
准备工作
- 实验会创建一个 Google Cloud 项目和一些资源,供您使用限定的一段时间
- 实验有时间限制,并且没有暂停功能。如果您中途结束实验,则必须重新开始。
- 在屏幕左上角,点击开始实验即可开始
Explore connectivity between non-peered VPC networks
/ 20
Configuring VPC Network Peering
/ 20
Test connectivity to privatenet-us-vm's internal IP
/ 20
Test connectivity to mynet-us-vm's internal IP and Compute Engine DNS
/ 20
Delete the VPC peering connection
/ 20
In this lab, you configure VPC network peering between two networks. Then you verify private communication between two VMs in those networks, as illustrated in this diagram.
VPC network peering allows you to build SaaS (Software as a service) ecosystems in Google Cloud, which makes services available privately across different VPC networks within and across organizations. This allows workloads to communicate in private RFC 1918 space.
VPC network peering gives you several advantages over using external IP addresses or VPNs to connect networks, including:
In this lab, you will learn how to perform the following tasks:
For each lab, you get a new Google Cloud project and set of resources for a fixed time at no cost.
Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is the Lab Details panel with the following:
Click Open Google Cloud console (or right-click and select Open Link in Incognito Window if you are running the Chrome browser).
The lab spins up resources, and then opens another tab that shows the Sign in page.
Tip: Arrange the tabs in separate windows, side-by-side.
If necessary, copy the Username below and paste it into the Sign in dialog.
You can also find the Username in the Lab Details panel.
Click Next.
Copy the Password below and paste it into the Welcome dialog.
You can also find the Password in the Lab Details panel.
Click Next.
Click through the subsequent pages:
After a few moments, the Google Cloud console opens in this tab.
Each Google Cloud project starts with the default network. In addition, mynetwork, privatenet, and managementnet have been created for you along with firewall rules to allow ICMP-SSH-RDP traffic and four VM instances.
In a peered VPC network, no subnet IP range can overlap with another subnet IP range. Therefore, verify that the CIDR blocks of the subnets of mynetwork and privatenet are non-overlapping.
In the Google Cloud console, in the Navigation menu (), click VPC network > VPC networks.
Examine the IP addresses ranges for the subnets of mynetwork.
The subnets of mynetwork fit within the 10.128.0.0/9
CIDR block. As new Google Cloud regions become available, new subnets in those regions are automatically added to this auto mode network using an IP range from that block.
Examine the IP addresses ranges for the subnets of privatenet.
The subnets of privatenet fit within the 172.16.0.0/24
and 172.20.0.0/24
CIDR blocks. They do not overlap with the 10.128.0.0/9
CIDR block of mynetwork.
Before configuring VPC network peering, explore the current connectivity between mynetwork and privatenet.
On the Navigation menu (), click VPC network > VPC network peering.
Notice that there is no peering connection.
You will return to this page to configure the VPC network peering connections.
On the Navigation menu, click VPC network > Routes.
Specify the following:
Property | Value (type value or select option as specified) |
---|---|
Network | mynetwork |
Region |
Click View. Notice that none of the routes have a peering connection as the Next hop.
You will return to this page after configuring the VPC network peering connection.
On the Navigation menu, click VPC network > Firewall. Notice the allow SSH and ICMP firewall rules under Protocol / ports for mynetwork and privatenet. These firewall rules have been created for you.
On the Navigation menu, click Compute Engine > VM instances. Notice the mynet-notus-vm, mynet-us-vm, privatenet-us-vm, and managementnet-us-vm instances.
These VM instances have been created for you.
Note the internal and external IP addresses for privatenet-us-vm.
For mynet-us-vm, click SSH to launch a terminal and connect.
To test connectivity to privatenet-us-vm's external IP, run the following command, replacing privatenet-us-vm's external IP:
This should work!
Click Check my progress to verify the objective.
VPC network peering can be configured for different VPC networks within and across organizations. Configure the following peering connections in this project:
Each side of a peering association is set up independently. Peering is active only when the configuration from both sides matches.
Peer mynetwork with privatenet.
Click Continue.
Specify the following, and leave the remaining settings as their defaults:
Property | Value (type value or select option as specified) |
---|---|
Name | peering-1-2 |
Your VPC Network | mynetwork |
VPC network name | privatenet |
Peer privatenet with mynetwork.
In the Cloud console, return to the VPC network peering page.
Click Create peering connection.
Click Continue.
Specify the following, and leave the remaining settings as their defaults:
Property | Value (type value or select option as specified) |
---|---|
Name | peering-2-1 |
Your VPC Network | privatenet |
VPC network name | mynetwork |
Click Create.
Click Check my progress to verify the objective.
Verify private RFC 1918 connectivity across mynetwork and privatenet.
Verify that routes have been established between mynetwork and privatenet.
Notice that there is a route for each subnet in mynetwork with peering-1-2 as the Next hop. If you switch to privatenet, notice that there is a route for each subnet in privatenet with peering-2-1 as the Next hop.
These routes were automatically created with the VPC peering connection.
Try to ping the internal IP of privatenet-us-vm from mynet-us-vm.
This should work because of the route that was established by the peering connection.
Click Check my progress to verify the objective.
Similarly, try to ping the internal IP of mynet-us-vm from privatenet-us-vm.
This should also work because of the route that was established by the peering connection.
Output:
Click Check my progress to verify the objective.
Delete the VPC Peering connection and verify the deletion.
Delete the peering-1-2 connection.
Verify that routes no longer exist for the peering connection and that there is no private RFC 1918 connectivity across mynetwork and privatenet.
Click Check my progress to verify the objective.
In this lab, you configured VPC network peering between two networks (privatenet and mynetwork). Then you verified private RFC 1918 connectivity across mynetwork and privatenet by pinging VMs on their internal IP addresses within those networks. Finally, you deleted one side of the VPC network peering connection to demonstrate that this removes private RFC 1918 connectivity across those networks.
When you have completed your lab, click End Lab. Google Cloud Skills Boost removes the resources you’ve used and cleans the account for you.
You will be given an opportunity to rate the lab experience. Select the applicable number of stars, type a comment, and then click Submit.
The number of stars indicates the following:
You can close the dialog box if you don't want to provide feedback.
For feedback, suggestions, or corrections, please use the Support tab.
Copyright 2022 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.
此内容目前不可用
一旦可用,我们会通过电子邮件告知您
太好了!
一旦可用,我们会通过电子邮件告知您
一次一个实验
确认结束所有现有实验并开始此实验