Computer Networking → GCP Networking

Every concept in diagrams. Zero paragraphs, 100% visual.

31 Networking Topics

16 GCP Services

100% Diagrams

1. OSI Model — 7 Layers

📚 OSI = Open Systems Interconnection

Layer 7 — Application HTTP, FTP, SMTP, DNS, SSH

Layer 6 — Presentation Encryption, Compression, Translation

Layer 5 — Session Establish, Manage, Terminate

Layer 4 — Transport TCP, UDP — Segments

Layer 3 — Network IP, ICMP, Routers — Packets

Layer 2 — Data Link MAC, Switches — Frames

Layer 1 — Physical Cables, Hubs, Signals — Bits

Mnemonic: "All People Seem To Need Data Processing"

Layer	PDU	Device
7 Application	Data	—
6 Presentation	Data	—
5 Session	Data	—
4 Transport	Segment	—
3 Network	Packet	Router
2 Data Link	Frame	Switch
1 Physical	Bits	Hub / Cable

PDU = Protocol Data Unit

2. TCP/IP Model — 4 Layers

🔗 TCP/IP Model

Application HTTP, DNS, FTP, SSH (OSI 5+6+7)

Transport TCP / UDP (OSI 4)

Internet IP, ICMP, ARP (OSI 3)

Network Access Ethernet, WiFi (OSI 1+2)

🔄 OSI ↔ TCP/IP Mapping

L7 App

↔

Application

L6 Pres

↔

Application

L5 Session

↔

Application

L4 Transport

↔

Transport

L3 Network

↔

Internet

L2 Data Link

↔

Network Access

L1 Physical

↔

Network Access

3. Network Types

📡 By Geographic Scope

PAN
~1m

LAN
~1km

MAN
~100km

WAN
Global

PANPersonal — Bluetooth, USB LANLocal — Office, Home MANMetropolitan — City-wide WANWide — Internet, Cross-country

🌐 Special Types

WLANWireless LAN (WiFi) SANStorage Area Network CANCampus Area Network VPNVirtual Private Network (over internet) VLANVirtual LAN (logical segmentation) SD-WANSoftware-Defined WAN

4. Network Topologies

🔀 Physical Topologies

⭐ Star

Central hub/switch

Bus

Single backbone

🔵 Ring

Circular data flow

🕸️ Mesh

Every node connected

🌳 Tree

Hierarchical

5. IPv4 Addressing

🏠 IPv4 Structure

192

168

100

Size32 bits (4 octets)FormatDotted decimal (x.x.x.x)Range0.0.0.0 — 255.255.255.255Total~4.3 billion addresses

📊 IPv4 Classes

Class	Range	Mask	Use
A	1–126.x.x.x	/8	Large orgs
B	128–191.x.x.x	/16	Medium orgs
C	192–223.x.x.x	/24	Small orgs
D	224–239.x.x.x	—	Multicast
E	240–255.x.x.x	—	Research

🔒 Private IP Ranges (RFC 1918)

Class	Range	CIDR
A	10.0.0.0 — 10.255.255.255	10.0.0.0/8
B	172.16.0.0 — 172.31.255.255	172.16.0.0/12
C	192.168.0.0 — 192.168.255.255	192.168.0.0/16

127.0.0.1Loopback (localhost)169.254.x.xAPIPA (no DHCP fallback)0.0.0.0Default route255.255.255.255Broadcast

🎭 Public vs Private IP

🏠 Private IP

Used inside LAN
Not routable on internet
Free, reusable
Assigned by router/DHCP

🌐 Public IP

Used on the internet
Globally unique
Assigned by ISP
Costs money

6. IPv6 Addressing

🚀 IPv6 Overview

2001

0db8

85a3

0000

8a2e

0370

7334

Size128 bits (8 groups of 16 bits)FormatHex, colon-separatedTotal340 undecillion addressesNo NATEvery device gets a public IPNo BroadcastUses Multicast insteadAuto-configSLAAC (no DHCP needed)

