Embedded Files
How to Secure Your Cloud Traffic by Keeping It Completely Off the Public Internet
Introduction to VPC Network Peering
Introduction to VPC Network Peering
VPC Network Peering is a powerful solution that creates a private, direct connection between two separate virtual networks within Google Cloud. Think of it as building a secure bridge between different cloud environments, allowing them to communicate privately and efficiently without using the public internet. This direct path ensures safer, faster, and more reliable data exchanges, which is particularly important when dealing with sensitive information.
From a technical standpoint, VPC Network Peering provides low-latency, high-performance communication between virtual private clouds, bypassing the need for external connectivity options like VPNs. This leads to reduced egress costs, (less money paid to move data from the cloud provider) simplified network architecture, and enhanced security. It is an essential tool for organizations needing seamless communication across departments, projects, or even multiple business units, while maintaining strict compliance and data governance standards.
In this project, I demonstrate how to set up VPC Network Peering between two projects within Google Cloud, ensuring secure and efficient connectivity between virtual machines in each environment. The project involves creating custom VPC networks, configuring peering between them, and testing the connectivity.
Role: Cloud Security Engineer
Tools Used: Google Cloud Console, Google Cloud Shell, gcloud CLI, SSH, Firewall Management Tools
Deliverable(s): Peering Status report
Task 1: Create a Custom Network in Both Projects
Task 1: Create a Custom Network in Both Projects
This step involves creating custom VPC networks in Project-A and Project-B to prepare for VPC Network Peering.
Set the Project IDs
Set the Project IDs
Begin by setting the project ID for both Project-A and Project-B in separate Cloud Shells using the following commands:
Create 2 Cloud Shell instances, 1 for Project-A and the other for Project-B
Cloud Shell for Project-A
Cloud Shell for Project-A
Go back to first Cloud Shell and run the following to create a custom network:
gcloud compute networks create network-a --subnet-mode custom
Create a subnet within this VPC and specify a region and IP range by running:
gcloud compute networks subnets create network-a-subnet --network network-a \ --range 10.0.0.0/16 --region
Create a VM instance:
gcloud compute instances create vm-a --zone --network network-a --subnet network-a-subnet --machine-type e2-small
Run the following to enable SSH and icmp, because you'll need a secure shell to communicate with VMs during connectivity testing:
gcloud compute firewall-rules create network-a-fw --network network-a --allow tcp:22,icmp
Next you set up Project-B in the same way.
Cloud Shell for Project-B
Cloud Shell for Project-B
Switch to the second Cloud Shell and create a custom network:
gcloud compute networks create network-b --subnet-mode custom
Create a subnet within this VPC and specify a region and IP range by running:
gcloud compute networks subnets create network-b-subnet --network network-b \--range 10.8.0.0/16 --region
Create a VM instance:
gcloud compute instances create vm-b --zone --network network-b --subnet network-b-subnet --machine-type e2-small
Run the following to enable SSH and icmp, because you'll need a secure shell to communicate with VMs during connectivity testing:
gcloud compute firewall-rules create network-b-fw --network network-b --allow tcp:22,icmp
Task 2: Set Up a VPC Network Peering Session
Task 2: Set Up a VPC Network Peering Session
This task sets up VPC peering between network-A in Project-A and network-B in Project-B. Once both networks are created then we'll move on to testing the connection.
Peer network-A with network-B
Peer network-A with network-B
Name - peer-ab
VPC Network - network-a
Peered VPC Network - activate "In another project"
Project ID - in this case the project name was supplied
VPC Network Name - network-b
Click "Create"
This completes the peering connection between the networks.
*Once created and back to the dashboard, you'll see that the status is set to "inactive". This just means that peer-ab is waiting for the connection it needs to communicate with. The next step is to setup up the next side of the communication needed for connection.
Peer network-B with network-A
Peer network-B with network-A
*Ensure you switch projects by tapping the dropdown arrow next to the active project.
Name - peer-ba
VPC Network - network-b
Peered VPC Network - activate "In another project"
Project ID - in this case the project name was supplied
VPC Network Name - network-a
Click "Create"
This completes the peering connection between the networks.
Task 3: Test Connectivity
Task 3: Test Connectivity
In this step, we verify the peering connection by checking network connectivity between the VMs in Project-A and Project-B with a Ping Test.
*A ping test is like sending a small "hello" message from one computer (or virtual machine) to another to see if they can talk to each other. If the second computer gets the message, it sends a quick "hello" back. This helps us check whether two computers are connected and able to communicate over a network. In this case, we use a ping test to make sure that the virtual machines (VMs) in Project A and Project B can successfully communicate after setting up the private connection.
Copy the Internal IP address of vm-a to insert in the SSH of vm-b.
This opens the SSH-in-browser where you'll ping the Internal IP address of vm-a.
Here, we take the code ping -c 5 <INTERNAL_IP_OF_VM_A>, replace content within <> with the copied Internal IP of vm-a (10.0.0.2)
Type in ping -c 5 10.0.0.2 in the SSH of vm-b
Here we can see that there was successful communication between VMs, as the screenshot verifies that the VPC Network Peering is functioning correctly. The ping results show successful packet transmission. (5 packets transmitted and 5 received.)
Page updated
Google Sites
Report abuse