Networking in Google Cloud Platform (NGCP) – Outline

Detailed Course Outline

Module 1: VPC Networking Fundamentals

Topics:

  • VPC networks
  • Multiple Network Interfaces
  • Network Service Tiers

Objectives:

  • Create a Compute Engine VM with multiple network interfaces.
  • Use the standard tier to lower cloud networking costs.
  • Use the premium tier to provide lower latency and faster access to Google Cloud resources.

Module 2: Sharing VPC Networks

Topics:

  • Shared VPC
  • VPC Network Peering
  • Migrating a VM between networks

Objectives:

  • Describe the different ways to share VPC networks that are available in Google Cloud.
  • Recognize when to use Shared VPC and when to use VPC Network Peering.
  • Configure peering between unrelated VPC networks.

Module 3: Network Monitoring and Logging

Topics:

  • Monitoring
  • Logging

Objectives:

  • Configure uptime checks, alerting policies, and charts for your network services.
  • Monitor Google Cloud network resources.
  • Use VPC Flow Logs to log and analyze network traffic behavior.

Module 4: Network Routing and Addressing in Google Cloud

Topics:

  • VPC Routing
  • IPv6
  • BYOIP
  • Cloud DNS

Overview:

  • Define key routing and addressing concepts relevant to Google Cloud, including IP addresses, subnets, route tables, firewalls, BYOIP, and NATs.
  • Describe the configuration and management options for Google Cloud DNS, including private and managed zones.
  • Configure and manage route tables to control traffic flow, resolve domain names effectively, and utilize NAT rules for secure access.

Module 5: Private Connection Options

Topics:

  • Private Connection Options
  • Private Google Access
  • Private Service Connect
  • Private services access
  • Cloud NAT

Objectives:

  • Define and differentiate various private connection options (e.g., Private Google Access, Private Services Access, Private Service Connect).
  • Explore use cases of Private Service Connect, Private Service Access, and Private Google Access.
  • Implement Private Google Access with Cloud NAT.

Module 6: Introduction to Network Architecture

Topics:

  • Cloud network architecture overview
  • Key considerations

Objectives:

  • Describe the Google Cloud provides components that create a good network architecture, such as Cloud Interconnect, VPC Network Peering, Shared VPC, and Network Tiers.
  • Summarize key considerations for network design.

Module 7: Network Topologies

Topics:

  • Hub and spoke topology
  • Other topologies
  • Getting topology data
  • Best practices

Objectives:

  • Explain when to use each network topology based on specific requirements.
  • Identify potential bottlenecks or security vulnerabilities in network topologies.
  • Implement a meshed topology for a resilient and scalable network architecture.

Module 8: Distributed Denial of Service (DDoS) Protection

Topics:

  • How DDoS attacks work
  • Google Cloud mitigations
  • Types of complementary partner products

Objectives:

  • Identify the four layers of DDoS Mitigation.
  • Identify methods Google Cloud uses to mitigate the risk of DDoS for its customers.
  • Use Google Cloud Armor to blocklist an IP address and restrict access to a global external Application Load Balancer.

Module 9: Controlling Access to VPC Networks

Topics:

  • IAM
  • Cloud Firewall
  • Cloud IDS
  • Secure Web Proxy

Objectives:

  • Describe how IAM policies affect VPC network access.
  • Identify the benefits of using Cloud Firewall's hierarchical policies at different levels of the cloud infrastructure hierarchy.
  • Apply global and regional network firewall policies using Cloud Firewall.
  • Explain the role of Cloud IDS in protecting VPC networks from malicious activity.
  • Deploy Cloud IDS and configure its settings according to specific security needs.
  • Describe the role of Secure Web Proxy in improving network resilience and availability.
  • Describe best practices for cloud network security.

Module 10: Advanced Security Monitoring and Analysis

Topics:

  • Packet Mirroring for network traffic inspection
  • Network security best practices

Objectives:

  • Define Packet Mirroring and explain its purpose in network monitoring and security.
  • Learn network security best practices.

Module 11: Hybrid Load Balancing and Traffic Management

Topics:

  • Hybrid load balancing
  • Traffic management

Objectives:

  • Describe the benefits of hybrid load balancing.
  • Configure traffic management in a load balance.

Module 12: Caching and Optimizing Load Balancing

Topics:

  • Internal network load balancers as next hops
  • Cloud CDN
  • Cloud Armor
  • Load balancer optimization strategies

Objectives:

  • Describe how to configure an internal network load balancer as a next hop.
  • Use Cloud CDN configuration to optimize content delivery performance.
  • Create a Google Cloud Armor edge security policy to protect content.

Module 13: Connectivity options

Topics:

  • Google Cloud connectivity options
  • Dedicated Interconnect
  • Partner Interconnect
  • Cross-Cloud Interconnect

Objectives:

  • Describe the various connectivity options offered by Google Cloud for hybrid and multi-cloud environments, including Network Connectivity Center, Cloud VPN, Cloud Interconnect, and Cloud CDN.
  • Define and differentiate between the various Cloud Interconnect options available in Google Cloud, including Dedicated Interconnect, Partner Interconnect, and Cross-Cloud Interconnect.

Module 14: Cloud VPN

Topics:

  • Use case for Cloud VPN
  • HA VPN topologies
  • HA VPN over Cloud Interconnect
  • Influence best path selection

Objectives:

  • Implement high availability VPN (HA VPN) for redundancy and failover.
  • Identify the benefits and use cases for Cloud HA VPN.