📝 IPv6 Address Types

Type	Prefix	Scope
Global Unicast	2000::/3	Internet
Link-Local	fe80::/10	Same link only
Unique Local	fc00::/7	Private
Multicast	ff00::/8	One-to-many
Loopback	::1	Self

7. Subnetting

✂️ Subnetting — Splitting Networks

IP = Network Part + Host Part — Subnet mask tells where to split

192.168.1.0/24

N = Network (24 bits) H = Host (8 bits)

Mask: 255.255.255.0 → Usable hosts: 2⁸ - 2 = 254

CIDR	Mask	Hosts	Usable
/24	255.255.255.0	256	254
/25	255.255.255.128	128	126
/26	255.255.255.192	64	62
/27	255.255.255.224	32	30
/28	255.255.255.240	16	14
/30	255.255.255.252	4	2
/32	255.255.255.255	1	1

Usable = Total - 2 (network + broadcast)

8. CIDR Notation

📐 CIDR = Classless Inter-Domain Routing

10.0.0.0

/16

/16 meansFirst 16 bits = network, rest = hostsWhy CIDR?Replaced wasteful classful addressingSupernettingCombine smaller networks → larger blockFormulaHosts = 2^(32 - prefix) - 2

9. MAC Address

🏷️ MAC = Media Access Control

AA:BB:CC
OUI (vendor)

DD:EE:FF
NIC (unique)

Size48 bits (6 bytes), hexLayerL2 (Data Link)ScopeLocal network onlyBurned-inSet by manufacturer (can be spoofed)ff:ff:ff:ff:ff:ffBroadcast MAC

10. Data Encapsulation

📦 How data travels down the OSI layers

Data

App Layer

↓ + TCP/UDP Header

TCP Hdr

Data

Segment

↓ + IP Header

IP Hdr
TCP Hdr
Data

Packet

↓ + MAC Header + Trailer

MAC
IP
TCP
Data
FCS

Frame

↓ Converted to

0 1 1 0 1 0 0 1 1 0 1 1 ...

Bits

11. TCP vs UDP

⚡ TCP vs UDP — Transport Layer

📦 TCP

Connection-oriented (handshake)
Reliable (ACK, retransmit)
Ordered packets
Flow + congestion control
Slower, more overhead
Use: HTTP, SSH, FTP, Email

🚀 UDP

Connectionless (fire & forget)
No delivery guarantee
No ordering
No flow control
Faster, low overhead
Use: DNS, Video, VoIP, Gaming

12. TCP 3-Way Handshake

🤝 Connection Setup

Client

SYN →

Server

Client

← SYN+ACK

Server

Client

ACK →

Server

After 3-way handshake → data transfer begins

👋 Connection Teardown (4-Way)

Client

FIN →

Server

Client

← ACK

Server

Client

← FIN

Server

Client

ACK →

Server

13. Well-Known Ports

🚪 Ports to Remember

20/21

FTP

SSH

Telnet

SMTP

DNS

67/68

DHCP

HTTP

110

POP3

143

IMAP

443

HTTPS

3306

MySQL

5432

Postgres

3389

RDP

8080

Alt HTTP

161

SNMP

6379

Redis

0–1023Well-Known (system)1024–49151Registered49152–65535Dynamic / Ephemeral

14. DNS — Domain Name System

📖 DNS Resolution Flow

google.com

→

Browser Cache

→

OS Cache

→

Recursive Resolver

→

Root (.)

→

TLD (.com)

→

Authoritative NS

→

142.250.80.46

📋 DNS Record Types

Type	Purpose	Example
A	Name → IPv4	google.com → 142.250.x.x
AAAA	Name → IPv6	google.com → 2607:f8b0:…
CNAME	Alias	www → google.com
MX	Mail server	Priority + mail host
NS	Nameserver	ns1.google.com
TXT	Text (SPF, DKIM)	Verification strings
PTR	Reverse lookup	IP → Name
SOA	Start of Authority	Zone info
SRV	Service locator	_sip._tcp.example.com

15. DHCP — Dynamic Host Configuration

🎯 DHCP DORA Process

Discover
Client broadcasts

→

Offer
Server offers IP

Request
Client requests

→

Ack
Server confirms

ProvidesIP, Subnet Mask, Gateway, DNSPortServer: 67, Client: 68LeaseIP assigned for limited time

16. ARP — Address Resolution Protocol

🔍 ARP = IP → MAC Translation

Host A

ARP Request (broadcast): Who has 192.168.1.5?

