Knowledge check: 1. Expand your subnet IP range 2. false. they use Private IP 3. Allow outbound (500), Deny Inbound (1000), Deny outbound (1000), Allow Inbound (65535), 4. True. When you create a new project in Google Cloud, a default VPC is automatically created for you. By default, this VPC has one subnet in each available region. 5. false - created at region level 6. true
Sorry for the delay in response. Yes, these are correct. Here's the explanation to 3), rules with the highest priority(lowest number) will be evaluated first, in this case, the 3rd rule will be evaluated first as it has the priority of 500, which grants outbound access to 192.168.2.1 on port 22(SSH) then deny on 192.168.2.1 and 0.0.0.0/0 will be evaluated as they are next in line with priority 1000. so deny on every IP except 192.168.2.1 on port 22 will be executed. then inbound on 0.0.0.0/0 will be provided. final results: outbound on 192.168.2.1 port 22 inbound from 0.0.0.0/0 on port 22 rest will be denied.
regarding 5th point, Subnets are created at region level, not the VPC • VPC: Global resource, not tied to a single region. • Subnets: Regional resources within a VPC.
Hi Piyush, Please review the answers below 1) Expand your Subnet IP Range 2) False. They use private IP 3) Can you please provide an answer with explanation 4) True 5) False 6) True
Absolutely correct answers Ngendran, you are on fire! for 3), rules with highest priority(lowest number) will be evaluated first, in this case 3rd rules will be evaluated first as it has the priority of 500, that grants outbound access to 192.168.2.1 on port 22(SSH) then deny on 192.168.2.1 and 0.0.0.0/0 will be evaluated as they are next in line with priority 1000. so deny on every IP expect 192.168.2.1 on port 22 will be executed. then inbound on 0.0.0.0/0 will be provided. final results: outbound on 192.168.2.1 port 22 inbound from 0.0.0.0/0 on port 22 rest will be denied. I hope this I answered your question. Let me know if you still need to discuss anything. Good luck for your exam!
Hi Piyush, thanks for the video mate. it was really amazing. currently I'm still learning about GCP to achieve my goal as an Google Cloud Associate. I have a question, in your topology there is 2 region US-WEST1 and US-EAST 1. Why in the Cloud Console you build the VPC is only on US-WEST1 region? am I missing something here or it should be US-WEST1 and US-EAST1 in the Add Subneting on Create VPC section? 12:01
@@TechTutorialswithPiyush thank you so much for making simple rule. /32 - no ip can change /24 - only last ip can change. /16 - only last two digit ip can change. /8 - last three ip can change. /0 - all ip can change I got the other point is: if the subnet mask is less then it has a larger ip address located to it
1. Firewall Policy vs Firewall Rule (Where to use which one and why) 2. Create Firewall Policy and Implement it for Hybrid use case (Typically customer has dev and prod projects, hence a implement it considering both project) 3. Rules, Policy and Association (Understand use case in detail) 4. Automation of this using terraform (Hierarchical Firewall Policy Automation with Terraform | Google Cloud Blog) can you make a documentation on these ? Need help in understanding clearly kindly look into it, if you can answer all of them.
Firewall rule is to allow/deny certain traffic on certain ports to and from certain IP ranges. e.g if you want that you should have ssh access to your instance. You can create a firewall rule that allows port 22 access from your source IP. Firewall policy is a collection of firewall rules that allows you to update all at once. It can be applied at org level, folder level or vpc level. I have added rest of the items to my to-do list and I will definitely create a video/blog on the same. This video was part of the Associate cloud engineer certification hence, in-depth topics were not covered and only the exam topics were discussed but I will create a blog or video on the same. Thanks for reaching out!
