An internal IP address allocated by DHCP. Any VM or any service which depends on an IP address (example App Engine, GKE) gets this internal IP address
External IP address (optional): we can address this IP address if the service requires it. We can assign this IP address from a pool or from a reserved ip address (static). If we have allocate a static IP address and not assign it to a machine, we are charged for it
We can use our publicly routable IP addresses with bringing into GPC a /24 IP block or larger (BYOIP)
DNS Resolution for Internal Addresses
Each instance has a hostname that can be resolved to an internal IP address:
The hostname is the same as the instance name
FQDN is [hostname].[zone].c.[project-id].internal
Name resolution is handled by internal DNS resolver:
Provided as part of the Compute Engine (169.254.169.254)
Configured for use on instance via DHCP
Provides answers for internal and external addresses
DNS Resolution for external Addresses
Instances with external IP address connections from hosts outside the project
DNS records for external addresses can be published using existing DNS servers (outside of Google Cloud)
DNS zones can be hosted using Cloud DNS
Cloud DNS
It a scalable, reliable, managed authoritative domain name system (DNS service)
It is using Google’s global network of anycast nameservers to serve DNS zones
GCP offers an 100% update SLA for Cloud DNS
Cloud DNS allows creation and update of million DNS records without the burden of managing own DNS servers
Alias IP Ranges
Allows us to assign a range of IP addresses as aliases to a VM’s network interface
Useful if want to assign multiple IP addresses to VM in case we are running multiple applications on it (example: containers)
Routes and Firewalls
By default every network has:
Routes that let instances in a network send traffic directly to each other
A default route that directs packets to destinations tha are outside of the network
The default network firewall rules configured to allow instances ona network talk to each other. Manually created networks do not have such rules
Instance routing tables:
Each route in the routes collection may apply to one or more instances
A route applies to an instance if the network and the instance tag match with the rule
If there are no tags specified for the rule, it will apply to all the instances from the network
GCP firewall rules protect our VM instances form unapproved connections
GCP firewall rules are stateful
Firewall rule properties:
direction: ingress or egress rules
source or destination
protocol and port
action: allow or deny packets that match the direction, protocol, port and source destination of the rule
priority
Rule assignment: all rules are assigned to all instances, but we can assign certain rules to certain instances only
Network Pricing
Ingress traffic is free (responses to requests are considered egress traffic which is charged)
Egress traffic to the same zone (internal IP address) is free
Egress traffic to Google products (Youtube, Maps, Drive) is free
Egress traffic to GCP services within the same region is free, with some exceptions
Egress traffic to the same same region: $0.01/GB
Egress traffic to the same zone using external IP address: $0.01/GB
Egress traffic between regions in the US and Canada: $0.01/GB
Egress traffic between regions outside of US: varies by region
Price of static IP addresses (assigned but not used): $0.01 per hour
Static and ephemeral IP addresses in use on standard VM: $0.004 per hour
Static and ephemeral IP addresses in use on preemptible VM: $0.002 per hour
Static adn ephemeral IP addresses attached to forwarding rules are free of charge