Bird
Raised Fist0
GCPcloud~20 mins

VPC peering in GCP - Mini Project: Build & Apply

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
GCP VPC Peering Setup
📖 Scenario: You are working as a cloud engineer for a company that has two separate Virtual Private Cloud (VPC) networks in Google Cloud Platform (GCP). These networks need to communicate securely and privately without using the public internet.To achieve this, you will set up VPC peering between the two networks.
🎯 Goal: Create a VPC peering connection between two existing VPC networks named vpc-network-a and vpc-network-b in the same GCP project.This will allow resources in both networks to communicate privately.
📋 What You'll Learn
Create a VPC peering request from vpc-network-a to vpc-network-b.
Create a VPC peering request from vpc-network-b to vpc-network-a.
Use the Google Cloud SDK gcloud commands to configure the peering.
Verify the peering connections are established.
💡 Why This Matters
🌍 Real World
VPC peering is used in cloud environments to connect separate private networks securely without exposing traffic to the public internet.
💼 Career
Cloud engineers and network administrators often configure VPC peering to enable private communication between different parts of an organization's cloud infrastructure.
Progress0 / 4 steps
1
Create VPC peering request from vpc-network-a
Use the gcloud command to create a VPC peering connection from vpc-network-a to vpc-network-b with the peering name peer-a-to-b.
GCP
Hint

Use the gcloud compute networks peerings create command with the correct network names and peering name.

2
Create VPC peering request from vpc-network-b
Use the gcloud command to create a VPC peering connection from vpc-network-b to vpc-network-a with the peering name peer-b-to-a.
GCP
Hint

Repeat the peering creation from the other network with a different peering name.

3
Verify VPC peering connections
Use the gcloud command to list the VPC peering connections for vpc-network-a and verify the peering peer-a-to-b is in the list.
GCP
Hint

Use gcloud compute networks peerings list --network=vpc-network-a to see the peering connections.

4
Verify VPC peering connections from vpc-network-b
Use the gcloud command to list the VPC peering connections for vpc-network-b and verify the peering peer-b-to-a is in the list.
GCP
Hint

Use gcloud compute networks peerings list --network=vpc-network-b to confirm the peering from the other side.

Practice

(1/5)
1.

What is the main purpose of VPC peering in Google Cloud?

easy
A. To create a firewall rule between two networks
B. To connect two private networks securely without using the internet
C. To provide public internet access to virtual machines
D. To enable automatic backups of virtual machines

Solution

  1. Step 1: Understand VPC peering concept

    VPC peering connects two private networks directly, avoiding the public internet.

  2. Step 2: Compare options with concept

    Only To connect two private networks securely without using the internet describes secure private network connection without internet.

  3. Final Answer:

    To connect two private networks securely without using the internet -> Option B

  4. Quick Check:

    VPC peering = secure private network connection [OK]
Hint: VPC peering = private network connection, no internet needed [OK]
Common Mistakes:
  • Confusing VPC peering with firewall rules
  • Thinking VPC peering provides internet access
  • Assuming VPC peering is for backups
2.

Which of the following is the correct command to create a VPC peering connection from net-a to net-b in Google Cloud CLI?

gcloud compute networks peerings create PEERING_NAME --network=NETWORK --peer-network=PEER_NETWORK
easy
A. gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b
B. gcloud compute networks peerings create net-a --network=peer-ab --peer-network=net-b
C. gcloud compute networks peerings create net-b --network=net-a --peer-network=net-b
D. gcloud compute networks peerings create peer-ab --peer-network=net-a --network=net-b

Solution

  1. Step 1: Identify correct command syntax

    The command requires a peering name, the local network, and the peer network.

  2. Step 2: Match parameters to networks

    gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b correctly uses a peering name and assigns net-a as local network and net-b as peer network.

  3. Final Answer:

    gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b -> Option A

  4. Quick Check:

    Correct CLI syntax = gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b [OK]
Hint: Peering name first, then --network local, --peer-network remote [OK]
Common Mistakes:
  • Swapping --network and --peer-network values
  • Using network names as peering name
  • Omitting required flags
3.

Given two VPC networks net-a and net-b peered together, which of the following statements about routing is true?

1. Each network must create routes to the other's IP ranges.
2. Routes are automatically shared by default.
3. Peering allows communication only if firewall rules permit.
4. Peering replaces the need for VPN connections.
medium
A. Only statement 2 and 3 are true
B. Only statement 1 and 3 are true
C. Only statement 1 and 2 are true
D. Only statement 3 and 4 are true

Solution

  1. Step 1: Analyze routing and firewall requirements

    VPC peering automatically shares subnet routes by default. Firewall rules still control traffic.

  2. Step 2: Evaluate statements

    Statement 1 is false (no manual route creation needed). Statements 2 and 3 are true. Statement 4 is not accurate (peering and VPN serve different purposes).

  3. Final Answer:

    Only statement 2 and 3 are true -> Option A

  4. Quick Check:

    Routes auto + firewall needed [OK]
Hint: Routes automatically shared; firewall rules still apply [OK]
Common Mistakes:
  • Thinking routes must be manually created
  • Ignoring firewall rules in peering
  • Thinking peering always replaces VPN
4.

You created a VPC peering between net-a and net-b, but instances in net-a cannot reach instances in net-b. What is the most likely cause?

medium
A. The peering connection was created only on net-a side
B. The peering connection was created with the wrong peering name
C. The VPC networks have overlapping IP ranges
D. Firewall rules in net-b block incoming traffic from net-a

Solution

  1. Step 1: Check common connectivity issues in VPC peering

    Firewall rules must allow traffic between peered networks; blocking rules prevent communication.

  2. Step 2: Evaluate other options

    Wrong peering name or one-sided peering would prevent peering creation. Overlapping IP ranges prevent peering setup itself.

  3. Final Answer:

    Firewall rules in net-b block incoming traffic from net-a -> Option D

  4. Quick Check:

    Firewall blocking = connectivity failure [OK]
Hint: Check firewall rules first when peering connectivity fails [OK]
Common Mistakes:
  • Ignoring firewall rules as cause
  • Assuming peering auto-fixes IP conflicts
  • Thinking peering is one-sided
5.

You have two VPC networks, net-a with CIDR 10.0.0.0/16 and net-b with CIDR 10.0.0.0/16. You want to peer them to share resources privately. What is the best approach?

hard
A. Create VPC peering directly between net-a and net-b despite overlapping CIDRs
B. Use VPN instead of VPC peering to connect the networks
C. Change one network's CIDR to a non-overlapping range before peering
D. Use shared VPC instead of peering for overlapping CIDRs

Solution

  1. Step 1: Understand CIDR overlap restrictions in VPC peering

    VPC peering requires non-overlapping IP ranges to route traffic correctly.

  2. Step 2: Choose solution for overlapping CIDRs

    Changing one network's CIDR to a non-overlapping range allows peering. VPN or shared VPC are alternatives but not direct peering solutions.

  3. Final Answer:

    Change one network's CIDR to a non-overlapping range before peering -> Option C

  4. Quick Check:

    Non-overlapping CIDRs required for peering [OK]
Hint: Peering needs unique IP ranges; change CIDR if overlapping [OK]
Common Mistakes:
  • Trying to peer overlapping CIDRs directly
  • Confusing VPN with peering
  • Ignoring shared VPC as different concept