A Private Space within Google Cloud Platform
Virtual Private Cloud (VPC) gives you the flexibility to scale and control how workloads connect regionally and globally. When you connect your on-premises or remote resources to GCP, you’ll have global access to your VPCs without needing to replicate connectivity or administrative policies in each region.
A single Google Cloud VPC can span multiple regions without communicating across the public Internet. For on-premises scenarios, you can share a connection between VPC and on-premises resources with all regions in a single VPC. You don't need a connection in every region.
With a single VPC for an entire organization, teams can be isolated within projects, with separate billing and quotas, yet still maintain a shared private IP space and access to commonly used services such as VPN or Cloud Interconnect.
Google Cloud VPCs let you increase the IP space of any subnets without any workload shutdown or downtime. This gives you flexibility and growth options to meet your needs.
Get private access to Google services, such as storage, big data, analytics, or machine learning, without having to give your service a public IP address. Configure your application’s front end to receive Internet requests and shield your back-end services from public endpoints, all while being able to access Google Cloud services.
Use VPC flow logs for near real-time (5-second interval) logging to monitor your deployment for both performance analysis and network forensics. This allows you to keep your deployment running securely and at peak efficiency.
- VPC Network
- VPC can automatically set up your virtual topology, configuring prefix ranges for your subnets and network policies, or you can configure your own. You can also expand CIDR ranges without downtime.
- Cloud Router
- Enable dynamic Border Gateway Protocol (BGP) route updates between your VPC network and your non-Google network with our virtual router.
- Securely connect your existing network to VPC network over IPsec.
- Segment your networks with a global distributed firewall to restrict access to instances. Firewall Rules Logging lets you audit, verify, and analyze the effects of your firewall rules.
- VPC Peering
- Configure private communication across the same or different organizations without bandwidth bottlenecks or single points of failure.
- Shared VPC
- Configure a VPC Network to be shared across several projects in your organization. Connectivity routes and firewalls associated are managed centrally. Your developers have their own projects with separate billing and quota, while they simply connect to a shared private network, where they can communicate.
- Forward traffic from one instance to another instance within the same network, even across subnets, without requiring external IP addresses.
- VPC Flow Logs
- Flow logs capture information about the IP traffic going to and from network interfaces on Google Compute Engine. VPC flow logs help with network monitoring, forensics, real-time security analysis and expense optimization. GCP flow logs are updated every 5-seconds, providing immediate visibility.
Uses for vpc
You can build simple and complex architectures using VPC, including:
- Hosting globally distributed multi-tier applications, by creating a VPC with subnets.
- Connecting GCP-hosted or externally-hosted databases to Google’s unique machine learning services, by creating a VPC with subnets and VPN access.
- Disaster recovery with application replication. Create backup GCP compute capacity, then revert back once the incident is over.
Ingress and Egress Pricing
Egress to the same zone*
Egress to a different Google Cloud Platform service within the same region
Egress to Google products (such as YouTube, Maps, Drive)**
|Egress between zones in the same region, or regions within the US||$0.01/GB|
|Intercontinental Egress Traffic - from Japan***||0-1TB: $0.14 - $0.23/GB
1-10TB: $0.14 - $0.22/GB
10+TB: $0.12 - $0.20/GB
|Intercontinental Egress Traffic - from other regions***||0-1TB: $0.12 - $0.23/GB
1-10TB: $0.11 - $0.22/GB
10+TB: $0.08 - $0.20/GB
|Component Billed||Price (USD)|
|Per tunnel (per hour)|
Charged as if the traffic were regular egress traffic. If the Cloud VPN
tunnel connects to a gateway in GCP, egress pricing to the region containing that gateway
applies. See General network pricing.
If the Cloud VPN tunnel connects to a gateway outside of GCP, Internet egress rates apply.
|Public IP for VPN Gateway||Charged according to IP address pricing.|
IP Address Pricing
|Static IP address (assigned but unused)|
|Static IP address (assigned and in use)||No charge|
|Ephemeral IP address (attached to instance or forwarding rule)||No charge|
Network telemetry pricing
VPC network logs, including VPC flow logs and firewall rule logs, generate charges. You will be charged for VPC flow logs, but charges for firewall logs will start on February 1, 2019.
|VPC Flow Log and Firewall Log generation||Price|
|0–10 TB per month||0.50/GB|
|10–30 TB per month||0.25/GB|
|30–50 TB per month||0.10/GB|
|>50 TB per month||0.05/GB|