This tutorial shows you how to use Gemini for Google Cloud, an AI-powered collaborator in Google Cloud, to create and modify a Virtual Private Cloud (VPC) network. This tutorial is intended for network engineers of any experience level.
Objectives
Prompt Gemini to help you create a custom VPC network with dual-stack subnets
Prompt Gemini to explain the hybrid connectivity options in Google Cloud
Prompt Gemini to explain how DNS and IP addressing work in Google Cloud
Google Cloud products used
This tutorial uses the following Google Cloud products:
- Virtual Private Cloud. Virtual Private Cloud is a global virtual network that spans all regions. It provides networking capabilities to Compute Engine virtual machine (VM) instances, Google Kubernetes Engine (GKE) containers, and serverless workloads.
- Gemini. Gemini is an always-on collaborator in Google Cloud that offers generative AI-powered assistance to a wide range of users, including developers and data scientists. To provide an integrated assistance experience, Gemini is embedded in many Google Cloud products.
Before you begin
Create a VPC network
For the following examples, consider that you're an IT networking professional who is new to configuring networking in Google Cloud. You want to understand how to create a network with dual-stack subnets in your organization's environment.
In the Google Cloud console, you can chat with Gemini to get help. Using the Gemini pane, you enter prompts, which are questions or statements that describe the help you want, and Gemini returns responses. Gemini doesn't use your prompts or its responses as data to train its model. For more information, see How Gemini for Google Cloud uses your data.
In the Google Cloud console toolbar, click spark Open Gemini and enter the following prompt. Don't run any commands yet.
How can I use gcloud to create my first VPC network in Google Cloud?The response is similar to the following:
To create a VPC network using the gcloud CLI, follow these steps:
1. In the Google Cloud console, activate Cloud Shell.
2. Run the following command:
gcloud compute networks create NETWORK_NAME \ --subnet-mode=CUSTOMReplace NETWORK_NAME with the name of your new VPC network.
To create a subnet in your new VPC network, run the following command:
gcloud compute networks subnets create SUBNET_NAME \ --network=NETWORK_NAME \ --range=SUBNET_RANGE \ --region=REGIONReplace the following:
SUBNET_NAME: the name of your new subnet NETWORK_NAME: the name of your VPC network SUBNET_RANGE: the IP address range for your subnet, in CIDR format REGION: the region where you want to create your subnet
Repeat the previous step to create additional subnets in your VPC network.
To view your VPC network and subnets, run the following command:
gcloud compute networks describe NETWORK_NAMEReplace NETWORK_NAME with the name of your VPC network.
For more information, see the
gcloud compute networks createdocumentation.This is a good start, but you want to create a dual-stack subnet. Ask Gemini to adjust the command to ensure that the subnet is dual-stack. Don't run any commands yet.
How can I adjust the gcloud command provided to create a subnet to ensure the subnet is dual-stack?The response is similar to the following:
To create a dual-stack subnet using the gcloud CLI, you can use the following command:
gcloud compute networks subnets create SUBNET_NAME \ --network=NETWORK_NAME \ --range=SUBNET_RANGE \ --region=REGION \ --stack-type=IPV4_IPV6 \ --ipv6-access-type=EXTERNALReplace the following:
SUBNET_NAME: the name of your new subnet NETWORK_NAME: the name of your VPC network SUBNET_RANGE: the IP address range for your subnet, in CIDR format REGION: the region where you want to create your subnet
The
--stack-typeflag specifies that the subnet should be dual-stack. The--ipv6-access-typeflag specifies that the subnet should have external IPv6 access.For more information, see the
gcloud compute networks subnets createdocumentation.Now you are ready to use the gcloud CLI commands that Gemini provided. Create your first VPC network. Replace the
NETWORK_NAMEvariable:gcloud compute networks create NETWORK_NAME \ --subnet-mode=customYour VPC network is created.
Create the dual-stack subnet in that VPC network by using the command that Gemini provided. Replace the
SUBNET_NAME,NETWORK_NAME,SUBNET_RANGE, andREGIONvariables:gcloud compute networks subnets create SUBNET_NAME \ --network=NETWORK_NAME \ --range=SUBNET_RANGE \ --region=REGION \ --stack-type=IPV4_IPV6 \ --ipv6-access-type=EXTERNALA subnet is created in your VPC network.
Understand private connectivity in Google Cloud
You decide to connect the network that you created to your on-premises network. Use Gemini to help you understand what options are available:
In the Google Cloud console toolbar, click spark Open Gemini and enter the following prompt:
How can I connect a VPC network in Google Cloud to an on-premises private network?The response is similar to the following:
There are two ways to connect a VPC in Google Cloud to an on-premises private network:
- Cloud VPN uses encrypted tunnels to connect your VPC network to your on-premises network.
- Cloud Interconnect uses a physical connection to connect your VPC
network to your on-premises network.
To choose the best option for you, see Compare Cloud VPN and Cloud Interconnect.
Once you have chosen an option, follow the instructions to set up the connection.
