Database Migration Service (DMS) simplifies the migration of MySQL and PostgreSQL databases from on-premises, Google Compute Engine, and other clouds to Cloud SQL. It is serverless, easy to set up, and available at no additional cost. It replicates data continuously for minimal downtime migrations. Here’s how it works:

VPC peering is non-transitive, which means that if VPC A is peered with VPC B, and VPC C is peered with VPC B, the resources in VPC C won’t be able to reach the resources in VPC A (and vice versa) through the peerings. This is because route exchange only supports propagating routes to an…

As a best practice, run SSL everywhere. With HTTPS and SSL proxy load balancing, you can use managed certs — Google takes care of the provisioning and managing of the SSL certificate life cycle.

For global HTTP(s) load balancing, the Global Anycast VIP (IPv4 or IPv6) is associated with a forwarding rule, which directs traffic to a target proxy. The target proxy terminates the client session, and for HTTPs you deploy your certificates at this stage, define the backend host, and define the path rules. The URL map provides…

If you have multiple VPCs that connect to multiple on-premises locations, it’s recommended that you utilize a hub-and-spoke model, which helps get around reverse routing challenges due to the usage of the Google DNS proxy range. For redundancy, consider a model where the DNS-forwarding VPC network spans multiple Google Cloud regions, and where each region…

Google Cloud offers inbound and outbound DNS forwarding for private zones. You can configure DNS forwarding by creating a forwarding zone or a Cloud DNS server policy. The two methods are inbound and outbound. You can simultaneously configure inbound and outbound DNS forwarding for a VPC network. Inbound: Create an inbound server policy to enable…

The Andromeda architecture is a two-plane system consisting of a control plane and a data plane. The control plane consists of controller VMs. These VMs receive a network representation that includes firewall rules, routes, subnets, and VM information. The controllers translate this information into OpenFlow commands and send them to vSwitches through the OpenFlow frontend proxy. Importantly,…

Most Google networking implementations in datacenters are based on Google innovations( Maglev, Jupiter, Andromeda, Espresso ….) All these distributed systems in the network required significant bandwidth. Google couldn’t buy a commercially available network with enough capacity to meet its needs, so it built its own network.

Cloud Router uses Border Gateway Protocol (BGP) to exchange routes between your Virtual Private Cloud (VPC) network and a remote network. On Cloud Router, you configure an interface and a BGP peer for your on-premises router. The interface and BGP peer configuration together form a BGP session. Within Google Cloud, a Cloud Router interface connects…

Packets coming into or out of the VPC network are handled by network code that examines the packet against firewall rules, against the external IP lookup table, and against the active connections table. The VPC network also performs NAT on packets coming into and out of the VPC network.