Skip to main content

Google Cloud Network Design and Monitoring

Course

Intro Video

Photo of Matthew Ulasien

Matthew Ulasien

Team Lead Google Cloud in Content

Length

03:12:43

Difficulty

Advanced

Videos

11

Hands-on Labs

1

Course Details

This course will be the fourth of a multi-course track to prepare one for the role of a GCP Network Engineer. The Network Design and Monitoring course will build on top of the fundamentals covered in the previous three courses, and expand on it by covering network design best practices, Cloud Deployment manager, balancing network performance and costs with Network Service Tiers, configuring VPC Flow logs and firewall logs, and best practices for optimizing and diagnosing Cloud Storage transfer performance.

Let's get started!

Syllabus

Getting Started

Course Introduction

Course Introduction

00:01:09

Lesson Description:

Welcome to our course. Let's learn what this course is about to help you prepare for the Google Cloud Network Engineer exam.

Getting Started

Designing Your Network

Best Practices for Network Design

00:18:49

Lesson Description:

Let's review some of the concepts we've discussed so far from a design perspective by going over best practices for properly planning your VPC structure. Link to Google's very large VPC design document is below: https://cloud.google.com/solutions/best-practices-vpc-design

Cloud Deployment Manager

Cloud Deployment Manager

00:07:21

Lesson Description:

Let's take a look at the Cloud Deployment Manager service, which is Google's first party infrastracture as code product.

Cloud Deployment Manager Hands On

00:19:51

Lesson Description:

This hands on demonstration will cover a variety of configuration types, starting with simple instances and moving up to more complex multi-network configurations, including templates. If you want to view the configuration and template files used in this lesson, you can access them via either the following web link or copy from the below cloud storage location for your own reference: Web link: https://console.cloud.google.com/storage/browser/la-gcloud-course-resources/network-engineer/deployment-manager?project=la-gcpcourse-resources&folder=true&organizationId=true Bucket location: gs://la-gcloud-course-resources/network-engineer/deployment-manager/

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Managing Costs

Network Service Tiers

00:08:15

Lesson Description:

Let's talk about network service tiers, which allow you to balance optimal network performance with saving costs.

Monitoring and Logging

VPC Flow Logs

00:03:13

Lesson Description:

Let's take a look at VPC Flow Logs, which sample network packets to provide insight on who your VPC instances are talking to.

VPC Flow Logs Hands On

00:14:55

Lesson Description:

This lesson will go through a hands on demonstration of enabling, generating, and viewing VPC flow logs. The commands used in this lesson will be listed below. Create web server GCE instance and firewall to enable HTTP access:

gcloud compute instances create web-server --zone=us-central1-a --machine-type=f1-micro --subnet=subnet-a --metadata=startup-script=sudo apt-get update$'n'sudo apt-get install apache2 -y$'n'echo '<!doctype html><html><body><h1>Hello Linux Academy!</h1></body></html>' | sudo tee /var/www/html/index.html --tags=http-server && gcloud compute firewall-rules create custom-network-allow-http --direction=INGRESS --priority=1000 --network=custom-network --action=ALLOW --rules=tcp:80 --source-ranges=0.0.0.0/0 --target-tags=http-server
Send 500 curl commands to website:
for ((i=1;i<=500;i++)); do curl (website-ip-address); done
BigQuery query to view count of access attempts from external resources, you will need to substitute your table in the from table field, as yours will be different:
#standardSQL
SELECT
jsonPayload.connection.src_ip,
COUNT( jsonPayload.connection.src_ip ) AS total_requests,
SUM(CAST(jsonPayload.bytes_sent AS INT64)) AS bytes,
jsonPayload.dest_instance.vm_name,
jsonPayload.connection.dest_port,
jsonPayload.connection.protocol,
jsonPayload.src_location.country,
jsonPayload.src_location.city
FROM
`flowlogs.(your-table-name)`
WHERE jsonPayload.reporter = 'DEST'
GROUP BY
jsonPayload.connection.src_ip,
jsonPayload.dest_instance.vm_name,
jsonPayload.connection.dest_ip,
jsonPayload.connection.dest_port,
jsonPayload.connection.protocol,
jsonPayload.src_location.country,
jsonPayload.src_location.city
ORDER BY
total_requests DESC

Firewall Logs

00:05:23

Lesson Description:

This lesson will cover what you need to know for working with firewall rules in a VPC, which we will follow with a hands on demonstration.

Firewall Logs Hands On

00:10:47

Lesson Description:

This lesson will go through a hands on demonstration of working with firewall logs. The commands used in this lesson will be listed below. Create custom VPC, subnet, web server GCE instance and firewall to enable HTTP access:

gcloud compute networks create custom-network --subnet-mode=custom

gcloud compute networks subnets create subnet-a --network=custom-network --region=us-central1 --range=10.0.1.0/24

gcloud compute instances create web-server --zone=us-central1-a --machine-type=f1-micro --subnet=subnet-a --metadata=startup-script=sudo apt-get update$'n'sudo apt-get install apache2 -y$'n'echo '<!doctype html><html><body><h1>Hello Linux Academy!</h1></body></html>' | sudo tee /var/www/html/index.html --tags=http-server

gcloud compute firewall-rules create custom-network-allow-http --direction=INGRESS --priority=1000 --network=custom-network --action=ALLOW --rules=tcp:80 --source-ranges=0.0.0.0/0 --target-tags=http-server
BigQuery query to view IP address of connection attempts, port attempted, and location if applicable:
#standardSQL
SELECT  
jsonPayload.connection.src_ip,
jsonPayload.connection.dest_port,
jsonPayload.remote_location.continent,
jsonPayload.remote_location.country,
jsonPayload.remote_location.region,
jsonPayload.rule_details.action
FROM `denied_logs.(your-table-name-here)` 
ORDER BY jsonPayload.connection.dest_port

Cloud Storage

Optimize Cloud Storage Performance

00:11:46

Lesson Description:

This lesson will cover best practices for optimizing the performance of file transfers to Cloud Storage, and how to diagnose and measure performance. Below is the link for the perfdiag utility for further reference: https://cloud.google.com/storage/docs/gsutil/commands/perfdiag

Course Conclusion

Course Conclusion and Next Steps

00:01:10

Lesson Description:

If you are working through the GCP Network Engineer preparation track, the link to the exam preparation course is below: https://linuxacademy.com/cp/modules/view/id/469

Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial