Networking for Compute Engine
We learned to create a Compute Engine in our last post, but we left some configurations to the default. In every project, a default VPC(Virtual Private Cloud) is created for you to deploy the resources. However, default VPC is not recommended for production environments. The default VPC subnet will be selected automatically whenever you deploy a Compute Engine. If you have a requirement to deploy resources in a different network, you will have to choose the correct VPC and subnet while configuring the Compute Engine. In the post, we will cover the networking configuration for Compute Engine.
While Configuring Compute Engine, you will find a section for additional configuration, “Networking, Disks, Security, Management, Sole-Tenancy.”
Once you expand the Networking option, you will see Default Network subnet is selected automatically for Compute Engine. To choose a different network, you can click on the arrow for the default Network interface and select the required network. On this option, you can see Networking Configuration for your Compute Engine.
If you need more detailed steps, please watch the video below:
What if we created a Compute Engine with the wrong VPC, and now we need to change the VPC. Is it possible?
Yes, we can migrate Compute Engine between networks if required. We must stop the VM before editing the Virtual Network interface for Compute Engine to modify the network. I performed this in my testing environment; please review the video below for more information.
Compute Engine with Multiple Network Interface
You can create Compute Engine with multiple network interfaces, and this can only be done while creating Compute Engine. If you have Compute Engine already running, you can’t add more network interfaces. Below are the steps to add multiple network interfaces :
- While creating Compute Engine, you will find a section for additional configuration, “Networking, Disks, Security, Management, Sole-Tenancy.” [same as the previous section]
- Once you click on this option, you can see Networking Configuration for your Compute Engine.
- Under Network interfaces, you can see the “ADD NETWORK INTERFACE” option. Here you can add more network interfaces from different VPC’s. Make sure the subnet CIDR is not overlapping with one another.
After VM creation, we can see two network interfaces with two Private IPs from different VPC. If you want, you can add external IP to this network interface. However, in my case, I selected none.
One Important point, this machine can now reach all the machines in any subnet in the default VPC with nic0(Primary NIC), but for the prod VPC with nic1(Secondary NIC), it can only reach the machine inside the same subnet in which it’s deployed. If you want to connect all the machines in any subnet in prod VPC, you have to configure policy routing on this machine.
The next question will be how many network interfaces can be attached to a Virtual machine. It depends upon the number of Virtual CPUs attached to Compute Engine, but you can attach up to 8 network interfaces to a single machine.
– 2 or less vCPU: You can attach 2 Network interface
– 2 to 8 vCPU: 2 to 8 network interfaces can be attached
Want to see this testing in action? Watch the video below.
What are Network tags in Compute Engine?
Network tags are helpful when applying the firewall rules to some specific Virtual Machines rather than all machines inside the VPC. We will discuss network tags in more detail while studying the VPC firewall.
What is the Hostname option in the networking section?
You can configure the custom hostname for your Virtual machine while creating, and it will create a DNS record that will resolve into Private IP. However, this hostname will not automatically resolve into IP outside your machine. For that, you will create a DNS record in your Public or Private DNS for the custom hostname.
What is External IP in the networking section?
Every Networking interface can have one external IP used to send and receive traffic outside your VPC. You have to make sure your Virtual machine has an external IP if your virtual machine needs to reach resources on Public Network. Internal IP allows communication inside your VPC, whereas External IP provides communication to the Public network. You can select the none option if your VM doesn’t need Public IP.
I hope you know you have a good understanding on Compute Engine networking configuration.
