Technical Theory

Creating a Virtual Private Cloud Network with a Custom Network in Google Cloud

Introduction

This tutorial will guide you through the process of creating a Virtual Private Cloud (VPC) network with a custom subnet in Google Cloud Platform (GCP). A VPC network enables you to launch Google Cloud resources, providing a logically isolated section of the Google Cloud network. By creating a custom network, you have complete control over the IP address ranges used in your network.

Prerequisites:

  • A Google Cloud account with billing enabled.
  • Basic understanding of networking concepts (IP addresses, subnets, routing).
  • The Google Cloud SDK (gcloud CLI) installed and configured. You can find installation instructions here.

Task 1: Setting up the gcloud CLI

First, authenticate with the gcloud CLI and set the default project.

  1. Authenticate:

    NODE_TYPE // bash 
    gcloud auth login

    This command will open a browser window to authenticate your account. Follow the on-screen instructions.

  2. Set the Project:

    NODE_TYPE // bash 
    gcloud config set project YOUR_PROJECT_ID

    Replace YOUR_PROJECT_ID with your actual Google Cloud project ID.

    Make sure you have selected the correct project where you want to create the VPC network. Verify by running: gcloud config get-value project.

Task 2: Creating the VPC Network

Next, create the VPC network itself. We’ll name it custom-vpc-network.

  1. Create the VPC:

    NODE_TYPE // bash 
    gcloud compute networks create custom-vpc-network --subnet-mode custom

    This command creates a new VPC network named custom-vpc-network. The --subnet-mode custom option specifies that you will manually create the subnets.

    The subnet mode determines how subnets are created in the VPC network. custom mode gives you the most control.

Task 3: Creating a Custom Subnet

Now, create a subnet within the VPC network. We’ll name it custom-subnet and assign it a private IP address range. We’ll also place it in the us-central1 region.

  1. Create the Subnet:

    NODE_TYPE // bash 
    gcloud compute networks subnets create custom-subnet \
    --network custom-vpc-network \
    --region us-central1 \
    --range 10.10.0.0/24

    This command creates a new subnet named custom-subnet in the us-central1 region, using the custom-vpc-network we created earlier. The --range 10.10.0.0/24 option defines the IP address range for the subnet.

    Ensure the IP range you select does not conflict with any existing networks. RFC1918 address spaces (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) are commonly used for private networks.

Task 4: Adding a Firewall Rule

By default, newly created VPC networks have no firewall rules. Let’s add a rule to allow SSH traffic to instances within the network.

  1. Create a Firewall Rule for SSH:

    NODE_TYPE // bash 
    gcloud compute firewall-rules create allow-ssh \
    --network custom-vpc-network \
    --allow tcp:22 \
    --source-ranges 0.0.0.0/0

    This command creates a firewall rule named allow-ssh that allows TCP traffic on port 22 (SSH) from any source IP address (0.0.0.0/0).

    Opening SSH to the entire internet is generally discouraged for security reasons. In a production environment, restrict the source IP ranges to only those that require SSH access.

Task 5: Creating a VM Instance (Optional)

Optionally, you can create a virtual machine instance within your VPC network to test connectivity.

  1. Create a VM Instance:

    NODE_TYPE // bash 
    gcloud compute instances create test-vm \
    --network custom-vpc-network \
    --subnet custom-subnet \
    --zone us-central1-a \
    --image-family debian-11 \
    --image-project debian-cloud

    This command creates a VM instance named test-vm in the us-central1-a zone. It uses the custom-vpc-network and custom-subnet we created earlier, and uses a Debian 11 image.

  2. Verify SSH Access:

    After the instance is created, you can SSH into it using:

    NODE_TYPE // bash 
    gcloud compute ssh test-vm --zone us-central1-a

    If the SSH connection is successful, you have verified that the firewall rule and network configuration are working correctly.

    graph LR
A[Start] --> B(Create VPC custom-vpc-network)
B --> C(Create Subnet custom-subnet)
C --> D(Create Firewall Rule allow-ssh)
D --> E{Create VM instance test-vm}
E -- Success --> F(SSH into test-vm)
E -- Failure --> G(Check Network & Firewall Config)
F --> H(End)
G --> B

Task 6: Cleanup (Optional)

To avoid incurring charges, you can delete the resources you created.

  1. Delete the VM Instance (if created):

    NODE_TYPE // bash 
    gcloud compute instances delete test-vm --zone us-central1-a

  2. Delete the Firewall Rule:

    NODE_TYPE // bash 
    gcloud compute firewall-rules delete allow-ssh

  3. Delete the Subnet:

    NODE_TYPE // bash 
    gcloud compute networks subnets delete custom-subnet --region us-central1

  4. Delete the VPC Network:

    NODE_TYPE // bash 
    gcloud compute networks delete custom-vpc-network
    Deleting a VPC network will also delete any associated resources. Ensure you have backed up or migrated any important data before deleting the network.

Conclusion

In this tutorial, you learned how to create a VPC network with a custom subnet in Google Cloud. You created a VPC network, a custom subnet within that network, and a firewall rule to allow SSH traffic. You also had the option to create a VM instance to test the network configuration. Understanding how to configure VPC networks is fundamental to deploying secure and scalable applications on Google Cloud.

Next Topic

Theory

Creating a VPC Network with Custom Subnets and Firewall Rules in Google Cloud
Theory

Creating a Debian Linux VM with Startup Script and Custom Metadata on Google Cloud
Theory

Creating a Debian VM with a Custom Service Account on Google Cloud