Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023)

Preview (16 of 598 Pages)

100%

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 1 preview image

Loading page ...

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 2 preview image

Loading page ...

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 3 preview image

Loading page ...

Certification Study Companion SeriesEditorial BoardSpandana ChatterjeeApress, Pune, Maharashtra, IndiaMelissa DuffyApress, New York, USAMiriam HaidaraApress, Dordrecht, The NetherlandsCelestin Suresh JohnApress, Pune, Maharashtra, IndiaSusan McDermottSuite 4600, Apress, New York, NY, USAAditee MirashiApress, Heidelberg, Baden-Württemberg, GermanyDivya ModiApress, Pune, Maharashtra, IndiaMark PowersApress, New York, NY, USAShiva RamachandranApress, New York, NY, USAJames Robinson-PriorApress, London, UKSmriti Srivastava

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 4 preview image

Loading page ...

Apress, Seattle, WA, USAThe Apress Certification Study Companion Series offers guidance andhands-on practice to support technical and business professionals whoare studying for an exam in the pursuit of an industry certification.Professionals worldwide seek to achieve certifications in order toadvance in a career role, reinforce knowledge in a specific discipline, orto apply for or change jobs. This series focuses on the most widely takencertification exams in a given field. It is designed to be user friendly,tracking to topics as they appear in a given exam. Authors for this seriesare experts and instructors who not only possess a deep understandingof the content, but also have experience teaching the key concepts thatsupport readers in the practical application of the skills learned in theirday-to-day roles.More information about this series athttps://link.springer.com/bookseries/17100

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 5 preview image

Loading page ...

Dario CabiancaGoogle Cloud Platform (GCP)Professional Cloud Network EngineerCertification CompanionLearn and Apply Network Design Concepts toPrepare for the Exam

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 6 preview image

Loading page ...

Dario CabiancaGeorgetown, KY, USAISSN 2731-8761e-ISSN 2731-877XCertification Study Companion SeriesISBN 978-1-4842-9353-9e-ISBN 978-1-4842-9354-6https://doi.org/10.1007/978-1-4842-9354-6© Dario Cabianca 2023This work is subject to copyright. All rights are solely and exclusivelylicensed by the Publisher, whether the whole or part of the material isconcerned, specifically the rights of translation, reprinting, reuse ofillustrations, recitation, broadcasting, reproduction on microfilms or inany other physical way, and transmission or information storage andretrieval, electronic adaptation, computer software, or by similar ordissimilar methodology now known or hereafter developed.The use of general descriptive names, registered names, trademarks,service marks, etc. in this publication does not imply, even in the absenceof a specific statement, that such names are exempt from the relevantprotective laws and regulations and therefore free for general use.The publisher, the authors, and the editors are safe to assume that theadvice and information in this book are believed to be true and accurateat the date of publication. Neither the publisher nor the authors or theeditors give a warranty, expressed or implied, with respect to thematerial contained herein or for any errors or omissions that may havebeen made. The publisher remains neutral with regard to jurisdictionalclaims in published maps and institutional affiliations.This Apress imprint is published by the registered company APressMedia, LLC, part of Springer Nature.

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 7 preview image

Loading page ...

The registered company address is: 1 New York Plaza, New York, NY10004, U.S.A.

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 8 preview image

Loading page ...

To Margie, my sound and complete love.

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 9 preview image

Loading page ...

IntroductionThis book is about preparing you to pass the Google Cloud ProfessionalCloud Network Engineer certification exam and—most importantly—toget you started for an exciting career as a Google Cloud Platform (GCP)network engineer.There are a number of professional cloud certifications covering abroad array of areas. These certifications are offered by all three leadingpublic cloud providers in the world, that is, Amazon Web Services (AWS),Microsoft Azure, and Google Cloud Platform. These areas include cloudarchitecture, cloud engineering and operations (also known as DevOps),data engineering, cloud security, and cloud networking. Among all theseareas, thenetworkis the key element of the infrastructure yourworkloads use to deliver business value to their users. Think about it.Without the network—whether it be physical or virtual, covering a localor wide area (LAN and WAN, respectively)—there is no way two (ormore) computers can communicate with each other and exchange data.Back in the 1990s, the former Sun Microsystems (later acquired byOracle) introduced a slogan, “the Network is the Computer,” toemphasize that computers should be networked or—to an extreme—they are not computers. This slogan was ahead of its time and put anemphasis on the nature of distributed systems, where the parts of asystem are not concentrated into one single unit (computer), but theyare spread across multiple units (computers). This slogan originatedwhen cloud computing didn’t exist. Yet, in my opinion, it is still real andis agnostic to where your workloads operate, that is, in your company’sdata centers, in GCP (or other clouds), or both. The fundamentaldifference between computer networking in the data centers (alsoreferred to as traditional networking or on-premises networking) and inthe cloud is that the cloud makes all things “more distributed.” In fact, ifyou leverage the capabilities offered by the cloud, it’s easier to designand implementrecovery-oriented architecturesfor your workloads,which help you mitigate the risks of single point of failures (SPFs) byenabling self-healing functionality and other fault tolerance techniques.The cloud—when properly used—can address many other concerns thatapply to software and hardware distributed systems. Don’t worry!Throughout this book, I will teach you what “more distributed” means

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 10 preview image

Loading page ...

and how the users of your workloads can benefit from it. This brings usto who this book is for.This book is intended for a broad audience of cloud solutionarchitects (in any of the three public cloud providers), as well as sitereliability, security, network, and software engineers with foundationalknowledge of Google Cloud and networking concepts. Basic knowledge ofthe OSI model, the RFC 1918 (private address space) paper, the TCP/IP,the TLS (or SSL), and the HTTP protocols is a plus, although it is notrequired.I used the official exam guide to organize the content and to present itin a meaningful way. As a result, the majority of the chapters arestructured to map one to one with each exam objective and to providedetailed coverage of each topic, as defined by Google. The exposition ofthe content for most of the key topics includes a theoretical part, which isfocused on conceptual knowledge, and a practical part, which is focusedon the application of the acquired knowledge to solve common use cases,usually by leveraging reference architectures and best practices. Thisapproach will help you gradually set context, get you familiarized withthe topic, and lay the foundations for more advanced concepts.Given the nature of the exam, whose main objective is to teach youhow to design, engineer, and architect efficient, secure, and cost-effectivenetwork solutions with GCP, I have developed a bias for diagrams,infographic content, and other illustrative material to help you “connectthe dots” and visually build knowledge.Another important aspect of the exposition includes the use of theGoogle Cloud Command Line Interface (gcloud CLI) as the main tool tosolve the presented use cases. This choice is deliberate, and the rationaleabout it is twofold. On the one side, the exam has a number of questionsthat require you to know the gcloud CLI commands. On the other side,the alternatives to the gcloud CLI are the console and other tools thatenable Infrastructure as Code (IaC), for example, HashiCorp Terraform.The former leverages the Google Cloud user interface and is subject tofrequent changes without notice. The latter is a product that is not in thescope of the exam.A Google Cloud free account is recommended to make the best use ofthis book. This approach will teach you how to use the gcloud CLI andwill let you practice the concepts you learned. Chapter 1 will cover this

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 11 preview image

Loading page ...

setup and will provide an overview of the exam, along with theregistration process. If you want to become an expert on shared VirtualPrivate Cloud (VPC) networks, I also recommend that you create aGoogle Workspace account with your own domain. Although this is notfree, the price is reasonable, and you will have your own organizationthat you can use to create multiple GCP users and manage IAM (Identityand Access Management) policies accordingly.In Chapter 2, you will learn the important factors you need toconsider to design the network architecture for your workloads. Theconcept of a Virtual Private Cloud (VPC) network as alogical routingdomainwill be first introduced, along with a few reference topologies.Other important GCP constructs will be discussed, for example, projects,folders, organizations, billing accounts, Identity and Access Management(IAM) allow policies, and others, to help you understand how to enableseparation of duties—also known asmicrosegmentation—effectively.Finally, an overview of hybrid and multi-cloud deployments will beprovided to get you familiarized with the GCP network connectivityproducts.Chapter 3 is your VPC “playground.” In this chapter, you’ll use thegcloud CLI to perform a number of operations on VPCs and theircomponents. You will learn the construct of a subnetwork, intended as apartition of a VPC, and you will create, update, delete, and peer VPCs. Wewill deep dive in the setup of a shared VPC, which we’ll use as a referencefor the upcoming sections and chapters. The concepts of Private GoogleAccess and Private Service Connect will be introduced and implemented.A detailed setup of a Google Kubernetes Engine (GKE) cluster in ourshared VPC will be implemented with examples of internodeconnectivity. The fundamental concepts of routing and firewall rules willbe discussed, with emphasis on their applicability scope, which is theentire VPC.Chapter 4 will be entirely focused on the implementation of VPCService Controls. This is a topic I have been particularly interested incovering as a separate chapter, because of its level of sophistication andbecause the literature available is dispersed in multiple sources. Thechapter provides two deep dive examples of VPC Service Controls using ashared VPC, including their important dry-run mode feature.Chapter 5 will cover all the load balancing services you need to know

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 12 preview image

Loading page ...

to pass the exam, beginning from the nine different “flavors” of GCP loadbalancers. A number of deep dive examples on how to implement global,external HTTP(S) load balancers with different backend types will beprovided. You will become an expert at choosing the right load balancerbased on a set of business and technical requirements, which is exactlywhat you are expected to know during the exam and at work.Chapter 6 will cover advanced network services that provideadditional security capabilities to your workloads. These are Cloud DNS,Cloud NAT, and Packet Mirroring.In Chapter 7, you will learn how to implement the GCP products thatenable hybrid and multi-cloud connectivity. These include the two“flavors” of Cloud Interconnect (Dedicated and Partner) and the twoflavors of Cloud VPN (HA and Classic).The last chapter (Chapter 8) concludes our study by teaching youhow to perform network operations as a means to proactively supportand optimize the network infrastructure you have designed, architected,and implemented.Each chapter (other than Chapter 1) includes at the end a fewquestions (and the correct answers) to help you consolidate yourknowledge of the covered exam objective.As in any discipline, you will need to supplement what you learnedwith experience. The combination of the two will make you a better GCPnetwork engineer. I hope this book will help you achieve your GoogleCloud Professional Cloud Network Engineer certification and, mostimportantly, will equip you with the tools and the knowledge you need tosucceed at work.

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 13 preview image

Loading page ...

AcknowledgmentsThis book is the result of the study, work, and research I accomplishedover the past two years. I could not have written this book without thehelp of family, friends, colleagues, and experts in the field of computernetworks and computer science.When my friend, former colleague, and author Tom Nelson firstintroduced me to Apress in August 2021, I had no idea I was about toembark on this wonderful journey.First and foremost, I am grateful to my wife Margie, who carefullycreated a conducive space at home so I could stay focused on this workand prepare quality content for this book (not an easy task with my twoyoung sons Joseph and Samuele eager to learn networks from their dad).The team at Apress has been phenomenal for accommodating myschedule a few times and for providing the necessary guidance in atimely manner. Thanks to Gryffin Winkler, Raymond Blum, LauraBerendson, Joan Murray, and Jill Balzano. Without your prompt andcareful assistance, this work would not have been possible.Every concept I explained in the book is the product of scientificcuriosity, theory, practice, and experience I acquired through myprofessional and academic career.I was inspired by the idea of a Virtual Private Cloud (VPC) networkintended as alogical routing domain, as clearly described by EmanueleMazza in the presentation he gave in the “VPC Deep Dive and BestPractices” session at Google Cloud Next 2018. Not only did this conceptconsolidate my understanding of VPCs—whose scope extends theboundaries of zones and regions—but it naturally helped build moreknowledge touching a significant number of exam objectives.I am also grateful to Luca Prete for his article “GCP RoutingAdventures (Vol. 1)” he posted on Medium, which helped me explain in asimple yet comprehensive way the concept of BGP (Border GatewayProtocol) routing mode, as it pertains to VPCs.The section about VPC Service Controls implementation requiredextra work due to the sophistication of this unique capability offered byGCP. The article “Google Cloud VPC-Service Controls: Lessons Learned”posted on Medium by my friend Andrea Gandolfi was instrumental inhelping me set the context and document the key features of this

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 14 preview image

Loading page ...

product. Thanks Andrea for your great article!A number of other friends and former colleagues helped me developmy knowledge on some of the objectives of the exam. These includeDaniel Schewe, Ali Ikram, Rajesh Ramamoorthy, Justin Quattlebaum,Stewart Reed, Stephen Beasey, Chris Smith, Tim DelBosco, and KapilGupta. Thanks to all of you for your constructive feedback and themethodical approach you shared during our problem solvingdiscussions.Last, I cannot express enough words of gratitude for the Late Prof.Giovanni Degli Antoni (Gianni), who guided me through my academiccareer in the University of Milan, and my beloved parents Eugenia andGiuseppe, who always supported me in my academic journey and in life.

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 15 preview image

Loading page ...

Table of ContentsChapter 1: Exam OverviewExam ContentExam Subject AreasExam FormatSupplementary Study MaterialsSign Up for a Free TierRegister for the ExamSchedule the ExamRescheduling and Cancellation PolicyExam ResultsRetake PolicySummaryChapter 2: Designing, Planning, and Prototyping a Google CloudNetworkDesigning an Overall Network ArchitectureHigh Availability, Failover, and Disaster Recovery StrategiesDNS (Domain Name System) StrategySecurity and Data Exfiltration RequirementsLoad BalancingApplying Quotas per Project and per VPCContainer NetworkingSaaS, PaaS, and IaaS ServicesDesigning Virtual Private Cloud (VPC) InstancesVPC SpecificationsSubnets

Google Cloud Platform (GCP) Professional Cloud Network Engineer Certification Companion (2023) - Page 16 preview image

Loading page ...

IP Address Management and Bring Your Own IP (BYOIP)Standalone vs. Shared VPCMultiple vs. SingleRegional vs. Multi-regionalVPC Network PeeringFirewallsCustom RoutesDesigning a Hybrid and Multi-cloud NetworkDrivers for Hybrid and Multi-cloud NetworksOverall GoalsDesigning a Hybrid and Multi-cloud StrategyDedicated Interconnect vs. Partner InterconnectDirect vs. Carrier PeeringIPsec VPNBandwidth and Constraints Provided by Hybrid ConnectivitySolutionsCloud RouterMulti-cloud and Hybrid TopologiesRegional vs. Global VPC Routing ModeFailover and Disaster Recovery StrategyAccessing Google Services/APIs Privately from On-PremisesLocationsIP Address Management Across On-Premises Locations andCloudDesigning an IP Addressing Plan for Google Kubernetes Engine(GKE)GKE VPC-Native Clusters

Preview Mode

This document has 598 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Company

Explore

Study Tools