All

Host A

ARP Reply (unicast): I'm AA:BB:CC:DD:EE:FF

Host B

ARP CacheStores recent IP↔MAC mappingsRARPReverse: MAC → IP (obsolete)Gratuitous ARPAnnounce own IP (detect conflicts)ARP SpoofingAttack: fake replies → MITM

17. NAT — Network Address Translation

🔄 NAT Types

Private IP
192.168.1.10

→

NAT Router

→

Public IP
203.0.113.5

Type	How
Static NAT	1 Private → 1 Public (permanent)
Dynamic NAT	Pool of Public IPs, on demand
PAT / Overload	Many Private → 1 Public (using ports)

PAT is most common — your home router uses it!

18. Routing

🗺️ Static vs Dynamic

Static

Manually configured
No overhead
Doesn't adapt
Small networks

Dynamic

Auto-discovers routes
Adapts to changes
Uses protocols
Large networks

📡 Routing Protocols

Protocol	Type	Algorithm	Metric
RIP	IGP — Distance Vector	Bellman-Ford	Hop count (max 15)
OSPF	IGP — Link State	Dijkstra SPF	Cost (bandwidth)
EIGRP	IGP — Hybrid	DUAL	Bandwidth+delay
BGP	EGP — Path Vector	Best path	AS path, policies
IS-IS	IGP — Link State	Dijkstra	Cost

IGPInterior Gateway (within AS)EGPExterior Gateway (between AS)ASAutonomous System

19. Switching

🔀 L2 vs L3 Switch

L2 Switch

Uses MAC
MAC table
Same VLAN/subnet
Faster, simpler

L3 Switch

Uses IP
Routing table
Inter-VLAN routing
Switch + Router

HubL1 — Broadcasts to all (dumb)SwitchL2 — Forwards to specific MACRouterL3 — Forwards between networks

20. VLANs

🏷️ VLAN = Virtual LAN

VLAN 10 — Sales
PC1, PC2, PC3

VLAN 20 — Eng
PC4, PC5, PC6

PurposeLogical network segmentationAccess PortBelongs to 1 VLANTrunk PortCarries multiple VLANs (802.1Q)Native VLANUntagged traffic on trunkInter-VLANNeeds L3 switch or router-on-a-stick

21. HTTP / HTTPS

🌐 Methods & Status Codes

GET	Read
POST	Create
PUT	Update (full)
PATCH	Update (partial)
DELETE	Remove
HEAD	Headers only
OPTIONS	Supported methods

1xx	Informational
2xx	Success ✓
3xx	Redirect
4xx	Client Error
5xx	Server Error

200OK301Moved403Forbidden404Not Found500Server Error502Bad Gateway503Unavailable

🔒 HTTP vs HTTPS

HTTP

Port 80
Plain text
No encryption

HTTPS

Port 443
Encrypted (TLS)
SSL certificate

22. SSL / TLS

🔐 TLS Handshake

1. Client Hello → ciphers, TLS version

↕

2. Server Hello → cipher + certificate

↕

3. Client verifies cert → session key → encrypts

↕

4. Shared symmetric key → encrypted comms

SSLDeprecated → use TLSTLS 1.2Widely supportedTLS 1.3Latest, 1-RTT handshakemTLSBoth sides verify certs

23. VPN

🛡️ VPN Types

Device

→

🔒 Encrypted Tunnel

→

VPN Server

→

Internet

Type	Use	Protocol
Site-to-Site	Connect 2 offices	IPsec
Remote Access	User → corp network	SSL/TLS, IPsec
Client-based	App on device	OpenVPN, WireGuard

