- Can share accross projects
- 5 networks per project
- 7000 instances per network
- Mode
- Auto mode
- Single subnet per region by default
- Custom mode
- Auto mode
- Internal
- Change every 24 hours or VM restart
- External
- Ephemeral
- Available only till VM stop / restart
- Static
- Regional: general usage for regional resources
- Global: only use for global load balancing
- Ephemeral
-
2 default routes
-
Spec:
- Required
- name
- network
- destRange
- instanceTags
- priority: to decide which route to go in case multiple routes matched
- Optional
- nextHopInstance
- nextHopIp
- nextHopNetwork
- nextHopGateway
- nextHopVpnTunnel
- Required
-
Routes apply to instance if tags match
-
No tag? then route is applied to all instances in that network
- stateful
- Can use tags to deny / allow traffic
- Can also use service account for traffic management
- IPv4 only
- Can not be shared among networks
- Instance's identity
- Instance can only have 1 SA
- Restricted by IAM
- Need to stop / restart instance to change SA
- For billing & applying firewall
- Instance can have many tags
- Belong to particular network & region
- Multiple projects use one network
- Host project: where shared vpc is hosted
- Service project: project which has permission to use shared vpc
- Can only associate with 1 host project at the same time
- Standalone project: does not share same network
- Maximum 25 peers per VPC
- Peered Networks can access all each other's resources by default, use FW to control the access.
Copy file from / to gcs: