We will see how to create a custom network and subnets in Google Cloud and then we will look at how to create firewall rules to allow traffic into specific virtual machine or application tier.
a) So to begin we need to first go to Networking>VPC Networks
b) Then click on Create VPC Network and then enter the details as below. Make sure the Custom tab is selected for the subnet.
c) Configure all the networking parameters as below and click on Create. Here we have created a subnet for the public as 192.168.0.0/24 and a private subnet as 192.168.10.0/24 Also notice that I have created both the subnets in both the region which is us-east1
d) Once the subnets are created verify the subnets created. You may notice that the firewall rules are not created for this subnet. At this stage, no VM will communicate each other or externally.
Before we get into the firewall configuration you need to see this article to learn how to create VM instances with custom Subnet and IP Configurations.
To successfully complete multi-tier application VPC it is better that we create all the VM instance within the same zone.
e) So the first rule you will create for this VPC would be to allow the SSH traffic to specific/all IPs.
f) Go to VPC Network>Firewall Rule>Create Firewall Rules Now create an SSH allow rule as below. Once the below are configured create the firewall rule and test the SSH on the browser.
g) Successful SSH login will look like this.
h) Next, we need to create two rules to allow communication between the Private and Public tier.
i) So if you do a test between these VMs you will get a reply this way.
j) Below is an ICMP test from the external network to GCloud VPC. (Expected behavior)
k) Another test to reach the public server from the internet (Expected behavior)
You can also look at how to create a VM with custom IP Address configuration.