While it's helpful to know that you can use Cloud VPN tunnels or VLAN attachments with Cloud Interconnect, you want to get a more detailed comparison from Gemini to help you make a decision. Enter the following prompt:
Which should I use, Cloud VPN or Cloud Interconnect? Please provide details supporting the use of each according to their respective strengths.The response is similar to the following:
The best choice for connecting your on-premises network to Google Cloud depends on your specific needs and requirements. Here is a comparison of Cloud VPN and Cloud Interconnect to help you make a decision.
Feature Cloud VPN Cloud Interconnect Connection type Point-to-point Dedicated Bandwidth Up to 10 Gbps Up to 100 Gbps Cost Less expensive More expensive Latency Higher Lower Reliability Less reliable More reliable Scalability Less scalable More scalable Security More secure Less secure In general, Cloud VPN is a good choice for small businesses and organizations that need a low-cost, easy-to-set-up connection to Google Cloud. Cloud Interconnect is a good choice for large businesses and organizations that need a high-bandwidth, reliable connection to Google Cloud.
Here are some additional factors to consider when making your decision:Your network requirements. If you need a high-bandwidth connection, then Cloud Interconnect is a better choice. If you only need a low-bandwidth connection, then Cloud VPN is a good option.
Your security requirements. If you need a secure connection, then Cloud VPN is a better choice. Cloud Interconnect is less secure because it uses a public network to connect your on-premises network to Google Cloud.
Your budget. Cloud VPN is less expensive than Cloud Interconnect. If you are on a tight budget, then Cloud VPN is a good option.
Once you have considered all of these factors, you can make an informed decision about which product is right for you.
Understand DNS in Google Cloud
You want your resources in Google Cloud to access your on-premises systems, so the resources will need to resolve their hostnames. To use Gemini to help you understand how DNS works in Google Cloud, take the following steps:
In the Google Cloud console toolbar, click spark Open Gemini and enter the following prompt:
How does DNS work in Google Cloud?The response is similar to the following:
Cloud DNS is a high-performance, resilient, global Domain Name System (DNS) service that publishes your domain names to the global DNS. It can be used to manage DNS records for your domain names and to route traffic to your applications and services. For example, you can use Cloud DNS to map your domain name to your website or web application's IP address. Users can then access your website or web application by typing your domain name into their web browser. Cloud DNS also supports managed DNSSEC, protecting your domains from spoofing and cache poisoning attacks.
You know that you already have primary private DNS resolution on-premises, so you want Gemini to help you understand if this is possible to integrate with Cloud DNS. Enter the following prompt:
How can I route DNS queries from Cloud DNS to my on-premises private DNS server?The response is similar to the following:
DNS forwarding is a process by which a DNS server forwards a query to another DNS server. In the case of Google Cloud DNS and potential on-premises private DNS servers, Google Cloud DNS can forward queries to on-premises private DNS servers by using a forwarding zone. A forwarding zone is a DNS zone that resolves queries by forwarding them to another DNS server. To create a forwarding zone in Google Cloud DNS, you can use the Google Cloud console or the gcloud CLI.
Here are the steps for creating a forwarding zone in Google Cloud:
1. In the Google Cloud console, go to the Create a DNS zone page.
2. For the Zone type, select Private.
3. Enter a Zone name such as
my-new-zone.4. Enter a DNS name suffix for the private zone. All records in the zone share this suffix. For example,
example.private.5. Optional: Add a description.
6. Under Options, select Forward queries to another server.
7. Select the networks to which the private zone must be visible.
8. To add the IPv4 addresses of a forwarding target, click Add item. You can add multiple IP addresses.
9. To force private routing to the forwarding target, under Private forwarding, select the Enable checkbox.
10. Click Create.
Once you have created the forwarding zone, you can test it by querying the on-premises DNS name from a Compute Engine VM instance in Google Cloud. If the query is successful, the VM instance returns the IP address of the on-premises DNS server.
Understand IP addressing in Google Cloud
Next you decide that you want to understand IP addressing in Google Cloud. To prompt Gemini to help you understand IP addressing in Google Cloud, follow these steps:
In the Google Cloud console toolbar, click spark Open Gemini and enter the following prompt:
How does IP addressing work in Google Cloud?The response is similar to the following:
IP addressing in Google Cloud is handled by a combination of static and dynamic IP addresses. Static IP addresses are assigned to specific resources, such as VMs and load balancers, and don't change. Dynamic IP addresses are assigned to resources on a temporary basis, and can change over time. Google Cloud also supports the use of private IP addresses, which are not routable on the public internet, and public IP addresses, which are routable on the public internet.
Given that your team requires both IPv4 and IPv6 support, you also want to understand if you can run a dual-stack subnet in Google Cloud, so you enter the following prompt:
Can I use IPv4 and IPv6 subnets in Google Cloud?The response is similar to the following:
Yes, you can use IPv4 and IPv6 subnets in Google Cloud. A single VPC network can contain any combination of these subnet types.
Clean up
To avoid incurring charges to your Google Cloud account for the resources that you used in this tutorial, you can delete the Google Cloud project that you created for this tutorial. Alternatively, you can delete the individual resources.
- In the Google Cloud console, go to the Manage resources page.
- In the project list, select the project that you want to delete, and then click Delete.
- In the dialog, type the project ID, and then click Shut down to delete the project.
What's next
- Read Gemini for Google Cloud overview.
- Learn about Gemini quotas and limits.
- Learn about
locations for Gemini.