Google Cloud: Customize Network Topology with Sub-networks

Share At:

Networking in Google Cloud: Creating subnets in GCP | by Ketan Joshi |  Searce


In this lab, you’ll learn the Compute Engine Subnetwork model. Subnetwork allows you to create your own network topology as you would in your own on-premise datacenter, so that you can assign specific IP address ranges to groups of machines.

What you’ll learn

  • Differences between legacy network model and subnetwork.
  • Learn about regional subnetwork.
  • Setup custom subnetworks.

Legacy network ( No Longer Supported in GCP, however good to know )

Traditionally in Compute Engine, you define a single network IPv4 prefix range for all the virtual machine instances attached to that network, and that network spans all Cloud Platform regions.

Each instance within a network is assigned an IPv4 address from a global network IPv4 range. Instance IP addresses are not grouped by region or zone. One IP address might appear in one region, and its neighbor might be in a different region. Any given range of IPs can be spread across all regions, and the IP addresses of instances created within a region are not necessarily contiguous.

For example, if you have virtual machine instances in two Google Cloud regions, and different zones, each of the instance will be assigned an IP address from the global pool, like this:


Note: Legacy Networks are no longer supported in GCP.

Regional Subnetworks

You can let Google Kubernetes Engine automatically create and manage subnetworks based on region. It can automatically assign a subnetwork IP prefix range to each region in your network. The instances created in a zone in a specific region in your network get assigned an IP allocated from the regional subnetwork range. This is the default mode for any new Google Cloud projects.


You can see your current network setup two ways, from the Cloud Console, or from command line.

  1. From the Cloud Console, click on the Navigation menu icon on the top left of the screen:

2. Then navigate to VPC networks.

You will see that your project is already configured with automatic regional subnetworks, and there are different subnetworks created for each of the regions:


3. You can get the same information from the console.

In Cloud Shell, list existing networks:

gcloud compute networks list


This shows the default network with the automatic regional subnetwork mode.

4. To see the actual subnetwork ranges, run:

gcloud compute networks subnets list


5. Now, create two different virtual machines, each in a different regions:

gcloud compute instances create instance-1 --zone us-east1-b


6. Then run:

gcloud compute instances create instance-2 --zone us-central1-c


7. Run the following to check their IP addresses – they should belong to the same subnetwork range for the respective region that the zone belongs to:

gcloud compute instances list


Custom Subnetworks

Custom Subnetworks allows you to manually define subnetwork IP range for each region in your network. There can be zero, one, or several subnetwork IP ranges created per region for a network. In order to create an instance in a zone, you must have previously created at least one subnetwork in that region. At instance creation time, you will need to specify the subnetwork in the region that the instance IP should be allocated from.

  1. Create a new network topology that supports custom subnetworks:
gcloud compute networks create custom-network1 --subnet-mode custom


2. Next, create a custom subnet in the us-central1 region:

gcloud compute networks subnets create subnet-us-central-192 \
      --network custom-network1 \
      --region us-central1 \


3. Next, create a custom subnet in the europe-west1 region:

gcloud compute networks subnets create subnet-europe-west-192 \
      --network custom-network1 \
      --region europe-west1 \


4. You can then list all of your subnetworks:

gcloud compute networks subnets list


From Google Cloud Console:

5. Then you can create instances in the different subnetworks:

gcloud compute instances create instance-3 \
      --zone us-central1-a \
      --subnet subnet-us-central-192


6. And another one:

gcloud compute instances create instance-4 \
      --zone europe-west1-d \
      --subnet subnet-europe-west-192


7. List the instances:

From Google Cloud Console:

Isolating subnetworks

In the automatic regional network, all virtual machine instances within a network can communicate with each other, because it automatically created firewall rules to open communication between the different regional networks. However, custom subnetworks do not have default firewall rules, so an instance in one custom subnetwork cannot reach an instance in another custom subnetwork.

To allow inter-subnetwork communication, you’ll need to create firewall rules. We won’t have time to go through this in this lab. But you can learn more about this advanced topic in the Subnetwork documentation.

Test your Understanding

Below are multiple-choice questions to reinforce your understanding of this lab’s concepts. Answer them to the best of your abilities.All virtual machine instances within a network can communicate with each other.TrueFalseEach subnet in VPC network is associated with a zone.TrueFalse


You now know the basics of the default network topology as well as the ability to create your own network topology on Google Cloud!

What was covered

  • Differences between legacy network model and subnetwork.
  • Learn about regional subnetwork.
  • Setup custom subnetworks.

Happy Learning !!!

Share At:
0 0 votes
Article Rating
Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
13 days ago

Sou Ph.D. em ciências financeiras e atualmente estou estudando criptomoedas e seu artigo me deu uma boa ideia. Acho que sua forma de escrever é muito útil para minha tese criptomoedas, obrigado. No entanto, tenho algumas dúvidas e gostaria de saber se você pode me ajudar. Obrigado.

ouvrir compte binance
15 days ago

Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.

24 days ago

Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?

Back To Top

Contact Us