DBzTech-Technology Dossier

What is VPC in Google Cloud

What Is a VPC in Google Cloud?

Ever wondered how your cloud resources communicate securely and privately at scale? In Google Cloud, that invisible backbone is the VPC.

A Virtual Private Cloud (VPC) is a secure, private, and isolated virtual network inside Google’s massive global network. It allows you to run cloud resources—such as virtual machines (VMs)—in a network that you fully control. Imagine running your own virtual data center that can be deployed across regions and zones – Completely Isolated and Secure.

Importance of VPC in Google Cloud

A Google Cloud VPC enables you to:

  • Securely connect compute resources
  • Control network traffic
  • Isolate environments (dev, test, prod)
  • Connect on-premises networks to the cloud

💡 Exam Insight:
If a question mentions networking, isolation, IP addresses, or firewalls, think VPC.

Let’s start with simple Analogy: VPC as an Office Building 🏢

  • VPC → Is like company’s private office building inside a big city (the public cloud).
  • Subnets → Floors in the building (HR, Finance, Dev)
  • Firewall Rules → Security guards at each door
  • Routes → Hallways and elevators connecting floors

Everything inside the building is controlled, secure, and isolated.

Core Components (Pillars) of a VPC

🧱 1. Subnets (Regional Network Segments)

Subnets divide a VPC into smaller, manageable network segments, and each subnet belongs to a specific region.

Example:

  • Subnet A → us-central1 (Development)
  • Subnet B → europe-west1 (Production)

📌 Exam Tip:

VPC is global, but subnets are regional.

🛡️ 2. Firewall Rules (Traffic Control)

Firewall rules define which traffic is allowed or denied to VM instances in a VPC.

They control:

  • Inbound traffic (ingress)
  • Outbound traffic (egress)
  • Ports and protocols (HTTP, HTTPS, SSH, etc.)

Firewall rules act like security guards, ensuring only approved traffic can enter or leave.

📌 Exam Tip:
Firewall rules are stateful and apply at the VM level.

🛣️ 3. Routes (Traffic Pathways)

Routes determine how network traffic travels:

  • Between subnets
  • To the internet
  • To on-premises networks via VPN or Interconnect

Routes ensure traffic takes the correct and secure path.

Example:

🔐 Network Security Rule Configuration

DirectionSource/DestinationProtocol & PortAction
Ingress192.168.1.0/24 → Internal Load BalancerTCP:80Allowed ✅

This rule means HTTP traffic (TCP port 80) from the internal subnet 192.168.1.0/24 to reach an internal load balancer. Let me know if you want more examples or a visual diagram of these rules.

What VPC Connects (Important for CDL Exam)

✔️ Connected through VPC:

  • Virtual Machines (Compute Engine)
  • GKE clusters
  • Internal load balancers

❌ Not inside VPC:

  • Cloud Storage buckets (global service)

✔️ A VPC network = a top‑level, isolated virtual network

Each VPC network contains:

  • Its own subnets
  • Its own firewall rules
  • Its own routing tables
  • Its own peering / connectivity
  • Its own service controls

✔️ The quota means:

You can create only 5 of these top‑level VPC networks inside a single GCP project.*
(Important question for CDL exam)

When do you actually need multiple VPC networks?

Use multiple VPCs only when you need:

  • Hard isolation between environments (prod vs dev)
  • Different administrative boundaries.
  • Different org-level security policies.
  • Separate network topologies.

Otherwise, a single VPC with subnets is simpler and cheaper.

Sample question:
Your organization recently migrated its compute workloads to Google Cloud. You want these workloads in Google Cloud to privately and securely access your large volume of on‑premises data, and you also want to minimize latency. What should your organization do?

A. Use Storage Transfer Service to securely make your data available to Google Cloud
B. Create a VPC between your on‑premises data center and your Google resources
C. Peer your on‑premises data center to Google’s Edge Network
D. Use Transfer Appliance to securely make your data available to Google Cloud

Option B is correct as described above in section Importance of VPC in Google Cloud
To explain further, To let on-prem systems talk to that VPC privately, you attach a hybrid connectivity service (cloud VPN, or Interconnect) to the VPC

You don’t extend the VPC into on-prem, you connect on-prem to the VPC using VPN or Interconnect.

That’s why the correct conceptual answer is:

Create a VPC and connect it to on-prem via VPN or Interconnect

Topic for next Read:
Now that we have secured the building, how do we route the traffic from the whole world to correct destinations? That is what to be covered in Cloud Load Balancers.

Leave a comment

Related Blog Posts:

Discover more from DBzTech-Technology Dossier

Subscribe now to keep reading and get access to the full archive.

Continue reading