thesaravanakumar

Network Endpoint Groups

Abstraction layer that enables container native load balancing

• Load Balancers can not identify pods in a node (VM) it only identifies instance group or nodes. So this is where NEGs comes in. NEGs are integrated with the Kubernetes ingress controller running on GCP
• A network endpoint group (NEG) is a configuration object that specifies a group of backend endpoints or services. A common use case for this configuration is deploying services in containers. You can also distribute traffic in a granular fashion to applications running on your backend instances.

Types of NEGs

• Zonal NEG - One or more internal IP address endpoints that resolve to either VM or Pods.
• Internet NEG - A single internet-routable endpoint that is hosted outside of Google Cloud.
• Serverless NEG - A single endpoint within Google's network that resolves to an App Engine, Cloud Functions, API Gateway, or Cloud Run service.
• Hybrid connectivity NEG - One or more endpoints

thesaravanakumar

How data is transfered from one computer to another in network

Basic Form: Two computers are connected through lan and connectors sharing data using network interface card (NIC) forms a network. Dia ->

What if it has two different operating system. How it is going to communicate with eachother? OSI model OSI stands for Open Systems Interconnection. It has been developed by ISO – ‘International Organization for Standardization‘, in the year 1984. It is a 7 layer architecture with each layer having specific functionality to perform. All these 7 layers work collaboratively to transmit the data from one person to another across the globe.

Each layer is a package of protocols

thesaravanakumar

Terraform Commands

There are a couple of commands to check the Terraform’s built-in command-line documentation:

• terraform
• terraform -h
• terraform --help

The resulting help page will have the main commands at the top, followed by the less common or more complex commands below.

thesaravanakumar

Grafana

• Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources.
• One of the biggest highlights of grifana is the ability to bring several data sources together in one dashboard with adding rows that will host individual panels that is each with visual type

Types of data in grafana

• metrics (cpu load, memory usage, temp)
• logs

thesaravanakumar

Private Service Connect (service-centric approach)

Private Service Connect allows private consumption of services across VPC networks that belong to different groups, teams, projects, or organizations. You can publish and consume services using IP addresses that you define and that are internal to your VPC network.

• Secure: Traffic stays on Google's backbone
• Simple & performant: Just need an endpoint, and get line-rate performance
• Agile: Focus on the service; unburden network teams

thesaravanakumar

VPC Network Peering

Google Cloud VPC Network Peering allows internal IP address connectivity across two VPC networks regardless of whether they belong to the same project or the same organization. Traffic stays within Google's network and doesn't traverse the public internet.

VPC Network Peering gives you several advantages over using external IP addresses or VPNs to connect networks, including:

• Network Latency
• Network Security
• Network Cost

thesaravanakumar

Shared VPC (software-defined networking on top of Google's Andromeda)

Allows an organization to connect resources from multiple projects to a common VPC network, so that they can communicate with each other securely and efficiently using internal IPs from that network. When you use Shared VPC, you designate a project as a host project and attach one or more other service projects to it. The VPC networks in the host project are called Shared VPC networks. Eligible resources from service projects can use subnets in the Shared VPC network.

• Traffic stays on google's private network and benefits from its security reliability and low latency currently
• GCP lets you expand an existing subnet without affecting any existing VM's IP address, and with zero downtime.
• Organization account is needed.
• Compute Engine API shoul

thesaravanakumar

Cloud VPN (site to site)

Cloud VPN securely connects your peer network to your VPC network through an IPsec VPN connection. Traffic traveling between the two networks is encrypted and decrypted by VPN gateway.

Features

• useful for low-volume data connections
• 99.9% SLA (availability)
• supports

thesaravanakumar

Serverless VPC Access

Connect directly to your VPC network from serverless environments such as Cloud Run, App Engine, or Cloud Functions. Configuring Serverless VPC Access allows your serverless environment to send requests to your VPC network using internal DNS and internal IP addresses

There are two main benefits to using Serverless VPC Access:

• Requests sent to your VPC network are never exposed to the internet.
• Communication through Serverless VPC Access can have less latency compared to the internet.

Private Google Access (sending over internal IP)

thesaravanakumar

Firewall

• Firewall rules let you allow or deny traffic to and from your VM instances based on a configuration you specify.
• While firewall rules are defined at the network level, connections are allowed or denied on a per-instance basis. You can think of the VPC firewall rules as existing not only between your instances and other networks, but also between individual instances within the same network
• It is Global like a VPC.
• Existing between instances within same network and instances and other network.
• Each VPC network acts as a distributed firewall -> by default it will handle filtering traffic.

Ex - Applying firewall rules to tagged instances (connections are allowed at per instance basis)