Professional Cloud Network Engineer Training

2.1 Configuring VPCs. Considerations include:

• Creating Google Cloud VPC resources (e.g., networks, subnets, firewall rules or policy, private services access subnet).
• Configuring VPC Network Peering.
• Creating a Shared VPC network and sharing subnets with other projects.
• Configuring API access to Google services (e.g., Private Google Access, public interfaces).
• Expanding VPC subnet ranges after creation.

2.2 Configuring VPC routing. Considerations include:

• Setting up static and dynamic routing.
• Configuring global or regional dynamic routing.
• Implementing routing using network tags and priority.
• Implementing an internal load balancer as a next hop.
• Configuring custom route import/export over VPC Network Peering.
• Configuring Policy-based Routing.

2.3 Configuring Network Connectivity Center. Considerations include:

• Managing VPC topology (e.g., star topology, hub and spokes, mesh topology).
• Implementing Private NAT.

2.4 Configuring and maintaining Google Kubernetes Engine clusters. Considerations include:

• Creating VPC-native clusters using alias IPs.
• Setting up clusters with Shared VPC.
• Configuring private clusters and private control plane endpoints.
• Adding authorized networks for cluster control plane endpoints.
• Configuring Cloud Service Mesh.
• Enabling GKE Dataplane V2.
• Configuring source NAT (SNAT) and IP Masquerade policies.
• Creating GKE network policies.
• Configuring Pod ranges and service ranges, and deploying additional Pod ranges for GKE clusters.

2.5 Configuring and managing Cloud Next Generation Firewall (NGFW) rules. Considerations include:

• Creating the firewall rules and regional/global policies.
• Mapping target network tags, service accounts, and secure tags.
• Migrating from firewall rules to firewall policies.
• Configuring firewall rule criteria (e.g., rule priority, network protocols, ingress and egress rules).
• Configuring Firewall Rules Logging.
• Configuring hierarchical firewall policies.
• Configuring the intrusion prevention service (IPS).
• Implementing fully qualified domain name (FQDN) firewall objects.

DOWNLOAD CURRICULUM

3.1 Configuring load balancing. Considerations include:

• Configuring backend services (e.g., network endpoint groups (NEGs), managed instance groups).
• Configuring backends and backend services with the balancing method (e.g., RPS, CPU, custom), session affinity, and serving capacity.
• Configuring URL maps.
• Configuring forwarding rules.
• Defining firewall rules to allow traffic and health checks to backend services.
• Creating health checks for backend services and target instance groups.
• Configuring protocol forwarding.
• Accommodating workload increases by using autoscaling or manual scaling.
• Configuring load balancers for GKE (e.g., GKE Gateway controller, GKE Ingress controller, NEG).
• Setting up traffic management on Application Load Balancers (e.g., traffic splitting, traffic mirroring, URL rewrites).

3.2 Configuring Google Cloud Armor policies. Considerations include:

• Configuring security policies.
• Implementing web application firewall (WAF) rules (e.g., SQL injection, cross-site scripting, remote file inclusion).
• Attaching security policies to load balancer backends.
• Configuring advanced network DDoS protection.
• Configuring edge and network edge security policies.
• Configuring Adaptive Protection.
• Configuring rate limiting.
• Configuring bot management.
• Applying Google Threat Intelligence.

3.3 Configuring Cloud CDN. Considerations include:

• Setting up Cloud CDN for supported origins (e.g., managed instance groups, Cloud Storage buckets, Cloud Run).
• Setting up Cloud CDN for external backends (internet NEGs) and third-party object storage.
• Invalidating cached content.
• Configuring signed URLs.

3.4 Configuring and maintaining Cloud DNS. Considerations include:

• Managing Cloud DNS zones and records.
• Migrating to Cloud DNS.
• Enabling DNS Security Extensions (DNSSEC).
• Configuring DNS forwarding and DNS server policies.
• Integrating on-premises DNS with Google Cloud.
• Using split-horizon DNS.
• Setting up DNS peering.
• Configuring Cloud DNS and external-DNS operator for GKE.

3.5 Configuring and securing internet egress traffic. Considerations include:

• Assigning NAT IP addresses (e.g., automatic, manual).
• Configuring port allocations (e.g., static, dynamic).
• Customizing timeouts.
• Configuring organization policy constraints for Cloud NAT.
• Configuring Private NAT.
• Configuring Secure Web Proxy.

3.6 Configuring network packet inspection. Considerations include:

• Routing and inspecting inter-VPC traffic using multi-NIC VMs (e.g., next-generation firewall appliances).
• Configuring an internal load balancer as a next hop for highly available multi-NIC VM routing.
• Enabling Layer 7 packet inspection in Cloud NGFW.

DOWNLOAD CURRICULUM

4.1 Configuring Cloud Interconnect. Considerations include:

• Creating Dedicated Interconnect connections and configuring VLAN attachments.
• Creating Partner Interconnect connections and configuring VLAN attachments.
• Creating Cross-Cloud Interconnect connections and configuring VLAN attachments.
• Setting up and enabling MACsec.
• Configuring HA VPN over Cloud Interconnect.

4.2 Configuring a site-to-site IPSec VPN. Considerations include:

• Configuring HA VPN.
• Configuring Classic VPN (e.g., route-based, policy-based).

4.3 Configuring Cloud Router. Considerations include:

• Implementing Border Gateway Protocol (BGP) attributes (e.g., ASN, route priority/MED, link-local addresses, authentication).
• Configuring Bidirectional Forwarding Detection (BFD).
• Creating custom advertised routes and custom learned routes.

4.4 Configuring Network Connectivity Center. Considerations include:

• Creating hybrid spokes (e.g., VPN, Cloud Interconnect).
• Establishing site-to-site data transfer.
• Creating Router appliances (RAs).

DOWNLOAD CURRICULUM

5.1 Logging and monitoring with Google Cloud Observability. Considerations include:

• Enabling and reviewing logs for networking components (e.g., Cloud VPN, Cloud Router, VPC Service Controls, Cloud NGFW, Firewall Insights, VPC Flow Logs, Cloud DNS, Cloud NAT).
• Monitoring metrics of networking components (e.g., Cloud VPN, Cloud Interconnect and VLAN attachments, Cloud Router, load balancers, Google Cloud Armor, Cloud NAT).

5.2 Maintaining and troubleshooting connectivity issues. Considerations include:

• Draining and redirecting traffic flows with Application Load Balancers.
• Tuning and troubleshooting Cloud NGFW rules or policies.
• Managing and troubleshooting VPNs.
• Troubleshooting Cloud Router BGP peering issues.
• Troubleshooting with VPC Flow Logs, firewall logs, and Packet Mirroring.

5.3 Using Network Intelligence Center to monitor and troubleshoot common networking issues. Considerations include:

• Using Network Topology to visualize throughput and traffic flows.
• Using Connectivity Tests to diagnose route and firewall misconfigurations.
• Using Performance Dashboard to identify packet loss and latency (e.g., Google-wide, project scoped).
• Using Firewall Insights to monitor rule hit count and identify shadowed rules.
• Using Network Analyzer to identify network failures, suboptimal configurations, and utilization warnings.
•  

DOWNLOAD CURRICULUM