Create the VPC Network with subnet
Create a Bastion Host and Isolated Test VM
Allow SSH and enable all internal traffic within the VPC through firewall rules.
Reserve and store three static IP addresses.
Create the NAT Instance Templates
Create the health check with necessary firewall rule.
Create an instance group for each NAT gateway
Add default routes to your instances
Building High Availability and High Bandwidth NAT Gateways
This lab will show you how to set up multiple NAT (Network Address Translation) gateways with Equal Cost Multi-Path (ECMP) routing and autohealing enabled for a more resilient and high-bandwidth deployment.
Google Cloud uses RFC 1918 private IP addresses for virtual machines (VMs). If these VMs need access to resources on the public internet, Network Address Translation (NAT) is required. A single NAT gateway architecture is sufficient for simple scenarios. However, higher throughput or higher availability requires a more resilient architecture.
Reserve three public IPs for use by the NAT gateways.
Create Compute Engine instances and associate reserved IPs with them.
Create health checks and instance groups to enable automatic failure recovery.
Create routing rules to distribute traffic from guest VMs to NAT gateways.
Tag instances for no-IP.
Review a sample Debian config.
In instances where multiple routes have the same priority, Google Cloud uses ECMP routing to distribute traffic. For this lab you'll create several NAT gateways to receive parts of the traffic through ECMP. The NAT gateways then forward the traffic to external hosts with their public IP addresses.
The following diagram shows this configuration:
For higher resiliency, you place each gateway in a separate managed instance group with a single instance and attach a simple health check to ensure they'll automatically restart if they fail. The gateways are in separate instance groups so they'll have a static external IP attached to the instance template. In this lab you'll provision three
n1-standard-2 NAT gateways, but you can use any number or size of gateway. For example,
n1-standard-2 instances are capped at 4 Gbps of network traffic; if you need more, you might choose
Setup and Requirements
Before you click the Start Lab button
Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.
This Qwiklabs hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.
What you need
To complete this lab, you need:
- Access to a standard internet browser (Chrome browser recommended).
- Time to complete the lab.
Note: If you already have your own personal Google Cloud account or project, do not use it for this lab.
Note: If you are using a Pixelbook, open an Incognito window to run this lab.
How to start your lab and sign in to the Google Cloud Console
Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is a panel populated with the temporary credentials that you must use for this lab.
Copy the username, and then click Open Google Console. The lab spins up resources, and then opens another tab that shows the Sign in page.
Tip: Open the tabs in separate windows, side-by-side.
In the Sign in page, paste the username that you copied from the Connection Details panel. Then copy and paste the password.
Important: You must use the credentials from the Connection Details panel. Do not use your Qwiklabs credentials. If you have your own Google Cloud account, do not use it for this lab (avoids incurring charges).
Click through the subsequent pages:
- Accept the terms and conditions.
- Do not add recovery options or two-factor authentication (because this is a temporary account).
- Do not sign up for free trials.
After a few moments, the Cloud Console opens in this tab.
The Google Cloud Shell
Activate Cloud Shell
Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.
In the Cloud Console, in the top right toolbar, click the Activate Cloud Shell button.
It takes a few moments to provision and connect to the environment. When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. For example:
gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.
You can list the active account name with this command:
gcloud auth list
Credentialed accounts: - <myaccount>@<mydomain>.com (active)
Credentialed accounts: - firstname.lastname@example.org
You can list the project ID with this command:
gcloud config list project
[core] project = <project_ID>
[core] project = qwiklabs-gcp-44776a13dea667a6
이 실습의 나머지 부분과 기타 사항에 대해 알아보려면 Qwiklabs에 가입하세요.
- Google Cloud Console에 대한 임시 액세스 권한을 얻습니다.
- 초급부터 고급 수준까지 200여 개의 실습이 준비되어 있습니다.
- 자신의 학습 속도에 맞춰 학습할 수 있도록 적은 분량으로 나누어져 있습니다.