IPsecL3 — AH (auth) + ESP (encrypt)IKEKey exchange (Phase 1+2)GRETunnel (no encryption alone)WireGuardModern, fast, simple

24. Firewalls

🧱 Firewall Types

Type	Layer	How
Packet Filter	L3/L4	IP + port rules (stateless)
Stateful	L3/L4	Tracks connection state
WAF	L7	Inspects HTTP content
NGFW	L3-L7	DPI + IPS + app awareness
Proxy	L7	Intermediary for traffic

ACLAccess Control ListIngressIncoming rulesEgressOutgoing rules

25. Load Balancing

⚖️ Load Balancer

Clients

↓

⚖️ Load Balancer

Server 1

Server 2

Server 3

Algorithm	How
Round Robin	1→2→3→1→2→3
Least Connections	Least busy server
IP Hash	Same client → same server
Weighted	Powerful server gets more

L4 LBTCP/UDP (faster)L7 LBHTTP (smarter, content-based)

26. Proxy & Reverse Proxy

🔄 Forward vs Reverse

Forward Proxy

Client

→

Proxy

→

Internet

Hides client identity
Content filtering
Caching

Reverse Proxy

Client

→

Rev. Proxy

→

Servers

Hides server identity
Load balancing
SSL termination

27. CDN

🌍 Content Delivery Network

🏢 Origin Server

↙ ↓ ↘

🇺🇸 Edge

🇪🇺 Edge

🇮🇳 Edge

🇯🇵 Edge

↑ Users served from nearest edge

PoPPoint of PresenceCache HitFound at edge → fastCache MissFetch from origin → cacheTTLTime-to-Live

28. WiFi Standards

📶 802.11 Standards

Standard	Name	Freq	Speed
802.11n	WiFi 4	2.4/5 GHz	600 Mbps
802.11ac	WiFi 5	5 GHz	6.9 Gbps
802.11ax	WiFi 6/6E	2.4/5/6 GHz	9.6 Gbps

2.4 GHzLonger range, more interference5 GHzShorter range, fasterSSIDNetwork nameWPA3Latest security

29. Cast Types

📡 Unicast / Broadcast / Multicast / Anycast

Unicast
1 → 1
👤 → 👤

Broadcast
1 → ALL
👤 → 👥👥👥

Multicast
1 → group
👤 → 👥👥

Anycast
1 → nearest
👤 → 👤 (closest)

30. ICMP & Tools

📡 ICMP

pingEcho Request/Reply → test reachabilitytracerouteEach hop to destination (TTL trick)MTUMax Transmission Unit (1500 bytes)TTLHop counter, prevents loopsFragmentationSplit packets if > MTU

🔧 Network Tools

Tool	Purpose
ping	Test connectivity
traceroute	Path to dest
nslookup/dig	DNS queries
netstat/ss	Connections
tcpdump	Packet capture
wireshark	GUI analyzer
nmap	Port scanner
curl	HTTP requests

31. Network Security

🛡️ Security Fundamentals

CIA TriadConfidentiality, Integrity, AvailabilityEncryptionSymmetric (AES) / Asymmetric (RSA)HashingOne-way: MD5, SHA-256IDSDetect onlyIPSDetect + blockDDoSDistributed Denial of ServiceMITMMan-in-the-MiddleZero TrustNever trust, always verify

🔑 Auth Protocols

Protocol	Use
RADIUS	Central network auth
TACACS+	Cisco auth (separates AAA)
802.1X	Port-based access control
Kerberos	Ticket-based (AD)
LDAP	Directory services

AAA = Authentication, Authorization, Accounting

☁️ GCP Networking Concepts

Every GCP service mapped to fundamentals above

GCP 1. VPC

☁️ VPC = Your Private Network in GCP

Like: Private Network

GCP Project

└── contains ──┘

VPC Network Global resource

└── contains ──┘

Subnet us-central1

Subnet europe-west1

ScopeGlobal (not regional!)SubnetsRegionalDefault VPCAuto-created, subnets in all regionsCustom VPCYou create subnets manuallyAuto ModeAuto subnet every region (/20)Custom ModeYou choose regions + CIDR ✓Internal DNSAutomatic within VPCMTU1460 (default) or 1500

