Bird
Raised Fist0
GCPcloud~5 mins

VPC peering in GCP - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is VPC peering in Google Cloud Platform?
VPC peering is a way to connect two Virtual Private Cloud (VPC) networks so they can communicate privately using internal IP addresses, without going through the public internet.
Click to reveal answer
beginner
Can two VPC networks in different projects be peered in GCP?
Yes, VPC peering can connect VPC networks across different projects as long as they are in the same or different organizations and meet peering requirements.
Click to reveal answer
intermediate
What is a key limitation of VPC peering regarding transitive peering?
VPC peering does not support transitive peering. This means if VPC A is peered with VPC B, and VPC B is peered with VPC C, VPC A cannot communicate directly with VPC C through VPC B.
Click to reveal answer
beginner
How does VPC peering affect network latency and security?
VPC peering provides low latency and secure communication because traffic stays within Google's private network and does not traverse the public internet.
Click to reveal answer
beginner
What must you ensure about IP address ranges before creating a VPC peering connection?
The IP address ranges of the two VPC networks must not overlap to avoid routing conflicts and ensure proper communication.
Click to reveal answer
What does VPC peering allow between two VPC networks?
APublic internet access
BShared billing accounts
CAutomatic VPN setup
DPrivate communication using internal IPs
Can VPC peering connect VPCs with overlapping IP ranges?
AYes, always
BNo, IP ranges must not overlap
COnly if in the same project
DOnly with VPN
Which of the following is NOT true about VPC peering?
AIt supports transitive peering
BIt keeps traffic within Google's network
CIt connects VPCs privately
DIt can connect VPCs across projects
What is a benefit of VPC peering over using the public internet?
AIncreased security and lower latency
BHigher latency
CRequires public IPs
DNo need for firewall rules
Which Google Cloud service is used to create VPC peering?
ACloud VPN
BCloud Router
CVPC Network Peering
DCloud Interconnect
Explain what VPC peering is and why it is useful in Google Cloud.
Think about how two separate networks can talk safely and quickly.
You got /6 concepts.
    Describe the main limitations and requirements you must consider before setting up VPC peering.
    Focus on what can block or restrict peering connections.
    You got /4 concepts.

      Practice

      (1/5)
      1.

      What is the main purpose of VPC peering in Google Cloud?

      easy
      A. To create a firewall rule between two networks
      B. To connect two private networks securely without using the internet
      C. To provide public internet access to virtual machines
      D. To enable automatic backups of virtual machines

      Solution

      1. Step 1: Understand VPC peering concept

        VPC peering connects two private networks directly, avoiding the public internet.

      2. Step 2: Compare options with concept

        Only To connect two private networks securely without using the internet describes secure private network connection without internet.

      3. Final Answer:

        To connect two private networks securely without using the internet -> Option B

      4. Quick Check:

        VPC peering = secure private network connection [OK]
      Hint: VPC peering = private network connection, no internet needed [OK]
      Common Mistakes:
      • Confusing VPC peering with firewall rules
      • Thinking VPC peering provides internet access
      • Assuming VPC peering is for backups
      2.

      Which of the following is the correct command to create a VPC peering connection from net-a to net-b in Google Cloud CLI?

      gcloud compute networks peerings create PEERING_NAME --network=NETWORK --peer-network=PEER_NETWORK
      easy
      A. gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b
      B. gcloud compute networks peerings create net-a --network=peer-ab --peer-network=net-b
      C. gcloud compute networks peerings create net-b --network=net-a --peer-network=net-b
      D. gcloud compute networks peerings create peer-ab --peer-network=net-a --network=net-b

      Solution

      1. Step 1: Identify correct command syntax

        The command requires a peering name, the local network, and the peer network.

      2. Step 2: Match parameters to networks

        gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b correctly uses a peering name and assigns net-a as local network and net-b as peer network.

      3. Final Answer:

        gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b -> Option A

      4. Quick Check:

        Correct CLI syntax = gcloud compute networks peerings create peer-ab --network=net-a --peer-network=net-b [OK]
      Hint: Peering name first, then --network local, --peer-network remote [OK]
      Common Mistakes:
      • Swapping --network and --peer-network values
      • Using network names as peering name
      • Omitting required flags
      3.

      Given two VPC networks net-a and net-b peered together, which of the following statements about routing is true?

      1. Each network must create routes to the other's IP ranges.
      2. Routes are automatically shared by default.
      3. Peering allows communication only if firewall rules permit.
      4. Peering replaces the need for VPN connections.
      medium
      A. Only statement 2 and 3 are true
      B. Only statement 1 and 3 are true
      C. Only statement 1 and 2 are true
      D. Only statement 3 and 4 are true

      Solution

      1. Step 1: Analyze routing and firewall requirements

        VPC peering automatically shares subnet routes by default. Firewall rules still control traffic.

      2. Step 2: Evaluate statements

        Statement 1 is false (no manual route creation needed). Statements 2 and 3 are true. Statement 4 is not accurate (peering and VPN serve different purposes).

      3. Final Answer:

        Only statement 2 and 3 are true -> Option A

      4. Quick Check:

        Routes auto + firewall needed [OK]
      Hint: Routes automatically shared; firewall rules still apply [OK]
      Common Mistakes:
      • Thinking routes must be manually created
      • Ignoring firewall rules in peering
      • Thinking peering always replaces VPN
      4.

      You created a VPC peering between net-a and net-b, but instances in net-a cannot reach instances in net-b. What is the most likely cause?

      medium
      A. The peering connection was created only on net-a side
      B. The peering connection was created with the wrong peering name
      C. The VPC networks have overlapping IP ranges
      D. Firewall rules in net-b block incoming traffic from net-a

      Solution

      1. Step 1: Check common connectivity issues in VPC peering

        Firewall rules must allow traffic between peered networks; blocking rules prevent communication.

      2. Step 2: Evaluate other options

        Wrong peering name or one-sided peering would prevent peering creation. Overlapping IP ranges prevent peering setup itself.

      3. Final Answer:

        Firewall rules in net-b block incoming traffic from net-a -> Option D

      4. Quick Check:

        Firewall blocking = connectivity failure [OK]
      Hint: Check firewall rules first when peering connectivity fails [OK]
      Common Mistakes:
      • Ignoring firewall rules as cause
      • Assuming peering auto-fixes IP conflicts
      • Thinking peering is one-sided
      5.

      You have two VPC networks, net-a with CIDR 10.0.0.0/16 and net-b with CIDR 10.0.0.0/16. You want to peer them to share resources privately. What is the best approach?

      hard
      A. Create VPC peering directly between net-a and net-b despite overlapping CIDRs
      B. Use VPN instead of VPC peering to connect the networks
      C. Change one network's CIDR to a non-overlapping range before peering
      D. Use shared VPC instead of peering for overlapping CIDRs

      Solution

      1. Step 1: Understand CIDR overlap restrictions in VPC peering

        VPC peering requires non-overlapping IP ranges to route traffic correctly.

      2. Step 2: Choose solution for overlapping CIDRs

        Changing one network's CIDR to a non-overlapping range allows peering. VPN or shared VPC are alternatives but not direct peering solutions.

      3. Final Answer:

        Change one network's CIDR to a non-overlapping range before peering -> Option C

      4. Quick Check:

        Non-overlapping CIDRs required for peering [OK]
      Hint: Peering needs unique IP ranges; change CIDR if overlapping [OK]
      Common Mistakes:
      • Trying to peer overlapping CIDRs directly
      • Confusing VPN with peering
      • Ignoring shared VPC as different concept