A Comprehensive Guide to IP Addressing and Firewall Rules on Google Cloud Platform

Introduction

In the dynamic landscape of cloud computing, effective IP addressing and robust firewall rules are crucial components for building a secure and scalable infrastructure. This blog post aims to provide a detailed guide on IP addressing, including internal and external IPs, alias IPs, auto IPs, custom IPs, ephemeral IPs, and static IPs. Additionally, we will delve into the creation of static internal and external IPs from the Google Cloud Console, along with the essential concepts of VPC Firewall Rules.

IP Addressing on Google Cloud Platform

Internal IP Addresses

Internal IP addresses are used for communication within a Virtual Private Cloud (VPC) network. They are assigned to resources like virtual machine (VM) instances and stay internal to the VPC.

External IP Addresses

External IP addresses, on the other hand, are used for communication with the internet. They can be assigned to resources like VM instances to make them accessible externally.

Alias IP

Alias IP is an additional IP range that can be assigned to a VM instance. It allows a VM to have multiple IP addresses within a single network interface.

Auto IP

Auto IP refers to the automatic assignment of IP addresses to resources. It is commonly used when the user prefers the system to handle the IP assignments automatically.

Custom IP

Custom IP addresses are manually configured addresses chosen by the user. This offers more control over the IP addressing scheme.

Ephemeral IP

Ephemeral IPs are temporary external IP addresses assigned to resources. They change if the resource is deleted or stopped.

Static IP

Static IPs, in contrast, remain constant even if the associated resource is stopped or deleted. They provide a stable point of access.

Internal IP Address Reservation

Internal IP address reservation involves setting aside specific IP addresses within a subnet for assignment to resources. This helps in maintaining a consistent addressing scheme.

External IP Address Reservation

Similar to internal reservation, external IP address reservation involves reserving specific IP addresses for external communication.

Regional IP Address

Regional IP addresses are specific to a particular region and can be used by resources within that region.

Global IP Address

Global IP addresses are accessible globally and can be used by resources across multiple regions.

Creating a Static Internal IP from the Console

1. Navigate to the Google Cloud Console.
2. Go to the “VPC Network” section.
3. Click on “Internal IP addresses.”
4. Select the desired VPC network and click “Reserve Static Address.”
5. Enter a name for the static IP and choose a subnet.
6. Click “Reserve” to create the static internal IP.

gcloud compute addresses create [STATIC_IP_NAME] — subnet=[SUBNET_NAME] — region=[REGION]

Creating a Static External IP from the Console

1. Navigate to the Google Cloud Console.
2. Go to the “VPC Network” section.
3. Click on “External IP addresses.”
4. Click “Reserve Static Address.”
5. Enter a name for the static external IP.
6. Choose the appropriate regional or global scope.
7. Click “Reserve” to create the static external IP.

Command:

gcloud compute addresses create [STATIC_IP_NAME] — region=[REGION]

VPC Firewall Rules

Firewall Rule Characteristics

• Direction: Ingress (incoming) or Egress (outgoing).
• Action: Allow or Deny traffic.
• Priority: Determines the order of rule evaluation; lower numbers are evaluated first.
• Network: Specifies the target VPC.
• Source and Destination IP: Defines the source and destination IP ranges for the rule.
• Protocol and Ports: Specifies the protocol and ports for the rule.

Conclusion

In this comprehensive guide, we’ve explored various aspects of IP addressing on Google Cloud Platform, including internal and external IPs, alias IPs, auto IPs, custom IPs, ephemeral IPs, and static IPs. Additionally, we’ve provided step-by-step instructions and commands for creating static internal and external IPs from the Google Cloud Console. Lastly, we discussed VPC Firewall Rules and their essential characteristics.

As you navigate the Google Cloud ecosystem, understanding these fundamental concepts is key to building a secure, scalable, and well-managed infrastructure. We hope this guide serves as a valuable resource for your journey in cloud computing.