This lab will go through the process of connecting multiple VPCs in a single project via VPC network peering.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Establish Peering Connection from network-1 to network-2
- From the web console, go to the top left menu.
- Scroll down to VPC network, and select VPC network peering.
- Click Create connection, then Continue.
- Set the following values:
- Name: network-1-to-2-peer
- Your VPC network: network-1
- Peered VPC network: In project [YOUR PROJECT ID]
- VPC network name: network-2
- Click Create.
- Establish Peering Connection from network-2 to network-1
- From the VPC network peering page, click Create peering connection, then Continue.
- Set the following values:
- Name: network-2-to-1-peer
- Your VPC network: network-2
- Peered VPC network: In project [YOUR PROJECT ID]
- VPC network name: network-1
- Click Create.
- Establish Peering Connection from network-1 to network-3
- From the VPC network peering page, click Create peering connection, then Continue.
- Set the following values:
- Name: network-1-to-3-peer
- Your VPC network: network-1
- Peered VPC network: In project [YOUR PROJECT ID]
- VPC network name: network-3
- Click Create.
- Establish Peering Connection from network-3 to network-1
- From the VPC network peering page, click Create peering connection, then Continue.
- Set the following values:
- Name: network-3-to-1-peer
- Your VPC network: network-3
- Peered VPC network: In project [YOUR PROJECT ID]
- VPC network name: network-1
- Click Create.
- Create Firewall Rule to Allow ICMP from network-1’s and network-2’s Subnets to Allow Ping Access to network-3
- From the VPC network menu on the left side, click Firewall rules.
- Click CREATE FIREWALL RULE.
- Name the rule "icmp-allow-network-3".
- In the Network dropdown menu, select network-3.
- In the Targets dropdown menu, select All instances in the network.
- In the Source filter dropdown menu, select IP ranges.
- In the Source IP ranges field, enter the following IP ranges for subnet-a (in network-1) and subnet-b (in network-2). Separate the ranges with a space:
- 10.0.1.0/24
- 10.0.2.0/24
- In Protocols and ports, select Specified protocols and ports.
- Select other protocols, and then enter "icmp" for the protocols.
- Click Create.
- Test Private Network Connectivity Between Peered Networks
- Go to the top left menu, and select Compute Engine.
- Click the SSH button next to instance-1.
- Attempt to ping the external IP address of instance-3. It should be unsuccessful because we did not allow ICMP access from the public internet (0.0.0.0/0).
- Attempt to ping the internal IP address of instance-3. It should be successful.
- Exit out of the SSH session for instance-1.
Attempt to ping instance-3 from instance-2, which is not directly peered.
- From Compute Engine, access instance-2 via SSH.
- Attempt to ping the external IP address of instance-3. It should be unsuccessful because we did not allow ICMP access from the public internet (0.0.0.0/0).
- Attempt to ping the internal IP address of instance-3. It should be also be unsuccessful, because network-2 is not directly peered with network-3, and transitive peering is not allowed.
