How does GCP VPC networking work and what are Shared VPC and VPC peering?

Google Cloud VPC (Virtual Private Cloud) is a global, private network that provides connectivity for GCP resources. Unlike AWS VPCs which are regional, GCP VPCs are global by default with subnets in specific regions.

GCP VPC Key Characteristics

Global VPC: A single VPC spans all GCP regions. Resources in the same VPC can communicate across regions using internal IPs without extra configuration.

Subnets: Regional resources with a defined CIDR range. Two modes exist: auto mode auto-creates subnets in each region, custom mode gives full control over all subnets.

Firewall Rules: Applied at the VPC level using tags or service accounts to target instances. Rules are stateful. Unlike AWS, there are no network ACLs – all filtering is done through firewall rules.

Shared VPC

Shared VPC allows a host project to share its VPC network with service projects. Multiple projects share the same networking while keeping workloads isolated per project. The host project owns and manages the VPC, subnets, and firewall rules while service projects deploy resources into the shared subnets.

Use Shared VPC for centralized network administration, consistent firewall policy enforcement, and simplifying inter-project connectivity within an organization.

VPC Peering

VPC Peering connects two VPCs so resources can communicate using internal IPs without routing through the public internet. Peering works across projects and organizations. Peering is non-transitive: if VPC A peers with B and B peers with C, A cannot reach C through B.

Use VPC Peering for connecting VPCs in different projects or organizations, sharing services privately, and achieving lower latency compared to external routing.