GCP 2. Subnets

🏗️ GCP Subnets

Like: Subnetting/CIDR

ScopeRegionalPrimary RangeMain CIDR for VMsSecondary RangeAlias IPs for Pods (GKE)Can ExpandYes! (can't shrink)Reserved IPs4 per subnet

VPC: my-vpc
└─ web-subnet (us-central1) → 10.0.1.0/24
└─ db-subnet (us-east1) → 10.0.2.0/24

🔢 IP Addressing in GCP

Type	Scope	Notes
Internal IP	Regional	From subnet CIDR
External IP	Reg/Global	Ephemeral or static
Alias IP	VM	Multiple IPs (GKE pods)
PGA	Subnet	Reach Google APIs privately

EphemeralChanges on stop/startStaticPersists, costs $ if unused

GCP 3. Firewall Rules

🧱 VPC Firewall Rules

Like: ACLs / Firewalls

ScopeVPC-level (global)StatefulYes! Return traffic auto-allowedDirectionIngress or EgressActionAllow or DenyPriority0–65535 (lower = higher)TargetAll VMs, tag, or service account

Default Rules (can't delete):

✅ Egress allow all	65535
❌ Ingress deny all	65535

Direction

Priority

Action

Target

Src/Dst

Proto:Port

Hierarchical Firewall Policies — Org/Folder level, evaluated BEFORE VPC rules
Order: Hierarchical → VPC Rules → Implied rules

GCP 4. Routes

🗺️ GCP Routing

Like: Routing Table

Type	Created By
System-generated	Auto: default (0.0.0.0/0) + subnet routes
Custom static	You create (CIDR → next hop)
Dynamic (BGP)	Cloud Router learns from peers

Next HopsInstance, IP, VPN, IL, LBCloud RouterManaged BGP speakerDefault0.0.0.0/0 → Internet GW

GCP 5. Cloud NAT

🔄 Cloud NAT = Managed NAT

Like: PAT/NAT

VMs
(no ext IP)

→

Cloud NAT

→

Internet

DirectionOutbound onlyScopeRegionalNo VM agentNetwork-levelAuto/ManualAuto-allocate or specify IPsUseVMs need internet without public IP

GCP 6. Cloud DNS

📖 Cloud DNS

Like: DNS Server

100% SLAHighest availabilityPublic ZoneInternet-facingPrivate ZoneWithin VPC onlyForwardingForward to on-prem DNSPeering ZoneResolve in another VPCDNSSECSupported (public)

GCP 7. Cloud Load Balancing

⚖️ GCP LB Family

Like: L4/L7 LB

Type	L	Scope	Traffic
External HTTP(S)	L7	Global	External HTTP/S
Internal HTTP(S)	L7	Regional	Internal HTTP/S
External Network	L4	Regional	External TCP/UDP
Internal TCP/UDP	L4	Regional	Internal TCP/UDP
TCP Proxy	L4	Global	External TCP
SSL Proxy	L4	Global	External SSL

① Global External IP
② Forwarding Rule
③ Target Proxy
④ URL Map
⑤ Backend Service
⑥ Health Check
⑦ Instance Group / NEG

• Anycast IP (single global)
• SSL termination
• URL-based routing
• CDN integration
• Cloud Armor (WAF)
• Auto-scaling with MIGs
• Multi-region failover

GCP 8. Cloud VPN

🔒 Cloud VPN

Like: Site-to-Site VPN

On-Prem

→

VPN GW

→

🔒 IPsec

→

Cloud VPN

→

VPC

Classic VPN

1 interface, 1 IP
Static or dynamic
99.9% SLA

HA VPN ✓

2 interfaces, 2 IPs
BGP only
99.99% SLA

GCP 9. Cloud Interconnect

🔌 Dedicated Link

Like: Leased Line

Dedicated IC

Physical to Google
10/100 Gbps per link
Colocation needed

Partner IC

Via provider
50 Mbps–50 Gbps
No colocation

When to use what?
VPN: < 3 Gbps, quick | Partner: no colocation | Dedicated: 10–100 Gbps, lowest latency