HI For 3 I have a confusion that 2nd rule which deny inbound for 0000/0 with priority 1000 should be superior to 1st rule which allows inbound for 0000/0. so at the end inboud should deny for 0000/0. i.e outbound on 192.168.2.1 port 22 it should final ans
Here's the explanation to 3), rules with the highest priority(lowest number) will be evaluated first, in this case, the 3rd rule will be evaluated first as it has the priority of 500, which grants outbound access to 192.168.2.1 on port 22(SSH) then deny on 192.168.2.1 and 0.0.0.0/0 will be evaluated as they are next in line with priority 1000. so deny on every IP except 192.168.2.1 on port 22 will be executed. then inbound on 0.0.0.0/0 will be provided. final results: outbound on 192.168.2.1 port 22 inbound from 0.0.0.0/0 on port 22 rest will be denied.
Thanks for sharing the answers, yes they are correct. Here's the explanation to 3), rules with the highest priority(lowest number) will be evaluated first, in this case, the 3rd rule will be evaluated first as it has the priority of 500, which grants outbound access to 192.168.2.1 on port 22(SSH) then deny on 192.168.2.1 and 0.0.0.0/0 will be evaluated as they are next in line with priority 1000. so deny on every IP except 192.168.2.1 on port 22 will be executed. then inbound on 0.0.0.0/0 will be provided. final results: outbound on 192.168.2.1 port 22 inbound from 0.0.0.0/0 on port 22 rest will be denied.
You can do that but I would suggest working with Cloud shell as you will get yourself familiar with gcloud CLI .Console usually changes a lot frequently and most of the times you would not get privileged access through console when working for an organization. I would highly recommend working and practising through CLI
Hello Mahesh, If it is a quick question, feel free to message me over Linkedin. You can also join our community call every Sunday 11 am EST on our Discord server.
Hi, need help regarding Ping issue , it might get solve using cloud service. I’m using one remote software , which is using host ip address , basically I’m accessing united based IP from India , so by that getting ping issue around 250ms+ and packet data loss , so actually I want to sort out this issue using cloud service like , ip forwarding or custom routing or whatever helps better in this situation. Please help me with this I’ll pay for worth solution . Thanks
1:26 diagram is misleading, the us-west and us-east VPCs are different VPCs us-west VPC: You could create a subnet with the IP range 10.0.0.0/24. us-east VPC: You could create two subnets: one with the IP range 10.1.0.0/24 and another with the IP range 10.2.0.0/24.
No, it's correct. Let me tell you why, This is one single VPC that has subnet in multiple regions. In GCP you can extend your VPC to multiple regions, this is not possible with AWS. You can further check the below diagram from GCP docs cloud.google.com/vpc/docs/vpc#network_example
🔥 Check out our GCP playlist Namaste Google Cloud - Google Cloud Tutorial for beginners
ruclips.net/p/PLl4APkPHzsUXvkDFARdrH2LMESVqeuH8W
Knowledge check:
1. Expand your subnet IP range
2. false. they use Private IP
3. Allow outbound (500), Deny Inbound (1000), Deny outbound (1000), Allow Inbound (65535),
4. True. When you create a new project in Google Cloud, a default VPC is automatically created for you. By default, this VPC has one subnet in each available region.
5. false - created at region level
6. true
Sorry for the delay in response. Yes, these are correct. Here's the explanation to 3), rules with the highest priority(lowest number) will be evaluated first, in this case, the 3rd rule will be evaluated first as it has the priority of 500, which grants outbound access to 192.168.2.1 on port 22(SSH) then deny on 192.168.2.1 and 0.0.0.0/0 will be evaluated as they are next in line with priority 1000. so deny on every IP except 192.168.2.1 on port 22 will be executed. then inbound on 0.0.0.0/0 will be provided. final results:
outbound on 192.168.2.1 port 22
inbound from 0.0.0.0/0 on port 22
rest will be denied.
@@TechTutorialswithPiyush 👍
regarding 5th point, Subnets are created at region level, not the VPC
• VPC: Global resource, not tied to a single region.
• Subnets: Regional resources within a VPC.
