GCP networking : Use of NAT Router
Let’s learn GCP networking with the following problem statement :
- Create instance A in default VPC
- Create instance B in default VPC in different zone without external IP.
- In order to connect to the internet, Configure NAT.
- SSH into “instance-b” using “instance-a” and install Nginx.
Let’s create “instance-a” using following configurations :
Name : instance-a
Boot disk size and type : 10GB pd-standard
Machine type : f1-micro
Zone : us-central1-a
Network-tag : source-instance
Use the following command to create “instance-a” :
gcloud compute instances create instance-a \
— boot-disk-size=10GB \
— boot-disk-type=pd-standard \
— machine-type=f1-micro \
— zone=us-central1-a \
— tags=source-instance
Let’s create “instance-b” using following configurations :
Name : instance-b
Boot disk size and type : 10GB pd-standard
Machine type : f1-micro
Zone : us-central1-b
Network-tag : target-instance
External-IP : None
Use the following command to create “instance-b” :
gcloud compute instances create instance-b \
— boot-disk-size=10GB \
— boot-disk-type=pd-standard \
— machine-type=f1-micro \
— zone=us-central1-b \
— tags=target-instance \
— no-address
Now, Create a firewall Rule so that “instance-a” can SSH into “instance-b”. For that, use source-tag of instance-a and target-tag of instance-b and open tcp:22 and icmp ports. Use the following command to create the firewall-rule :
gcloud compute firewall-rules create firewall-rule-1 \
— source-tags=source-instance \
— allow tcp:22,icmp \
— target-tags=target-instance
For “instance-b” to access the internet, we need to create a NAT configuration using cloud-router in the same region. To create a NAT configuration in the same region (us-central1), use the following command :
gcloud compute routers create nat-router \
— network default \
— region us-central1
Now, SSH into instance-a and then try to SSH into instance-b using its internal-IP. Install nginx on instance-b using “sudo apt install nginx” command.