In this codelab, you'll learn the differences between the legacy Google Compute Engine networking model, and the new Subnetwork model. Subnetwork allows you to create your own network topology as you would in your own on-premise datacenter, so that you can assign specific IP address ranges to groups of machines.

What you'll learn

What you'll need

How will you use this tutorial?

Read it through only Read it and complete the exercises

What are your experiences with Google Cloud Platform?

First time trying this! Novice Intermediate Proficient

Codelab-at-a-conference setup

The instructor will be sharing with you temporary accounts with existing projects that are already setup so you do not need to worry about enabling billing or any cost associated with running this codelab. Note that all these accounts will be disabled soon after the codelab is over.

Once you have received a temporary username / password to login from the instructor, log into Google Cloud Console: https://console.cloud.google.com/.

Here's what you should see once logged in :

Note the project ID you were assigned ( "codelab-test003" in the screenshot above). It will be referred to later in this codelab as PROJECT_ID.

Very Important - Visit each of these pages to kick-off some initial setup behind the scenes, such as enabling the Compute Engine API:
Compute → Compute Engine → VM Instances

Once the operations completes, you will do most of the work from the Google Cloud Shell, a command line environment running in the Cloud. This Debian-based virtual machine is loaded with all the development tools you'll need (gcloud, git and others) and offers a persistent 5GB home directory. Open the Google Cloud Shell by clicking on the icon on the top right of the screen:

Finally, using Cloud Shell, set the default zone and project configuration:

$ gcloud config set compute/zone europe-west1-c
$ gcloud config set compute/region europe-west1

You can pick and choose different zones too. Learn more about zones in Regions & Zones documentation.

Traditionally in Google Compute Engine, you define a single network IPv4 prefix range for all the virtual machine instances attached to that network, and that network spans all Cloud Platform regions.

Each instance within a network is assigned an IPv4 address from a global network IPv4 range. Instance IP addresses are not grouped by region or zone. One IP address might appear in one region, and its neighbor might be in a different region. Any given range of IPs can be spread across all regions, and the IP addresses of instances created within a region are not necessarily contiguous.

For example, if you have virtual machine instances in two Google Cloud regions, and different zones, each of the instance will be assigned an IP address from the global pool, like this:

As a result, in the legacy network mode, you won't be able to group your instances into different logical subnetworks like you do in your on-premise networks.

Google Compute Engine now supports creating your own subnetworks, and it's turned on by default for new projects. Read on to learn more.

You can let Google Compute Engine automatically create and manage subnetworks based on region. It can automatically assign a subnetwork IP prefix range to each region in your network. The instances created in a zone in a specific region in your network get assigned an IP allocated from the regional subnetwork range. This is the default mode for any new Google Cloud Platform projects.

You can see your current network setup two ways, from the Google Cloud Console, or from command line.

From the Google Cloud Console, click on the Menu icon on the top left of the screen:

Then navigate to Networking > Networks:

You will see that your project is already configured with automatic regional subnetworks, and there are different subnetworks created for each of the regions:

You can get the same information from the console. Start Cloud Shell, as instructed in the previous section, if you haven't done so already. In the shell, list existing networks:

$ gcloud compute networks list
NAME    MODE IPV4_RANGE GATEWAY_IPV4
default auto

It shows the default network with the automatic regional subnetwork mode. But to see the actual subnetwork ranges:

$ gcloud compute networks subnets list
NAME    REGION       NETWORK RANGE
default asia-east1   default 10.140.0.0/20
default us-central1  default 10.128.0.0/20
default europe-west1 default 10.132.0.0/20
default us-east1     default 10.142.0.0/20

Let's create two different virtual machines, each in a different regions:

$ gcloud compute instances create instance-1 --zone us-east1-b
Created [https://www.googleapis.com/compute/v1/projects/...].
NAME       ZONE       MACHINE_TYPE  PREEMPTIBLE INTERNAL_IP EXTERNAL_IP   STATUS
instance-1 us-east1-b n1-standard-1             10.142.0.2  X.X.X.X      RUNNING
$ gcloud compute instances create instance-2 --zone us-central1-c
Created [https://www.googleapis.com/compute/v1/projects/...].
NAME       ZONE          MACHINE_TYPE  PREEMPTIBLE INTERNAL_IP EXTERNAL_IP    STATUS
instance-2 us-central1-c n1-standard-1             10.128.0.2  X.X.X.X   RUNNING