Hi Piyush, Please review the answers below
1) Expand your Subnet IP Range
2) False. They use private IP
3) Can you please provide an answer with explanation
4) True
5) False
6) True
Absolutely correct answers Ngendran, you are on fire! for 3), rules with highest priority(lowest number) will be evaluated first, in this case 3rd rules will be evaluated first as it has the priority of 500, that grants outbound access to 192.168.2.1 on port 22(SSH) then deny on 192.168.2.1 and 0.0.0.0/0 will be evaluated as they are next in line with priority 1000. so deny on every IP expect 192.168.2.1 on port 22 will be executed. then inbound on 0.0.0.0/0 will be provided. final results:
outbound on 192.168.2.1 port 22
inbound from 0.0.0.0/0 on port 22
rest will be denied.
I hope this I answered your question. Let me know if you still need to discuss anything. Good luck for your exam!
@@TechTutorialswithPiyush Great Answers. Many thanks for your time and quick explanation
You're most welcome, happy Diwali 😊🙏
Amazing video, thanks for the explanation
Glad you enjoyed it!
Hi Piyush, thanks for the video mate. it was really amazing.
currently I'm still learning about GCP to achieve my goal as an Google Cloud Associate.
I have a question, in your topology there is 2 region US-WEST1 and US-EAST 1. Why in the Cloud Console you build the VPC is only on US-WEST1 region? am I missing something here or it should be US-WEST1 and US-EAST1 in the Add Subneting on Create VPC section?
12:01
Thank you for the wonderful feedback. Yes, that was my mistake, it should be us-west1 and us-east1. Good catch!
I do not see the video to calculate subnet range as mentioned in the beginning of video. is it there somewhere but I'm missing it?
Is this the link @Piyush?
ruclips.net/video/G1azmL5-eQI/видео.html
I see that you already found it.
@TechTutorialswithPiyush: We can't extend the subnet range in AWS, right ?
Yes, correct. GCP has some advantage over AWS also, VNET in GCP is global , in AWS it is regional
Hi Piyush, I have GCP ACE certification exam on 29th. Could you please throw some lights on practice tests/dumps to get confidence.
Hello Nagendran, ping me over LinkedIn, will share some pointers
@@TechTutorialswithPiyush Sure. Thank you for your quick and prompt response
I believe you need a VPC to peering to connect two VPC from different region.
In GCP, A VPC can span into multiple regions
I have a confusion on subnet concept is there any Video for detail explanation
Yes, please check the below video
ruclips.net/video/G1azmL5-eQI/видео.html
@@TechTutorialswithPiyush thank you so much for making simple rule.
/32 - no ip can change
/24 - only last ip can change.
/16 - only last two digit ip can change.
/8 - last three ip can change.
/0 - all ip can change
I got the other point is: if the subnet mask is less then it has a larger ip address located to it
Is DHCP and dhcprelay supported on gcp?
I am not sure about dhcprelay but dhcp yes.
Very good ❤
Thank you! Cheers!
1. Firewall Policy vs Firewall Rule (Where to use which one and why)
2. Create Firewall Policy and Implement it for Hybrid use case (Typically customer has dev and prod projects, hence a implement it considering both project)
3. Rules, Policy and Association (Understand use case in detail)
4. Automation of this using terraform (Hierarchical Firewall Policy Automation with Terraform | Google Cloud Blog)
can you make a documentation on these ? Need help in understanding clearly kindly look into it, if you can answer all of them.
Firewall rule is to allow/deny certain traffic on certain ports to and from certain IP ranges. e.g if you want that you should have ssh access to your instance. You can create a firewall rule that allows port 22 access from your source IP. Firewall policy is a collection of firewall rules that allows you to update all at once. It can be applied at org level, folder level or vpc level.
I have added rest of the items to my to-do list and I will definitely create a video/blog on the same. This video was part of the Associate cloud engineer certification hence, in-depth topics were not covered and only the exam topics were discussed but I will create a blog or video on the same.
