GCP Global Network
A global private isolated virtual network that provides managed networking functionality for your Google Cloud Platform (GCP) resources.
Deployments
28
Made by
Massdriver
Official
Yes
No
Compliance
Clouds
Tags
Operator Guide for gcp-global-network
Google Cloud Virtual Private Cloud (VPC) creates a private cloud as an abstraction on Google Cloud’s physical infrastructure. VPC provides secure network isolation across regions along with the ability to adjust the IP space on the fly.
Use Cases
General Compute
VPC is vital to running almost anything on Google Cloud.
Configuration Presets
Private
This is our only guided configuration for the global network. It sets Classless Inter-Domain Routing (CIDR) blocks for Private Service Connect and Private services access.
Design
The gcp-global-network bundle creates a VPC. It is the global parent for everything that needs network access. You will end up connecting bundles to gcp-subnetwork most of the time, with that subnetwork connected to the global network (cluster → subnetwork → global-network). You cannot run anything in a VPC without a subnetwork. The subnetwork defines the IP range.
Private Service Connect
Private Service Connect improves security by allowing you to access GCP APIs across VPCs without traversing the public Internet.
Private Services Access
Private services access allows GCP services (such as CloudSQL and Memorystore) to be offered through a single peering connection with an internal IP address so that each instance does not consume its own peering connection. This is important since GCP global networks have a peering limit of only 25 connections. You may choose the CIDR blocks for Private Service Connect and private services access, but we do not allow you to turn them off.
Best Practices
Security
Massdriver allocates a range for private services access so that you can launch private Google Cloud Platform (GCP) services without individual peering connections. See documentation here for more information.
Private Service Connect
Private Service Connect lowers network egress costs and latency. You also benefit from the improved security of private networking.
Private Services Access
The peering limit of 25 often becomes a major issue for companies because it limits service scaling. Because private services access routes GCP services through a single peering connection, you can scale larger without hitting the peering limit.
Trade-offs
VPC Flow Logs are not turned on or configurable by this bundle. Even on medium-sized networks, they incur a large cost.
| Variable | Type | Description |
|---|---|---|
| private_service_connect_ip | string | Internal IP address to use for accessing Google APIs, such as CloudFunctions, GCR or Cloud Storage, privately instead of over the internet via public IPs. This IP cannot conflict with any existing subnets or peered networks. More info: https://cloud.google.com/vpc/docs/configure-private-service-connect-apis |
| private_services_access_cidr | string | CIDR range to deploy GCP services to. This range cannot be used for any other purpose and cannot conflict with existing subnets or peered networks. This range is used by Google to deploy services like MemoryStore and CloudSQL without requiring individual peering connections per instance. More info: https://cloud.google.com/vpc/docs/private-services-access |