Check their IP addresses, they should belong to the same subnetwork range for the respective region that the zone belongs to:

$ gcloud compute instances list
NAME       ZONE          MACHINE_TYPE  PREEMPTIBLE INTERNAL_IP EXTERNAL_IP    STATUS
instance-2 us-central1-c n1-standard-1             10.128.0.2  X.X.X.X   RUNNING
instance-1 us-east1-b    n1-standard-1             10.142.0.2  X.X.X.X    RUNNING

Custom Subnetworks allows you to manually define subnetwork IP range for each region in your network. There can be zero, one, or several subnetwork IP ranges created per region for a network. In order to create an instance in a zone, you must have previously created at least one subnetwork in that region. At instance creation time, you will need to specify the subnetwork in the region that the instance IP should be allocated from.

Let's create a new network topology that supports custom subnetworks:

$ gcloud compute networks create custom-network1 --mode custom
Created [https://www.googleapis.com/compute/v1/projects/...].
NAME            MODE   IPV4_RANGE GATEWAY_IPV4
custom-network1 custom

Next, create a custom subnet in the us-central1 region:

$ gcloud compute networks subnets create subnet-us-central-192 \
      --network custom-network1 \
      --region us-central1 \
      --range 192.168.1.0/24
Created [https://www.googleapis.com/compute/v1/projects/...].
NAME                  REGION      NETWORK         RANGE
subnet-us-central-192 us-central1 custom-network1 192.168.1.0/24

Next, create a custom subnet in the europe-west1 region:

$ gcloud compute networks subnets create subnet-europe-west-192 \
      --network custom-network1 \
      --region europe-west1 \
      --range 192.168.5.0/24
Created [https://www.googleapis.com/compute/v1/projects/...].
NAME                   REGION       NETWORK         RANGE
subnet-europe-west-192 europe-west1 custom-network1 192.168.5.0/24

You can then list all of your subnetworks:

$ gcloud compute networks subnets list
NAME                   REGION       NETWORK         RANGE
default                asia-east1   default         10.140.0.0/20
default                us-central1  default         10.128.0.0/20
subnet-us-central-192  us-central1  custom-network1 192.168.1.0/24
default                europe-west1 default         10.132.0.0/20
subnet-europe-west-192 europe-west1 custom-network1 192.168.5.0/24
default                us-east1     default         10.142.0.0/20

Then you can create instances in the different subnetworks:

$ gcloud compute instances create instance-3 \
      --zone us-central1-a \
      --subnet subnet-us-central-192
Created [https://www.googleapis.com/compute/v1/projects/...].
NAME       ZONE          MACHINE_TYPE  PREEMPTIBLE INTERNAL_IP EXTERNAL_IP   STATUS
instance-3 us-central1-a n1-standard-1             192.168.1.2 X.X.X.X   RUNNING

$ gcloud compute instances create instance-4 \
      --zone europe-west1-d \
      --subnet subnet-europe-west-192
Created [https://www.googleapis.com/compute/v1/projects/...].
NAME       ZONE           MACHINE_TYPE  PREEMPTIBLE INTERNAL_IP EXTERNAL_IP   STATUS
instance-4 europe-west1-d n1-standard-1             192.168.5.2 X.X.X.X  RUNNING

In the automatic regional network, all virtual machine instances within a network can communicate with each other, because it automatically created firewall rules to open communication between the different regional networks. However, custom subnetworks do not have default firewall rules, so an instance in one custom subnetwork cannot reach an instance in another custom subnetwork.

To allow inter-subnetwork communication, you'll need to create firewall rules. We won't have time to go through this in the coding challenge lab. But you can learn more about this advanced topic in the Subnetwork documentation.

You now know the basics of the default network topology as well as the ability to create your own network topology on Google Cloud Platform!

What we've covered

Next Steps