Thanks for reaching out!
@@TechTutorialswithPiyush thank you so much can you answer all the question here in your blog and share it
HI For 3 I have a confusion that 2nd rule which deny inbound for 0000/0 with priority 1000 should be superior to 1st rule which allows inbound for 0000/0. so at the end inboud should deny for 0000/0.
i.e outbound on 192.168.2.1 port 22 it should final ans
Here's the explanation to 3), rules with the highest priority(lowest number) will be evaluated first, in this case, the 3rd rule will be evaluated first as it has the priority of 500, which grants outbound access to 192.168.2.1 on port 22(SSH) then deny on 192.168.2.1 and 0.0.0.0/0 will be evaluated as they are next in line with priority 1000. so deny on every IP except 192.168.2.1 on port 22 will be executed. then inbound on 0.0.0.0/0 will be provided. final results:
outbound on 192.168.2.1 port 22
inbound from 0.0.0.0/0 on port 22
rest will be denied.
#1. Expand your Subnet IP range
#2. Flase
#3. Not Clear
#4. True
#5. False. VPC created at region level
#6. True
Thanks for sharing the answers, yes they are correct. Here's the explanation to 3), rules with the highest priority(lowest number) will be evaluated first, in this case, the 3rd rule will be evaluated first as it has the priority of 500, which grants outbound access to 192.168.2.1 on port 22(SSH) then deny on 192.168.2.1 and 0.0.0.0/0 will be evaluated as they are next in line with priority 1000. so deny on every IP except 192.168.2.1 on port 22 will be executed. then inbound on 0.0.0.0/0 will be provided. final results:
outbound on 192.168.2.1 port 22
inbound from 0.0.0.0/0 on port 22
rest will be denied.
Can I pxe boot with this network?
Boot with the network? sorry I didnt get your question, can you please elaborate
great...thank you
Most welcome
can one subnet span across multiple zones ? at 9:00 image.
Hello Akshahantra, A subnet in GCP is a regional resource so yes, it can span across multiple zones 🙂
@@TechTutorialswithPiyush thanks so much for your time and reply .. Keep going .. we r with u
Can I work only with console but without Cloud ActiveShell or SSH
You can do that but I would suggest working with Cloud shell as you will get yourself familiar with gcloud CLI .Console usually changes a lot frequently and most of the times you would not get privileged access through console when working for an organization. I would highly recommend working and practising through CLI
Good One
Thank you very much 🫡🙏
how do i reach you out?
Hello Mahesh, If it is a quick question, feel free to message me over Linkedin. You can also join our community call every Sunday 11 am EST on our Discord server.
Hi, need help regarding Ping issue , it might get solve using cloud service. I’m using one remote software , which is using host ip address , basically I’m accessing united based IP from India , so by that getting ping issue around 250ms+ and packet data loss , so actually I want to sort out this issue using cloud service like , ip forwarding or custom routing or whatever helps better in this situation. Please help me with this I’ll pay for worth solution . Thanks
Sorry buddy I don't provide paid consulting services. your issue requires complete implementation, sorry I wouldn't be able to help you out
@@TechTutorialswithPiyush Thanks Piyush for reply
Good
Thank you ❣️
1:26 diagram is misleading,
the us-west and us-east VPCs are different VPCs
us-west VPC: You could create a subnet with the IP range 10.0.0.0/24.
us-east VPC: You could create two subnets: one with the IP range 10.1.0.0/24 and another with the IP range 10.2.0.0/24.
No, it's correct. Let me tell you why, This is one single VPC that has subnet in multiple regions. In GCP you can extend your VPC to multiple regions, this is not possible with AWS. You can further check the below diagram from GCP docs
cloud.google.com/vpc/docs/vpc#network_example
Thanks 👍🏻
You're most welcome 🙂