Part-64: 🌐 Google Cloud Networking – Hands-on with VPC Network Peering in GCP Cloud

In real-world cloud projects, you often need to connect two isolated VPC networks so their resources can communicate securely over internal IPs—without exposing them to the internet.

This is where VPC Network Peering comes in. It provides low-latency, private communication between VPCs while keeping them administratively separate.

In this demo, we’ll set up two VPCs, create subnets and VM instances, test connectivity, and then enable VPC Peering to allow secure internal communication.

---

🔹 Step 01: Introduction

We will:

1. Create two VPCs (vpc1 and vpc2)
2. Create subnets in each (vpc1subnet, vpc2subnet)
3. Create VMs inside each subnet (vpc1-vm, vpc2-vm)
4. Test ping between VMs (will fail initially)
5. Configure VPC Peering between the VPCs
6. Re-run ping test (should succeed now 🎉)

---

🔹 Step 02: Create VPC1 and Subnet

VPC1 Setup

• Name: vpc1
• Mode: Custom
• Firewall rules: allow-ssh, allow-icmp, allow-custom
• Routing: Default (Global)

Subnet for VPC1

• Name: vpc1subnet
• Region: us-central1
• CIDR: 10.1.0.0/16

---

🔹 Step 03: Create VPC2 and Subnet

VPC2 Setup

• Name: vpc2
• Mode: Custom
• Firewall rules: allow-ssh, allow-icmp, allow-custom
• Routing: Default (Global)

Subnet for VPC2

• Name: vpc2subnet
• Region: us-central1
• CIDR: 10.8.0.0/16

---

🔹 Step 04: Create VM Instances

# Set Project
gcloud config set project gcpdemos

# VM in vpc1subnet
gcloud compute instances create vpc1-vm \
    --zone=us-central1-a \
    --machine-type=e2-micro \
    --network-interface=subnet=vpc1subnet

# VM in vpc2subnet
gcloud compute instances create vpc2-vm \
    --zone=us-central1-a \
    --machine-type=e2-micro \
    --network-interface=subnet=vpc2subnet

---

🔹 Step 05: Test Initial Connectivity

# Connect to vpc1-vm
gcloud compute ssh vpc1-vm --zone=us-central1-a --project=gcpdemos

# Try ping vpc2-vm internal IP
ping <vpc2-vm-internal-ip>
# ❌ Should FAIL

# Connect to vpc2-vm
gcloud compute ssh vpc2-vm --zone=us-central1-a --project=gcpdemos

# Try ping vpc1-vm internal IP
ping <vpc1-vm-internal-ip>
# ❌ Should FAIL

---

🔹 Step 06: Configure VPC Peering

From VPC1 → VPC2

• Go to VPC Network -> VPC network peering -> CREATE PEERING CONNECTION
• Name: vpc1-to-vpc2-peering
• Your VPC: vpc1
• Peer Project: gcpdemos
• Peer VPC: vpc2
• Enable import/export subnet routes

From VPC2 → VPC1

Name: vpc2-to-vpc1-peering

• Go to VPC Network -> VPC network peering -> CREATE PEERING CONNECTION
• Name: vpc2-to-vpc1-peering
• Your VPC: vpc2
• Peer Project: gcpdemos
• Peer VPC: vpc1
• Enable import/export subnet routes

---

Step-07: Verify VPC Peering connection status

• Go to VPC Network -> VPC network peering -
• Check status → Both connections should be ACTIVE ✅

---

🔹 Step 08: Verify Connectivity After Peering

# From vpc1-vm → vpc2-vm
gcloud compute ssh vpc1-vm --zone=us-central1-a --project=gcpdemos
ping <vpc2-vm-internal-ip>
# ✅ Should PASS

# From vpc2-vm → vpc1-vm
gcloud compute ssh vpc2-vm --zone=us-central1-a --project=gcpdemos
ping <vpc1-vm-internal-ip>
# ✅ Should PASS

---

🔹 Step 09: Cleanup

• Delete the 2 VM's
• Delete the VNET Peering connections
• Delete the 2 VPC's

---

🎯 Summary

1. Before Peering → VMs in different VPCs cannot talk
2. After Peering → Private, low-latency connectivity works over internal IPs
3. Use Cases:

• Multi-project architecture
• SaaS providers exposing services securely
• Connecting dev/test VPCs with shared services VPC

---

🔥 With just a few steps, you’ve enabled private communication between VPCs in Google Cloud using VPC Network Peering.