GCP 10. VPC Peering

🤝 VPC Peering

Like: Direct Link

VPC-A
Project 1

⇄

VPC-B
Project 2

Internal IPsPrivate communicationNo transitA↔B, B↔C ≠ A↔CNon-overlappingCIDRs must differCross-projectYes, even cross-orgFirewallEach VPC owns its rules

GCP 11. Shared VPC

🏢 Shared VPC

Like: Shared LAN

Host Project
Owns VPC, subnets, firewall

↙ ↓ ↘

Service A
Dev

Service B
QA

Service C
Prod

HostContains VPC — network adminsServiceDeploy into shared subnetsBenefitCentral control + project isolation

GCP 12. Private Google Access

🔐 PGA

VM
(no ext IP)

→

PGA

→

Google APIs

Enable onSubnet levelUseVMs reach GCS, BigQuery without ext IP

🔗 Private Service Access

WhatPrivate connection to managed servicesExamplesCloud SQL, Memorystore, FilestoreHowVPC Peering to Google's service networkReserved RangeYou allocate IP range for Google

GCP 13. Private Service Connect

🎯 PSC

Consumer VPC

→

PSC Endpoint

→

Producer Service

ConsumerCreates endpoint (internal IP)ProducerPublishes service attachmentvs PeeringNo CIDR overlap, more controlUseGoogle APIs, your services, 3rd party

GCP 14. Cloud Armor

🛡️ WAF + DDoS

Like: WAF

Internet

→

Armor

→

HTTP(S) LB

→

Backends

IP allow/denyBlock by IP rangeGeo-blockingBlock by countryOWASP rulesSQLi, XSS protectionRate limitingThrottle requestsAdaptiveML-based DDoS detectionWorks withExternal HTTP(S) LB only

GCP 15. Network Tiers

🏎️ Premium vs Standard

Premium ✓

Google global network
Traffic enters near user
Low latency
Global LB + CDN

Standard

Public internet (ISP)
Enters near GCP region
Higher latency
Regional LB only

GCP 16. More Services

📡 Cloud CDN

Like: CDN

Works withExternal HTTP(S) LBCacheGoogle edge PoPsOriginGCE, GCS, ExternalSigned URLsTime-limited access

🔍 Packet Mirroring

Like: SPAN

WhatCopy VM traffic for inspectionUseIDS, forensicsFull packetNot sampled

🧠 Network Intelligence Center

Connectivity TestsTest reachabilityTopologyVisualize VPCPerformanceLatency & packet lossFirewall InsightsRule usage analysis

🚦 Traffic Director

WhatService mesh control planeEnvoySidecar proxyUseMicroservice routing, mTLS

🔗 VPC Flow Logs

WhatLog flows to/from VMsEnable onSubnet levelInfoSrc/Dst IP, port, bytes, actionExportLogging, BigQuery, Pub/Sub

🌍 GCP Networking — Quick Reference

Concept	GCP Service	Scope
Private Network	VPC	Global
Subnet	VPC Subnet	Regional
Firewall	VPC Firewall Rules	Global
NAT	Cloud NAT	Regional
DNS	Cloud DNS	Global
Load Balancer	Cloud Load Balancing	Global/Regional
VPN	Cloud VPN (HA/Classic)	Regional
Dedicated Link	Cloud Interconnect	Regional
Peering	VPC Peering	Global
Multi-project	Shared VPC	Org
WAF / DDoS	Cloud Armor	Global
CDN	Cloud CDN	Global
Packet Capture	Packet Mirroring	Regional
Monitoring	Network Intelligence Center	Global
Service Mesh	Traffic Director	Global
Private API	PGA / PSC	Subnet/VPC
Flow Logging	VPC Flow Logs	Subnet