Skip to main content

Connecting VPCs with Network Peering on the Google Cloud Platform

Hands-On Lab

 

Photo of Matthew Ulasien

Matthew Ulasien

Team Lead Google Cloud in Content

Length

00:30:00

Difficulty

Intermediate

This lab will go through the process of connecting multiple VPCs in a single project via VPC network peering.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Connecting VPCs with Network Peering on the Google Cloud Platform

Introduction

This lab will go through the process of connecting multiple VPCs in a single project via VPC network peering.

How to Log in to Google Lab Accounts

On the lab page, right-click Open GCP Console and select the option to open it in a new private browser window (this option will read differently depending on your browser — e.g., in Chrome, it says "Open Link in Incognito Window"). Then, sign in to Google Cloud Platform using the credentials provided on the lab page.

On the Welcome to your new account screen, review the text, and click Accept. In the "Welcome L.A.!" pop-up once you're signed in, check to agree to the terms of service, choose your country of residence, and click Agree and Continue.

Establish Peering Connection from network-1 to network-2

  1. From the web console, go to the top left menu.
  2. Scroll down to VPC network, and select VPC network peering.
  3. Click Create connection, then Continue.
  4. Set the following values:
    • Name: network-1-to-2-peer
    • Your VPC network: network-1
    • Peered VPC network: In project [YOUR PROJECT ID]
    • VPC network name: network-2
  5. Click Create.

Establish Peering Connection from network-2 to network-1

  1. From the VPC network peering page, click Create peering connection, then Continue.
  2. Set the following values:
    • Name: network-2-to-1-peer
    • Your VPC network: network-2
    • Peered VPC network: In project [YOUR PROJECT ID]
    • VPC network name: network-1
  3. Click Create.

Establish Peering Connection from network-1 to network-3

  1. From the VPC network peering page, click Create peering connection, then Continue.
  2. Set the following values:
    • Name: network-1-to-3-peer
    • Your VPC network: network-1
    • Peered VPC network: In project [YOUR PROJECT ID]
    • VPC network name: network-3
  3. Click Create.

Establish Peering Connection from network-3 to network-1

  1. From the VPC network peering page, click Create peering connection, then Continue.
  2. Set the following values:
    • Name: network-3-to-1-peer
    • Your VPC network: network-3
    • Peered VPC network: In project [YOUR PROJECT ID]
    • VPC network name: network-1
  3. Click Create.

Create Firewall Rule to Allow ICMP from network-1's and network-2's Subnets to Allow Ping Access to network-3

  1. From the left-hand menu, click Firewall rules.
  2. Click Create firewall rule, and set the following values:
    • Name: icmp-allow-network-3
    • Network: network-3
    • Targets: All instances in the network
    • Source filter: IP ranges
    • Source IP ranges: 10.0.1.0/24, 10.0.2.0/24
    • Protocols and ports: Specified protocols and ports
      • Select Other protocols, and enter "icmp".
  3. Click Create.

Test Private Network Connectivity Between Peered Networks

Attempt to Ping instance-3 from instance-1

  1. Go to the top left menu, and select Compute Engine.
  2. Copy the external IP listed for instance-3.
  3. Click the SSH button next to instance-1.
  4. In the SSH session, enter ping and the eternal IP of instance-3. It should be unsuccessful because we did not allow ICMP access from the public internet (0.0.0.0/0).
  5. Back on the Compute Engine page, copy the internal IP of instance-3.
  6. In the SSH session, enter ping and the internal IP. It should be successful.
  7. Exit out of the SSH session for instance-1.

Attempt to Ping instance-3 from instance-2

  1. From the Compute Engine page, copy the external IP listed for instance-3.
  2. Click SSH next to instance-2.
  3. In the SSH session, enter ping and the eternal IP of instance-3. It should be unsuccessful because we did not allow ICMP access from the public internet (0.0.0.0/0).
  4. Back on the Compute Engine page, copy the internal IP of instance-3.
  5. In the SSH session, enter ping and the internal IP. It should also be unsuccessful, because network-2 is not directly peered with network-3, and transitive peering is not allowed.

Conclusion

Congratulations on successfully completing this hands-on lab!