gcp-networking
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseGCP Networking
GCP 网络
Design and implement GCP network infrastructure.
设计并实现GCP网络基础设施。
Create VPC
创建VPC
bash
gcloud compute networks create my-vpc --subnet-mode=custom
gcloud compute networks subnets create my-subnet \
--network=my-vpc \
--region=us-central1 \
--range=10.0.0.0/24bash
gcloud compute networks create my-vpc --subnet-mode=custom
gcloud compute networks subnets create my-subnet \
--network=my-vpc \
--region=us-central1 \
--range=10.0.0.0/24Firewall Rules
防火墙规则
bash
gcloud compute firewall-rules create allow-http \
--network=my-vpc \
--allow=tcp:80,tcp:443 \
--source-ranges=0.0.0.0/0 \
--target-tags=http-server
gcloud compute firewall-rules create allow-internal \
--network=my-vpc \
--allow=tcp,udp,icmp \
--source-ranges=10.0.0.0/8bash
gcloud compute firewall-rules create allow-http \
--network=my-vpc \
--allow=tcp:80,tcp:443 \
--source-ranges=0.0.0.0/0 \
--target-tags=http-server
gcloud compute firewall-rules create allow-internal \
--network=my-vpc \
--allow=tcp,udp,icmp \
--source-ranges=10.0.0.0/8Cloud NAT
Cloud NAT
bash
gcloud compute routers create my-router \
--network=my-vpc \
--region=us-central1
gcloud compute routers nats create my-nat \
--router=my-router \
--region=us-central1 \
--nat-all-subnet-ip-ranges \
--auto-allocate-nat-external-ipsbash
gcloud compute routers create my-router \
--network=my-vpc \
--region=us-central1
gcloud compute routers nats create my-nat \
--router=my-router \
--region=us-central1 \
--nat-all-subnet-ip-ranges \
--auto-allocate-nat-external-ipsBest Practices
最佳实践
- Use Shared VPC for multi-project
- Implement Cloud Armor for DDoS
- Use Private Google Access
- Enable VPC Flow Logs
- 为多项目使用共享VPC
- 部署Cloud Armor以抵御DDoS攻击
- 使用私有Google访问
- 启用VPC流日志