur a large cost.

Variable Type Description
private_service_connect_ip string Internal IP address to use for accessing Google APIs, such as CloudFunctions, GCR or Cloud Storage, privately instead of over the internet via public IPs. This IP cannot conflict with any existing subnets or peered networks. More info: https://cloud.google.com/vpc/docs/configure-private-service-connect-apis
private_services_access_cidr string CIDR range to deploy GCP services to. This range cannot be used for any other purpose and cannot conflict with existing subnets or peered networks. This range is used by Google to deploy services like MemoryStore and CloudSQL without requiring individual peering connections per instance. More info: https://cloud.google.com/vpc/docs/private-services-access
GCP