Are network tags mandatory to enable login to a VM ? if so we dont create any tag when using creating VM using default VPC and still it allows login . how
No, they’re not. You can create a Firewall Rule that points directly to the static private IP of your VM in the VPC and thus allowing terminal access (SSH/RDP) from your computer. Network Tags are not mandatory, at least for simple use case.
However, using Network Tags is a smart way to dynamically handling and maintaining access to your infrastructure, especially when you have a bunch of GCE instances created from templates. Instead of manually specifying instance’s address (or its Subnet), you can use only a designated Network Tag to create a uniform firewall rule, which simplifies FW rule management a lot.