menu
arrow_back

Building High Availability and High Bandwidth NAT Gateways

—/100

Checkpoints

arrow_forward

Create the VPC Network with subnet

Create a Bastion Host and Isolated Test VM

Allow SSH and enable all internal traffic within the VPC through firewall rules.

Reserve and store three static IP addresses.

Create the NAT Instance Templates

Create the health check with necessary firewall rule.

Create an instance group for each NAT gateway

Add default routes to your instances

Building High Availability and High Bandwidth NAT Gateways

1시간 30분 크레딧 7개

GSP115

Google Cloud Self-Paced Labs

This lab will show you how to set up multiple NAT (Network Address Translation) gateways with Equal Cost Multi-Path (ECMP) routing and autohealing enabled for a more resilient and high-bandwidth deployment.

Google Cloud Platform (GCP) uses RFC 1918 private IP addresses for virtual machines (VMs). If these VMs need access to resources on the public internet, Network Address Translation (NAT) is required. A single NAT gateway architecture is sufficient for simple scenarios. However, higher throughput or higher availability requires a more resilient architecture.

Objectives

  • Reserve three public IPs for use by the NAT gateways.

  • Create Compute Engine instances and associate reserved IPs with them.

  • Create health checks and instance groups to enable automatic failure recovery.

  • Create routing rules to distribute traffic from guest VMs to NAT gateways.

  • Tag instances for no-IP.

  • Review a sample Debian config.

Gateway Configuration

In instances where multiple routes have the same priority, GCP uses ECMP routing to distribute traffic. For this lab you'll create several NAT gateways to receive parts of the traffic through ECMP. The NAT gateways then forward the traffic to external hosts with their public IP addresses.

The following diagram shows this configuration:

d50b6a4b16066da5.png

For higher resiliency, you place each gateway in a separate managed instance group with a single instance and attach a simple health check to ensure they'll automatically restart if they fail. The gateways are in separate instance groups so they'll have a static external IP attached to the instance template. In this lab you'll provision three n1-standard-2 NAT gateways, but you can use any number or size of gateway. For example, n1-standard-2 instances are capped at 4 Gbps of network traffic; if you need more, you might choose n1-standard-8s.

Setup and Requirements

Qwiklabs setup

Before you click the Start Lab button

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This Qwiklabs hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

What you need

To complete this lab, you need:

  • Access to a standard internet browser (Chrome browser recommended).
  • Time to complete the lab.

Note: If you already have your own personal Google Cloud account or project, do not use it for this lab.

Note: If you are using a Pixelbook please open an Incognito window to run this lab.

How to start your lab and sign in to the Google Cloud Console

  1. Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is a panel populated with the temporary credentials that you must use for this lab.

    Open Google Console

  2. Copy the username, and then click Open Google Console. The lab spins up resources, and then opens another tab that shows the Sign in page.

    Sign in

    Tip: Open the tabs in separate windows, side-by-side.

  3. In the Sign in page, paste the username that you copied from the Connection Details panel. Then copy and paste the password.

    Important: You must use the credentials from the Connection Details panel. Do not use your Qwiklabs credentials. If you have your own Google Cloud account, do not use it for this lab (avoids incurring charges).

  4. Click through the subsequent pages:

    • Accept the terms and conditions.
    • Do not add recovery options or two-factor authentication (because this is a temporary account).
    • Do not sign up for free trials.

After a few moments, the Cloud Console opens in this tab.

The Google Cloud Shell

Activate Google Cloud Shell

Google Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Google Cloud Shell provides command-line access to your Google Cloud resources.

  1. In the Google Cloud Console, on the top right toolbar, click the Activate Cloud Shell button.

    Cloud Shell icon

  2. Click Continue. cloudshell_continue.png

It takes a few moments to provision and connect to the environment. When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. For example:

Cloud Shell Terminal

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

You can list the active account name with this command:

gcloud auth list

Output:

Credentialed accounts:
 - <myaccount>@<mydomain>.com (active)

Example output:

Credentialed accounts:
 - google1623327_student@qwiklabs.net

You can list the project ID with this command:

gcloud config list project

Output:

[core]
project = <project_ID>

Example output:

[core]
project = qwiklabs-gcp-44776a13dea667a6

이 실습의 나머지 부분과 기타 사항에 대해 알아보려면 Qwiklabs에 가입하세요.

  • Google Cloud Console에 대한 임시 액세스 권한을 얻습니다.
  • 초급부터 고급 수준까지 200여 개의 실습이 준비되어 있습니다.
  • 자신의 학습 속도에 맞춰 학습할 수 있도록 적은 분량으로 나누어져 있습니다.
이 실습을 시작하려면 가입하세요