Cloud Router is a fully distributed and managed service that programs custom dynamic routes and scales with the network traffic.
Cloud Router works with both legacy networks and VPC networks.
Cloud Router isn’t a connectivity option, but a service that works over Cloud VPN or Interconnect connections to provide dynamic routing by using the Border Gateway Protocol (BGP) for the VPC networks.
Cloud Router isn’t supported for Direct Peering or Carrier Peering connections.
Cloud Router isn’t a physical device that might cause a bottleneck, and it can’t be used by itself.
Cloud Router is required or recommended in the following cases:
Required for Cloud NAT
Required for Cloud Interconnect and HA VPN
A recommended configuration option for Classic VPN.
Cloud Router helps dynamically exchange routes between the Google Cloud network and the on-premises network.
Cloud Router peers with the on-premises VPN gateway or router to provide dynamic routing and exchanges topology information through BGP.
Cloud Router frees you from maintaining static routes
Google Cloud recommends creating two Cloud Routers in each region for a Cloud Interconnect for 99.99% availability.
Cloud Router supports following dynamic routing mode
Regional routing mode – provides visibility to resources only in the defined region.
Global routing mode – provides visibility to resources in all regions
GCP Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
GCP services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
GCP exam questions are not updated to keep up the pace with GCP updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
Virtual Private Cloud (VPC) provides networking functionality for the cloud-based resources and services that is global, scalable, and flexible.
VPC networks are global resources, including the associated routes and firewall rules, and are not associated with any particular region or zone.
Subnets are regional resources and each subnet defines a range of IP addresses
Network firewall rules
control the Traffic to and from instances.
Rules are implemented on the VMs themselves, so traffic can only be controlled and logged as it leaves or arrives at a VM.
Firewall rules are defined to allow or deny traffic and are executed within order with a defined priority
Highest priority (lower integer) rule applicable to a target for a given type of traffic takes precedence
Resources within a VPC network can communicate with one another by using internal IPv4 addresses, subject to applicable network firewall rules.
Private access options for services allow instances with internal IP addresses can communicate with Google APIs and services.
Shared VPC to keep a VPC network in a common host project shared with service projects. Authorized IAM members from other projects in the same organization can create resources that use subnets of the Shared VPC network
VPC Network Peering allow VPC networks to be connected with other VPC networks in different projects or organizations.
VPC networks can be securely connected in hybrid environments by using Cloud VPN or Cloud Interconnect.
Primary and Secondary IP address cannot overlap with the on-premises CIDR
VPC networks only support IPv4 unicast traffic. They do not support broadcast, multicast, or IPv6 traffic within the network; VMs in the VPC network can only send to IPv4 destinations and only receive traffic from IPv4 sources.
VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as GKE nodes.
caches website and application content closer to the user
uses Google’s global edge network to serve content closer to users, which accelerates the websites and applications.
works with external HTTP(S) Load Balancing to deliver content to the users
Cloud CDN content can be sourced from various types of backends
Zonal network endpoint groups (NEGs)
Serverless NEGs: One or more App Engine, Cloud Run, or Cloud Functions services
Internet NEGs, for endpoints that are outside of Google Cloud (also known as custom origins)
Buckets in Cloud Storage
Cloud CDN with Google Cloud Armor enforces security policies only for requests for dynamic content, cache misses, or other requests that are destined for the origin server. Cache hits are served even if the downstream Google Cloud Armor security policy would prevent that request from reaching the origin server.