Connecting VPCs with Network Peering on the Google Cloud Platform

30 minutes
  • 6 Learning Objectives

About this Hands-on Lab

This lab will go through the process of connecting multiple VPCs in a single project via VPC network peering.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Establish Peering Connection from network-1 to network-2
  1. From the web console, go to the top left menu.
  2. Scroll down to VPC network, and select VPC network peering.
  3. Click Create connection, then Continue.
  4. Set the following values:
    • Name: network-1-to-2-peer
    • Your VPC network: network-1
    • Peered VPC network: In project [YOUR PROJECT ID]
    • VPC network name: network-2
  5. Click Create.
Establish Peering Connection from network-2 to network-1
  1. From the VPC network peering page, click Create peering connection, then Continue.
  2. Set the following values:
    • Name: network-2-to-1-peer
    • Your VPC network: network-2
    • Peered VPC network: In project [YOUR PROJECT ID]
    • VPC network name: network-1
  3. Click Create.
Establish Peering Connection from network-1 to network-3
  1. From the VPC network peering page, click Create peering connection, then Continue.
  2. Set the following values:
    • Name: network-1-to-3-peer
    • Your VPC network: network-1
    • Peered VPC network: In project [YOUR PROJECT ID]
    • VPC network name: network-3
  3. Click Create.
Establish Peering Connection from network-3 to network-1
  1. From the VPC network peering page, click Create peering connection, then Continue.
  2. Set the following values:
    • Name: network-3-to-1-peer
    • Your VPC network: network-3
    • Peered VPC network: In project [YOUR PROJECT ID]
    • VPC network name: network-1
  3. Click Create.
Create Firewall Rule to Allow ICMP from network-1’s and network-2’s Subnets to Allow Ping Access to network-3
  1. From the VPC network menu on the left side, click Firewall rules.
  2. Click CREATE FIREWALL RULE.
  3. Name the rule "icmp-allow-network-3".
  4. In the Network dropdown menu, select network-3.
  5. In the Targets dropdown menu, select All instances in the network.
  6. In the Source filter dropdown menu, select IP ranges.
  7. In the Source IP ranges field, enter the following IP ranges for subnet-a (in network-1) and subnet-b (in network-2). Separate the ranges with a space:
    • 10.0.1.0/24
    • 10.0.2.0/24
  8. In Protocols and ports, select Specified protocols and ports.
    • Select other protocols, and then enter "icmp" for the protocols.
  9. Click Create.
Test Private Network Connectivity Between Peered Networks
  1. Go to the top left menu, and select Compute Engine.
  2. Click the SSH button next to instance-1.
  3. Attempt to ping the external IP address of instance-3. It should be unsuccessful because we did not allow ICMP access from the public internet (0.0.0.0/0).
  4. Attempt to ping the internal IP address of instance-3. It should be successful.
  5. Exit out of the SSH session for instance-1.

Attempt to ping instance-3 from instance-2, which is not directly peered.

  1. From Compute Engine, access instance-2 via SSH.
  2. Attempt to ping the external IP address of instance-3. It should be unsuccessful because we did not allow ICMP access from the public internet (0.0.0.0/0).
  3. Attempt to ping the internal IP address of instance-3. It should be also be unsuccessful, because network-2 is not directly peered with network-3, and transitive peering is not allowed.

Additional Resources

In this lab, we will take three disconnected VPC networks and enable private RFC 1918 communication via network peering on GCP. Network peering allows you to take any Google Cloud VPC and establish a private network connection with another GCP VPC so traffic between them does not touch the public internet.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?