A Private Space within Google Cloud Platform
Virtual Private Cloud (VPC) gives you the flexibility to scale and control how workloads connect regionally and globally. When you connect your on-premises or remote resources to GCP, you’ll have global access to your VPCs without needing to replicate connectivity or administrative policies in each region.
A single Google Cloud VPC can span multiple regions without communicating across the public Internet. Single connection points between VPC and on-premises resources provides global VPC access, reducing cost and complexity.
With a single VPC for an entire organization, teams can be isolated within projects, with separate billing and quotas, yet still maintain a shared private IP space and access to commonly used services such as VPN or Cloud Interconnect.
Google Cloud VPCs let you increase the IP space of any subnets without any workload shutdown or downtime. This gives you flexibility and growth options to meet your needs.
Get private access to Google services, such as storage, big data, analytics, or machine learning, without having to give your service a public IP address. Configure your application’s front end to receive Internet requests and shield your back-end services from public endpoints, all while being able to access Google Cloud services.
Use VPC flow logs for near real-time (5-second interval) logging to monitor your deployment for both performance analysis and network forensics. This allows you to keep your deployment running securely and at peak efficiency.
- VPC Network
- VPC can automatically set up your virtual topology, configuring prefix ranges for your subnets and network policies, or you can configure your own. You can also expand CIDR ranges without downtime.
- Cloud Router
- Enable dynamic Border Gateway Protocol (BGP) route updates between your VPC network and your non-Google network with our virtual router.
- Securely connect your existing network to VPC network over IPsec.
- Segment your networks with a global distributed firewall to restrict access to instances.
- VPC Peering
- Configure private communication across the same or different organizations without bandwidth bottlenecks or single points of failure.
- Shared VPC
- Configure a VPC Network to be shared across several projects in your organization. Connectivity routes and firewalls associated are managed centrally. Your developers have their own projects with separate billing and quota, while they simply connect to a shared private network, where they can communicate.
- Forward traffic from one instance to another instance within the same network, even across subnets, without requiring external IP addresses.
- VPC Flow Logs
- Flow logs capture information about the IP traffic going to and from network interfaces on Google Compute Engine. VPC flow logs help with network monitoring, forensics, real-time security analysis and expense optimization. GCP is unique for its near real-time visibility. Other cloud logs update every 10-minutes, while GCP logs update every 5-seconds.
Uses for vpc
You can build simple and complex architectures using VPC, including:
- Hosting globally distributed multi-tier applications, by creating a VPC with subnets.
- Connecting GCP-hosted or externally-hosted databases to Google’s unique machine learning services, by creating a VPC with subnets and VPN access.
- Disaster recovery with application replication. Create backup GCP compute capacity, then revert back once the incident is over.
Ingress and Egress Pricing
Egress to the same zone*
Egress to a different Google Cloud Platform service within the same region
Egress to Google products (such as YouTube, Maps, Drive)**
|Egress between zones in the same region, or regions within the US||$0.01/GB|
|Intercontinental Egress Traffic - from Japan***||0-1TB: $0.14 - $0.23/GB
1-10TB: $0.14 - $0.22/GB
10+TB: $0.12 - $0.20/GB
|Intercontinental Egress Traffic - from other regions***||0-1TB: $0.12 - $0.23/GB
1-10TB: $0.11 - $0.22/GB
10+TB: $0.08 - $0.20/GB
|Component Billed||Price (USD)|
|Per tunnel (per hour)|
|IPsec traffic||Charged the same as if it wasn't in a VPN tunnel. See General network pricing.|
|Public IP for VPN Gateway||Charged according to IP address pricing.|
IP Address Pricing
|Static IP address (assigned but unused)|
|Static IP address (assigned and in use)||No charge|
|Ephemeral IP address (attached to instance or forwarding rule)||No charge|
VPC flow log generation
|VPC flow log generation charges (tiered)|
|0 - 10 TB / month||$0.50 / GB|
|10 - 30 TB / month||$0.25 / GB|
|30 - 50 TB / month||$0.10 / GB|
|>50 TB / month||$0.05 / GB|