Taicheng's Profile

If you have multiple VPCs that connect to multiple on-premises locations, it’s recommended that you utilize a hub-and-spoke model, which helps get around reverse routing challenges due to the usage of the Google DNS proxy range. For redundancy, consider a model where the DNS-forwarding VPC network spans multiple Google Cloud regions, and where each region…

Google Cloud offers inbound and outbound DNS forwarding for private zones. You can configure DNS forwarding by creating a forwarding zone or a Cloud DNS server policy. The two methods are inbound and outbound. You can simultaneously configure inbound and outbound DNS forwarding for a VPC network. Inbound: Create an inbound server policy to enable…

The Andromeda architecture is a two-plane system consisting of a control plane and a data plane. The control plane consists of controller VMs. These VMs receive a network representation that includes firewall rules, routes, subnets, and VM information. The controllers translate this information into OpenFlow commands and send them to vSwitches through the OpenFlow frontend proxy. Importantly,…

Most Google networking implementations in datacenters are based on Google innovations( Maglev, Jupiter, Andromeda, Espresso ….) All these distributed systems in the network required significant bandwidth. Google couldn’t buy a commercially available network with enough capacity to meet its needs, so it built its own network.

Cloud Router uses Border Gateway Protocol (BGP) to exchange routes between your Virtual Private Cloud (VPC) network and a remote network. On Cloud Router, you configure an interface and a BGP peer for your on-premises router. The interface and BGP peer configuration together form a BGP session. Within Google Cloud, a Cloud Router interface connects…

Packets coming into or out of the VPC network are handled by network code that examines the packet against firewall rules, against the external IP lookup table, and against the active connections table. The VPC network also performs NAT on packets coming into and out of the VPC network.

The instance kernel issues ARP requests and the VPC network issues ARP replies. The mapping between MAC addresses and IP addresses is handled by the instance kernel.

Each instance’s metadata server acts as a DNS server. It stores the DNS entries for all VPC network IP addresses in the local VPC network and calls Google’s public DNS server for entries outside the VPC network. You cannot configure this DNS server. The DHCP client on each instance is configured to manage the instance’s /etc/resolv.conf file.…

The VPC network compares the packet against the active connections table to see whether this is an existing connection:

AWS separates most services into the concepts of control plane and data plane. These terms come from the world of networking, specifically routers. The router’s data plane, which is its main functionality, is moving packets around based on rules. But the routing policies have to be created and distributed from somewhere, and that’s where the control plane comes…