Networking in Google Cloud

(3 days)

 

This training course builds on the networking concepts covered in the Networking Fundamentals in Google Cloud course. Through presentations, demonstrations, and labs, participants explore and deploy Google Cloud networking technologies. These technologies include: Virtual Private Cloud (VPC) networks, subnets, and firewalls;
Interconnection among networks; Load balancing ;Cloud DNS; Cloud CDN; Cloud NAT. The course will also cover common network design patterns.

 

Objectives
  • Configure VPC networks, subnets, and routers.
  • Control administrative access to VPC objects.
  • Control network access to endpoints in VPCs.
  • Interconnect networks among Google Cloud projects.
  • Implement network connectivity between Google Cloud projects.
  • Implement load balancing.
  • Configure traffic management among load balancer backend services.
  • Use Cloud CDN to reduce latency.
  • Optimize network spend using Network Service Tiers.
  • Configure private connection options to provide access to external resources and services from internal networks

Audience

This course is intended for the following participants:

  • Network engineers and administrators who use the Google Cloud console or are planning to do so
  • Individuals who want to be exposed to software-defined networking solutions in the cloud

Prerequisites

  • Having completed the Google Cloud Fundamentals: Core Infrastructure course or having equivalent experience
  • Having completed the Networking Fundamentals in Google Cloud quest or having equivalent experience
  • Prior understanding of the 7-layer OSI model
  • Prior understanding of IPv4 addressing
  • Prior experience with managing IPv4 routes

Course Outline

 

Module 1: VPC Networking Fundamentals

  • Create a Compute Engine VM with multiple network interfaces.
  • Use the standard tier to lower cloud networking costs.
  • Use the premium tier to provide lower latency and faster access to Google Cloud resources.

Module 2: Sharing VPC Networks

  • Describe the different ways to share VPC networks that are available in Google Cloud.
  • Recognize when to use Shared VPC and when to use VPC Network Peering.
  • Configure peering between unrelated VPC networks.

Module 3: Network Monitoring and Logging

  • Configure uptime checks, alerting policies, and charts for your network services.
  • Monitor Google Cloud network resources.
  • Use VPC Flow Logs to log and analyze network traffic behavior.

Module 4: Network Routing and Addressing in Google Cloud

  • Define key routing and addressing concepts relevant to Google Cloud, including IP addresses, subnets, route tables, firewalls, BYOIP, and NATs.
  • Describe the configuration and management options for Google Cloud DNS, including private and managed zones.
  • Configure and manage route tables to control traffic flow, resolve domain names effectively, and utilize NAT rules for secure access.

Module 5: Private Connection Options

  • Define and differentiate various private connection options (e.g., Private Google Access, Private Services Access, Private Service Connect).
  • Explore use cases of Private Service Connect, Private Service Access, and Private Google Access.
  • Implement Private Google Access with Cloud NAT.

Module 6: Introduction to Network Architecture

  • Describe the Google Cloud provides components that create a good network architecture, such as Cloud Interconnect, VPC Network Peering, Shared VPC, and Network Tiers.
  • Summarize key considerations for network design.

Module 7: Network Topologies

  • Explain when to use each network topology based on specific requirements.
  • Identify potential bottlenecks or security vulnerabilities in network topologies.
  • Implement a meshed topology for a resilient and scalable network architecture.

Module 8: Distributed Denial of Service (DDoS) Protection

  • Identify the four layers of DDoS Mitigation.
  • Identify methods Google Cloud uses to mitigate the risk of DDoS for its customers.
  • Use Google Cloud Armor to blocklist an IP address and restrict access to a global external Application Load Balancer

Module 9: Controlling Access to VPC Networks

  • Describe how IAM policies affect VPC network access.
  • Identify the benefits of using Cloud Firewall’s hierarchical policies at different levels of the cloud infrastructure hierarchy.
  • Apply global and regional network firewall policies using Cloud Firewall.
  • Explain the role of Cloud IDS in protecting VPC networks from malicious activity.
  • Deploy Cloud IDS and configure its settings according to specific security needs.
  • Describe the role of Secure Web Proxy in improving network resilience and availability.
  • Describe best practices for cloud network security

Module 10: Advanced Security Monitoring and Analysis

  • Define Packet Mirroring and explain its purpose in network monitoring and security.
  • Learn network security best practices.

Module 11: Hybrid Load Balancing and Traffic Management

  • Describe the benefits of hybrid load balancing.
  • Configure traffic management in a load balance.

Module 12: Caching and Optimizing Load Balancing

  • Describe how to configure an internal network load balancer as a next hop.
  • Use Cloud CDN configuration to optimize content delivery performance.
  • Create a Google Cloud Armor edge security policy to protect content.

Module 13: Connectivity Options

  • Describe the various connectivity options offered by Google Cloud for hybrid and multi-cloud environments, including Network Connectivity Center, Cloud VPN, Cloud Interconnect, and Cloud CDN.
  • Define and differentiate between the various Cloud Interconnect options available in Google Cloud, including Dedicated Interconnect, Partner Interconnect, and Cross-Cloud Interconnect.

Module 14: Cloud VPN

  • Implement high availability VPN (HA VPN) for redundancy and failover.
  • Identify the benefits and use cases for Cloud HA VPN.