Overview
Google Cloud Virtual Private Cloud (VPC) Network Peering allows private connectivity across two VPC networks regardless of whether or not they belong to the same project or the same organization.
VPC Network Peering is useful for :
- Organizations with several network administrative domains.
- Organizations that want to peer with other organizations.
If you have multiple network administrative domains within your organizations, VPC Network Peering allows you to make services available across VPC networks in private space. VPC Network Peering allows you to make those services available in private space to those organizations. The ability to offer services across organizations is useful if you want to offer services to other enterprises, and it is useful within your own enterprise if you have several distinct organization nodes due to your own structure or as a result of mergers or acquisitions.
VPC Network Peering gives you serveral advantages over using external IP addresses or VPNs to connect networks, including:
- Network Latency : Private networking offeres lower latency than public IP networking.
- Network Security : Service owners do not need to have their services exposed to the public internet and deal with its associated risks.
- Network Cost : Networks that are peered can use internal IPs to communicate and save Google Cloud egress bandwidth costs. Regular network pricing still applies to all traffic.
VPC Network Peering setup
Within the same organization node, a network could be hosting services that need to be accessible from other VPC networks in the same or different projects.
Alternatively, one organization may want to access services a third-party services offering
Create network-A VPC
gcloud compute networks create network-a --subnet-mode custom
gcloud compute networks subnets create network-a-central --network network-a --range 10.0.0.0/16 --region us-central1
gcloud compute instances create vm-a --zone us-central1-a --network network-a --subnet network-a-central
gcloud compute firewall-rules create network-a-fw --network network-a --allow tcp:22,icmp
Create network-B VPC
gcloud compute network create network-b --subnet-mode custom
gcloud compute network subnets create network-b-central --network network-b --range 10.8.0.0/16 --region us-central1
gcloud compute instances create vm-b --zone us-central1-a --network network-b --subnet network-b-central
ggcloud compute firewall-rules create network-b-fw --network network-b --allow tcp:22,icmp
Peer network -a with network-b (peer-ab)
VPC Network > VPC network peering > Create Connection > Continue
Name : peer-ab
Your VPC network : network-a
Peering VPC network : (Radio Button) In another project
Project ID : 'second project id'
VPC network name : network-b
Create
Peer network-b with network-a (peer-ba)
VPC Network > VPC network peering > Create Connection > Continue
Name : peer-ba
Your VPC network : network-b
peering VPC network : (Radio Button) In another project
Project ID : 'first project id'
VPC Network name : network-a
Create
gcloud compute routes list --project <First_Project_ID>
Connectivity Test
Copy the internal ip for vm-a
ssh into vm-b instance
ping -c 5 <internal ip of vm-a>