Virtual Private Cloud (VPC)
A Virtual Private Cloud (VPC) provides networking functionality for Compute Engine VM instances, GKE containers, and the App Engine flexible environment.
A VPC is fundamentally a global, scalable, and highly flexible network that provides secure communication between your cloud resources.
VPC Basics
- Subnets: Networks are divided into regional subnets. Every subnet is associated with an explicit region, making IP addressing clean and logical across your architecture.
- Firewall Rules: By default, GCP blocks all incoming traffic to VM instances. You must construct granular firewall rules targeting specific network tags or service accounts to allow inbound HTTP, HTTPS, or internal RPC traffic.
- VPC Peering: Allows internal IP address connectivity across two independent VPC networks logically. Excellent for connecting organizational micro-projects seamlessly without routing through the public internet.
Internal vs External IP Addresses
- Internal IPs: Kept completely hidden behind the Google Cloud perimeter natively. Use them strictly for Database-to-Web-Server communication.
- External IPs: Publicly routable IPs exposed to the physical Internet explicitly. Used for Load Balancers and public egress tunnels gracefully.