Overview

Not all cloud resources require an underlying physical network. For example, an s3 bucket in AWS exists outside the VPC construct (but can be accessed by instances within a VPC belonging to the same account, as long as the instance role has the appropriate S3 bucket policy attached). In AWS, even though you do not need the VPC for certain resources, your account is automatically provided with a default VPC IN EACH REGION. So- you are really getting 16 default VPCs – one for each region.

This isn’t the case in GCP. There is no default VPC, until you create one (Auto Mode VPC create will create your default VPC).

In GCP, you simply get ONE VPC. However, this VPC contains a single subnet IN EACH REGION. So, you get 21 subnets – one in each of GCP’s regions.

Networks belong to PROJECTS

Another important thing to realize is that networks BELONG to a project. A network is a global resource, which means it spans across regions. This means that a PROJECT, can (and does) contain resources that span across regions.

A project comes with a default VPC (and a default Internet Gateway as well as an additional Internet Gateway to route between regions).  A project can contain more than one VPC.

Cross Region Traffic and Private IP based access

In AWS, if you need to route traffic between regions (for e.g. – a front end load balancer directing traffic between two regions), you have to use a VPN tunnel.

In GCP, networks are global – and regions can be accessed using private IP addresses without any VPN setup.

Note that the use case we are discussing is internet traffic distributed across different regions. If this were internal cloud traffic, one could have just used VPC Peering (something both AWS and GCP offer).

cross region traffic gcp, inter region google cloud

IP addresses for VMs

In AWS, a VM gets its IP from the subnet range of the subnet it belongs to. This subnet is confined to a region. Which means, if you need to move the VM to a different subnet, you will need a new IP address for it.
In Google Cloud, a subnet can span across regions. Which means, you can move it to a different region and still retain the same private IP.

VMs in GCP are automatically assigned a private IP and optionally a Public IP.

Summary

By default, VPCs and subnets are more global in nature on GCP.  They can achieve the same level of isolation as AWS using firewall rules and custom routes.  However, their global nature makes a lot of common use cases (load balancing internet traffic, moving a VM from one subnet to another…) , a piece of cake (compared to AWS, where some of these things are not possible).

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin