1

I was trying to demonstrate VPC peering in GCP. I followed the below steps;

Setup1 :

I logged into GCP admin user account and I have created VPC in custom mode and added a subnet in the us-central region under one project. Than I have set the firewall rule to allow ssh and tcp. Than I created a VM instance in the same us-central region also selected this custom VPC and subnet in networking option. Than I tried to ssh into that VM and tried to ping from cloud shell. Both are working fine.

Setup2:

I logged into GCP user account which is added as a service account user by admin (previously used admin account). In that I created VPC in custom mode and added a subnet in the asia-east region under another project. Than I created a VM instance in the same asia-east region also selected this custom VPC and subnet in networking. Then I have set the firewall rule to allow ssh and tcp. Then I tried to ssh into that VM and tried to ping from cloud shell. Both are working fine.

Both VPC's haveDynamic routing mode set as Regional.

Than I tried to ping us-central machine from asia-east machine and also asia-east machine from us-central machine.

My expectation was, it won't work as it uses two different VPC which has subnet in two different region. So i can implement VPC peering to make it possible. But unfortunately it is working. I just tried to demonstrate VPC peering concept.

Can anyone suggest me what i missed in it?

===============================================================

UPDATE

gcloud compute networks describe  vpc1
autoCreateSubnetworks: false
creationTimestamp: '2021-09-03T04:08:24.491-07:00'
description: ''
id: '8530504402595724487'
kind: compute#network
mtu: 1460
name: my-vpc
routingConfig:
  routingMode: REGIONAL
selfLink: https://www.googleapis.com/compute/v1/projects/project-name/global/networks/my-vpc
subnetworks:
- https://www.googleapis.com/compute/v1/projects/project-name/regions/us-central1/subnetworks/my-subnet
x_gcloud_bgp_routing_mode: REGIONAL
x_gcloud_subnet_mode: CUSTOM


gcloud compute networks describe  vpc2

autoCreateSubnetworks: false
creationTimestamp: '2021-09-03T04:56:02.154-07:00'
description: ''
id: '8965341541776208829'
kind: compute#network
mtu: 1460
name: my-project2-vpc
routingConfig:
  routingMode: REGIONAL
selfLink: https://www.googleapis.com/compute/v1/projects/project-name/global/networks/my-project2-vpc
subnetworks:
- https://www.googleapis.com/compute/v1/projects/project-name/regions/asia-east1/subnetworks/asia-subnet
x_gcloud_bgp_routing_mode: REGIONAL
x_gcloud_subnet_mode: CUSTOM
Sweety
  • 307
  • 1
  • 11
  • Can you please run `gcloud compute networks describe vpc-name` on both VPC's and update your question with the details. Please remove all sensitive info from the output. – Wojtek_B Sep 07 '21 at 14:55
  • 1
    **DO NOT post images of code, data, error messages, etc.** - copy or type the text into the question. [ask] – Rob Sep 09 '21 at 15:23
  • How many network interfaces do your VM's have ? If more than 1 please provide their configuration. – Wojtek_B Sep 16 '21 at 15:10

1 Answers1

2

I finally got my head around it - I couldn't reproduce your issue because I was missing firewall rules (I assumed GCP will create them but when you're creating custom networks no rules are created by default). I had to allow SSH (TCP port 22 and ICMP protocol to be allowed) traffic manually and then everything started working as you described.

Communication between the networks is possible due to the fact, that the VM's (by default) get public IP's and are accessible for every machine connected to the internet. You didn't provide that information so I assumed that you didn't change any networking setting while creating test VM's - thus created VM's with public IP's.

But if you create the VM's with only internal IP's - they won't be able to communicate to VM's from different VPC's without VPC peering. Any communication between the networks (regardless of the region they are in) is impossible in such cases.

Wojtek_B
  • 4,245
  • 1
  • 7
  • 21